Privacy policy
(Last update: December 2020)
We are pleased about your interest in our shop under the URL https://www.a4healthandbeauty.... (hereinafter referred to as "Shop"). Below we inform you about the processing of your personal data when operating our Shop.
1. Responsibility
The “controller” under data protection law is ESM GmbH & Co. KG (referred to below as „A4COSMETICS“ or „us“), Cuvilliésstraße 14, 81679 Munich, Germany email address: onlineshop@a4cosmetics.de.
2. Contact details of the data protection officer
Our Data Protection Officer can be contacted at: datenschutz@a4cosmetics.com
3. Access to our Shop
You can visit our Shop without providing personal data. We store your access data temporarily in so-called "web server log files". These cover the following data:
• IP address
• Date and time of the retrieval of the shop
• Name and URL of the requested file
• The transferred data volume
• The notification whether the access was successful
• Browser type/version
• URL of the website visited before, and
• Name of your internet access provider.
The collection of those data is required to enable your device to access our Shop and use its functions. Unfortunately, the Shop cannot be used without the provision of your IP address.
Such data collection takes place prior to entering into a contract and for the purposes of our legitimate interests to show you the content of this Shop.
4. Cookies
4.1 Use of Cookies for convenience
When using our Shop, cookies will be generated to ensure that your visit is an enjoyable one and to enable the use of specific functions. “Cookies” are small text files which are transmitted from our web server to the browser of your terminal device and will be stored there. We have a legitimate interest in carrying out the processing for the purpose of improving our Shop and analyzing its use.
The cookies contain the following data:
Name of cookie |
Description of the cookie |
Storage Period |
|
|
requiredsession Cookies |
PHPSESSID |
These cookies are required for a trouble-free visit of the Shop, as they provide the current browser session via several page views and tabs. These cookies will be installed no matter if you agreed to the use of cookies or not as they are required for operating the website. |
End of each session |
|
Cookie-settings |
user_allowed_save_cookie |
This cookie stores your setting as to whether cookies may be used by the Shop or not. Please note that this cookie and the session cookies are mandatory for technical reasons. |
End of each session |
|
Necessary permanent Cookie |
login |
The login cookie stores the login data of your customer account in encrypted form as soon as you have checked the option "Stay logged in" when logging in. The mage cookies are necessary for keeping the shop system to provide the site, the shopping cart and the purchase. The same applies to autocomplete and section_data_ids. The aka_ cookies are set by PayPal and secure the payment process. Further information on the use of cookies by PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE |
Indefinite. For backing up the settings no automatic removal takes place. |
|
Blog section commentar & share function Cookies |
mus |
When you use the blog a share feature is activated enabling you to share content on social networks. The cookies identify the sharing user and protect others against spam. For avoiding double sending of comments additional cookies are installed when you use the comment function in the blog. |
Indefinite. For backing up the settings no automatic removal takes place. |
|
Statistic permanent Cookies |
_ga |
These cookies are provided by the feature Google Analytics (see below under Section 4.2). These cookies store information about the user behaviour. The cookies collect anonymous data about the number of visitors to the Shop, where the visitors came from and which pages of the Shop have been accessed. When you disable the Google Analytics feature on this page, the cookie _dc_gtm_UA-* will be set. |
|
|
Users who logged in:
If you provide us with your consent by clicking "Stay logged in. I can withdraw this consent at any time with future effect. The lawfulness of the cookies used up to the receipt of the revocation will not be affected thereby.” we are able to install a permanent Cookie, which recognizes you when you access our Shop and automatically associates you with your customer account.
Data transfer to the USA
Insofar as the services listed below carry out data processing in the USA, we would like to point out that the ECJ has ruled in a judgment in July 2020 that the EU-US Data Privacy Shield does not provide sufficient assurance for an adequate level of data protection in the respective company. The main reason for this ruling is that the person concerned is not entitled to any legal remedies comparable to those in the EU for the protection of his data. As a result, companies now have the EU standard contractual clauses and additional security measures in place.
IUBENDA CONSENT MANAGEMENT
To obtain and manage consent for cookies and other identifiers, we use the Iubenda Consent Management ("Iubenda") service provided by iubenda s.r.l., Via Torino 2, 20123 Milan, Italy.
By controlling the traffic of the services belonging to the identifiers and cookies, Iubenda prevents automated content loading operations (e.g. loading videos or social media content) from being carried out without the user's consent. A code from Iubenda is integrated into our website, a so-called script, which stores your interactions, e.g. consent to the use of cookies.
The following information is automatically collected;
- IP address,
- timestamp
- Personal ID
- Information about your web browser
This data is stored on a server of Iubenda in the EU as part of an order processing. Furthermore, this data is stored at A4 COSMETICS to provide proof of your consent.
Cookies and other identifiers are files that are stored on the user's device and, according to the purpose descriptions, help the provider to provide the service.
Some of the purposes for which identifiers are used require the consent of the user. If consent is given, it can be freely withdraw at any time in accordance with the procedure described in this document.
OPERATIONS NECESSARY TO OPERATE THIS WEBSITE AND PROVIDE THE SERVICE
Cookies or other identifiers are used through this website to enable operations necessary for the operation and delivery of the service. Therefore, user consent is not required. Users can opt out of these identifiers by changing their browser or device settings as described in this document. However, this could impact basic functionality and affect the availability of the service.
SPAM PROTECTION
This type of service analyses traffic passing through this website that may contain personal data of users in order to filter out parts of the data traffic, messages and content that are considered SPAM.
GOOGLE RECAPTCHA (GOOGLE IRELAND LIMITED).
Google reCAPTCHA is a SPAM protection service provided by Google Ireland Limited.
The use of reCAPTCHA is subject to Google's privacy policy and terms of use.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy. EU standard contractual clauses + security procedures.
DATA TRAFFIC OPTIMIZATION AND DISTRIBUTION
This type of service allows this website to distribute its content through servers located in different countries and optimise its performance.
The personal data processed will depend on the characteristics and the way in which the services are carried out, the function of which is to filter the communications taking place through this website and the user's browser.
CLOUDFLARE (CLOUDFLARE INC.).
Cloudflare is a data traffic optimisation and distribution service provided by Cloudflare Inc.
Due to the way Cloudflare's features are integrated, the service filters all traffic taking place through this website, i.e. the communication taking place through this website and the user's browser, while also enabling the collection of analytical data that this website contains.
Personal data processed: Cookie and various types of data as described in the privacy policy of the service.
Processing location: USA - Privacy Policy EU Standard Contractual Clauses + Security Measures.
OTHER OPERATIONS
SIMPLE INTERACTIONS & FUNCTIONALITIES
This website uses cookies or other identifiers to enable simple interactions and operations that give users access to certain features of the service and facilitate communication with the provider.
INTERACTION WITH LIVE CHAT PLATFORMS
This type of service allows users to interact with third-party live chat platforms directly through this website in order to contact or be contacted by the support team responsible for this website.
If a service is installed, it may collect navigation and usage data on the pages where it is installed even if users are not actively using the service. It may also log live chat conversations.
FACEBOOK MESSENGER CUSTOMER CHAT (FACEBOOK, Ireland Limited).
Facebook Messenger Customer Chat is a service for interacting with the Facebook Messenger live chat platform provided by Facebook Ireland Limited.
Personal data processed: Cookie, Usage Data and Data transferred during the use of the service.
Processing location: Ireland/USA - Privacy Policy.EU standard contractual clauses + security measures.
IMPROVED USER EXPERIENCE
This website uses cookies or other identifiers to provide users with enhanced ways to manage their preferences and features to interact with external networks and platforms.
DISPLAY OF CONTENT FROM EXTERNAL PLATFORMS
This type of service allows users to view and interact with content hosted on external platforms directly through this website.
This type of service may still collect web traffic data for the pages where the service is installed, even if users do not use it.
YOUTUBE VIDEO WIDGET (GOOGLE IRELAND LIMITED).
YouTube is a video content visualisation service provided by Google Ireland Limited that allows this website to embed related content on its pages.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy. EU standard contractual clauses + security measures.
GOOGLE MAPS WIDGET (GOOGLE IRELAND LIMITED)
Google Maps is a map visualisation service provided by Google Ireland Limited, which allows this website to embed relevant content on its pages.
We and Google are jointly responsible for data processing and have concluded a Joint Control Agreement stipulated by Google, which you can view at the link https://privacy.google.com/intl/de/businesses/mapscontrollerterms/. This agreement does not provide for any individual responsibility. In summary, this does not provide for any individual responsibilities; in particular, you can assert your data subject rights against both Google and us. The additional terms of use for Google Maps and Google Earth (https://www.google.com/intl/de_US/help/terms_maps.html) apply.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy. EU standard contractual clauses + security measures.
INTERACTION WITH EXTERNAL SOCIAL NETWORKS AND PLATFORMS.
These types of services allow interaction with social networks or other external platforms directly through this website.
The interaction, as well as the information collected through this website, is always subject to the privacy settings made by the users for the respective social network.
This type of service may continue to collect web traffic data for the sites where the service is installed, even if users do not use it.
It is recommended to log out of the respective services to ensure that the processed data about this website is not linked to the user's profile.
"LIKE" BUTTON AND SOCIAL WIDGETS FOR FACEBOOK (FACEBOOK Ireland Limited.).
The "Like" button and social widgets for Facebook are services for interacting with the Facebook social network provided by Facebook Ireland Limited.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy. EU standard contractual clauses + security measures.
BUTTON AND WIDGETS FOR PAYPAL (PAYPAL)
Button and Widgets for PayPal are services for interacting with the PayPal network provided by PayPal Inc.
Personal data processed: Cookie and usage data.
Processing location: See the PayPal Privacy Statement/ USA - Privacy Policy. EU Standard Contractual Clauses + Security Measures
COMMENT FUNCTION
Comment services allow users to write and publish comments on the content this website contains.
Depending on the provider's settings, users may also leave anonymous comments. If users have also provided their e-mail address with their personal data, this may be used to notify users of comments on the same content. Users are responsible for the content of their comments.
If a third party commenting service is installed, the third party may collect traffic data for the pages on which the commenting service is installed even if the user does not use the commenting service.
FACEBOOK COMMENTS (FACEBOOK Ireland Limited)
Facebook Comments is a commenting service provided by Facebook Ireland Limited that allows users to post and publish comments on the Facebook platform.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy. EU standard contractual clauses + security measures.
EVALUATION
This website uses cookies or other identifiers to measure online traffic and analyse user behaviour in order to improve the service.
ANALYTICS
The services listed in this section allow us to monitor and analyse traffic and track user behaviour.
FACEBOOK ADS CONVERSION TRACKING (FACEBOOK PIXEL) (FACEBOOK Ireland Limited).
Facebook Ads conversion tracking (Facebook Pixel) is an analytics service provided by Facebook Ireland Limited that links data from the Facebook advertising network to actions taken through this website. The Facebook Pixel tracks conversions attributable to ads on Facebook, Instagram and the Audience Network. We have selected the "default" setting on Facebook, ensuring that only user behaviour, and no other data, is collected.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy. EU standard contractual clauses + security measures.
GOOGLE ANALYTICS FEATURES FOR ADVERTISING REPORTS (GOOGLE IRELAND LIMITED).
Google Analytics on this application (this website) enables advertising reporting features that collect additional information from the DoubleClick cookie (web activity) and device advertising IDs (app activity). It allows the owner to analyse specific behavioural and interest data (traffic data and user ad interaction data) and, if enabled, demographic data (age and gender information). There is a joint responsibility of Google and us for the data collection, a corresponding agreement specified by Google has been concluded. In summary, this does not provide for any individual responsibilities; in particular, you can assert your data subject rights both against Google and against us.
Users can refuse Google's use of cookies by accessing Google's ad settings.
Personal data processed: Cookie, Unique Device Identifier for advertising (Google Advertising ID or IDFA, for example) and various types of data as described in the service's privacy policy.
Processing location: Ireland/USA - Privacy Policy - Opt Out. EU standard contractual clauses + security measures.
GOOGLE ADS CONVERSION TRACKING (GOOGLE IRELAND LIMITED).
Ads conversion tracking is an analytics service provided by Google Ireland Limited that links data from the Google Ads advertising network to actions taken through this website.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy. EU standard contractual clauses + security measures.
GOOGLE ANALYTICS (GOOGLE IRELAND LIMITED).
Google Analytics is a web analytics service provided by Google Ireland Limited ("Google"). Google uses the data collected to track and study how this website is used, report on its activity and share it with other Google services.
Google may use the data it collects to contextualise and personalise the ads served by its own advertising network. There is joint responsibility between Google and us for the data collection, a corresponding agreement specified by Google has been concluded. In summary, this does not provide for any individual responsibilities; in particular, you can assert your data subject rights both against Google and against us.
To ensure anonymised collection of IP addresses, the source code of Google Analytics has been extended to include the code "_anonymizeIp", so that IP addresses are only processed in abbreviated form to exclude the possibility of personal references.
Processed personal data: Cookie and usage data.
Processing location: Ireland/USA - Privacy policy - Opt Out. EU standard contractual clauses + security measures.
GOOGLE ANALYTICS: PERFORMANCE REPORTING BY DEMOGRAPHICS AND INTERESTS (GOOGLE IRELAND LIMITED)
Google Analytics: Performance Reports by Demographics and Interests is a Google advertising reporting feature that provides demographic and interest data within Google Analytics for this website (demographics means age and gender data).
Users can opt-out of Google's use of cookies by accessing Google's ad settings.
Personal Data Processed: Cookie and Unique Device Identifier for advertising (Google Advertising ID or IDFA, for example).
Processing location: Ireland/USA - Privacy Policy - Opt Out. EU standard contractual clauses + security measures.
ANONYMISED ANALYTICS SERVICES
The third party services listed in this section allow the Provider to perform anonymised third party analytics through the use of cookies or other identifiers.
HEAT MAPPING AND SESSION RECORDING.
Heat mapping services display the areas of a page where the mouse is most frequently moved or clicked. In this way, the main points of interest can be identified. These services can be used to monitor and analyse website traffic and track user behaviour.
Some of these services can record user sessions and visually replay them later.
HOTJAR HEAT MAPS & RECORDINGS (HOTJAR LTD).
Hotjar is a session recording and heat mapping service provided by Hotjar Ltd.
Hotjar takes into account generic non-tracking headers ("Do Not Track"). This means that the browser can prohibit the Hotjar script from collecting data from the user. This setting is available in all major browsers. Hotjar's opt-out information can be found here.
Personal data processed: Cookie, usage data and various types of data as described in the service's privacy policy.
Processing location: Malta - Privacy Policy - Opt Out.
TARGETING & ADVERTISING
This website uses cookies or other identifiers to provide behavioural personalised advertising content and to manage, display and track advertisements.
REMARKETING AND BEHAVIOURAL TARGETING
This type of service allows this website and its partners to analyse how this website has been used in previous sessions by the user in order to target, optimise and deliver advertising.
This activity is done by tracking usage data and using cookies - information that is sent to partners responsible for remarketing and behavioural targeting campaigns.
Some services offer a remarketing option based on email address lists.
In addition to any opt-out that may be offered by any of the services below, users may opt-out of a third party provider's use of cookies for certain remarketing features by visiting the Network Advertising Initiative opt-out page.
Users may also opt-out of certain advertising features through appropriate device settings, such as device advertising settings for mobile phones or advertising settings in general.
FACEBOOK REMARKETING (FACEBOOK Ireland Limited).
Facebook Remarketing is a remarketing and behavioural targeting service provided by Facebook Ireland Limited that connects activity taking place through this website to the Facebook advertising network.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy - Opt Out. EU standard contractual clauses + security measures.
REMARKETING WITH GOOGLE ANALYTICS (GOOGLE IRELAND LIMITED).
Remarketing with Google Analytics is a remarketing and behavioural targeting service provided by Google Ireland Limited that combines the tracking activities of Google Analytics and its cookies with the Google Ads advertising network and the "DoubleClick" cookie.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy - Opt Out. EU standard contractual clauses + security measures.
FACEBOOK CUSTOM AUDIENCE (FACEBOOK Ireland Limited).
Facebook Custom Audience is a remarketing and behavioural targeting service provided by Facebook Ireland Limited that connects activity from this website to the Facebook advertising network.
Users can opt-out of Facebook's use of cookies to personalise ads by visiting this opt-out page.
Personal data processed: Cookie and email.
Processing location: USA/Ireland - Privacy Policy - Opt Out. EU standard contractual clauses + security measures.
GOOGLE SIGNALS (GOOGLE IRELAND LIMITED).
This website uses Google Signals, a feature of Google Analytics that links the visit information it collects about this website with Google information from accounts of logged-in Google Account users who have consented to this link for the purposes of ad personalisation. This Google information may include the user's location, search history, YouTube history and data from websites that partner with Google - and is used to provide aggregated and anonymised insights into users' behaviour across devices.
If a user is subject to the context described, they can access and/or delete this data via Google's "My Activities".
Personal data processed: Cookie and usage data.
Processing Location: Ireland/USA - Privacy Policy - Opt Out EU Standard Contractual Clauses + Security Measures.
GOOGLE ADS REMARKETING (GOOGLE IRELAND LIMITED)
Google Ads Remarketing is a remarketing and behavioural targeting service provided by Google Ireland Limited that links activity from this website to the Google Ads advertising network and the DoubleClick cookie.
Users can opt out of Google's use of cookies by accessing Google's Ads settings.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy - Opt Out. EU standard contractual clauses + security measures.
ADVERTISING
This type of service allows the use of user data for advertising purposes. Promotional messages are displayed in the form of banners and other advertisements through this website and may be adjusted based on behaviour. This does not mean that all personal data will be used for this purpose. Further information and terms of use are set out below.
Some of the services listed below may use cookies or other identifiers to identify users or use so-called behavioural retargeting. This method can also be used to identify the interests and surfing behaviour of users that do not take place via this website, in order to specifically tailor advertisements to them. For more information, please refer to the privacy statements of the respective services.
In addition to any opt-out options offered by each of the services listed below, users may opt-out via the Network Advertising Initiative opt-out page.
Users may also opt-out of certain advertising features through appropriate device settings, such as device advertising settings for mobile phones or advertising settings in general.
GOOGLE ADSENSE (GOOGLE IRELAND LIMITED).
Google AdSense is an advertising service provided by Google Ireland Limited. This service uses the "DoubleClick" cookie to track how this website is used and how users respond to advertisements and products and services offered.
Users can choose to disable all DoubleClick cookies by visiting this page: Advertising Preferences.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy - Opt Out. EU standard contractual clauses + security measures.
GOOGLE AD MANAGER (GOOGLE IRELAND LIMITED).
Google Ad Manager is an advertising service provided by Google Ireland Limited that allows the owner to run advertising campaigns in conjunction with third-party advertising networks. The owner does not have any direct relationship with the third parties in this process unless otherwise specified in this document.
To refuse tracking from various advertising networks, users can make use of Youronlinechoices. To learn more about Google's data use, please refer to Google's partner policy.
This service uses the "DoubleClick" cookie to track how this website is used and how users respond to advertisements and products and services offered.
Users can choose to disable all DoubleClick cookies by visiting this page: Advertising Preferences.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy. EU standard contractual clauses + security measures...
FACEBOOK AUDIENCE NETWORK (FACEBOOK Ireland Limited).
Facebook Audience Network is an advertising service provided by Facebook Ireland Limited. For more information on Facebook's use of data, please see Facebook's Data Policy.
This website uses mobile device identifiers (including Android Advertising ID or Advertising Identifier for iOS) and cookie-like technologies to run the Facebook Audience Network service. One of the display options for Audience Network ads is through the user's advertising preferences. Users can set this under Facebook's ad settings.
Users can opt out of certain Audience Network targeting through the appropriate device settings, such as through the device's advertising settings on mobile phones or by following the instructions in other sections of this Cookie Policy regarding Audience Network, where applicable.
Personal Data Processed: Cookie, Unique Device Identifier for Advertising (Google Advertising ID or IDFA, for example) and Usage Data.
Processing location: Ireland/USA - Privacy Policy - Opt Out. EU standard contractual clauses + security measures.
FACEBOOK LOOKALIKE AUDIENCE (FACEBOOK Ireland Limited).
Facebook Lookalike Audience is an advertising and behavioural targeting service provided by Facebook Ireland Limited that uses data collected by Facebook Custom Audience to serve ads to users with similar behaviour who are already on a Custom Audience list, based on their previous use of this application (this website) or interaction with relevant content across Facebook applications and services.
Based on this data, personalised ads are displayed to users suggested by Facebook Lookalike Audience.
Users can opt-out of Facebook's use of cookies to personalise ads by visiting this opt-out page.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy - Opt Out. EU standard contractual clauses + security measures.
GOOGLE ADS SIMILAR AUDIENCES (GOOGLE IRELAND LIMITED).
Google Ads Similar Audiences is an advertising and behavioural targeting service provided by Google Ireland Limited that uses data from Google Ads Remarketing to serve ads to users with similar behaviour who are already on the remarketing list based on their previous use of this website.
Based on this data, personalised ads are displayed to users suggested by Google Ads similar audiences.
Users who do not wish to be included in Google Ads similar audiences can opt-out and disable the use of advertising cookies: Google Ads Settings.
Personal data processed: Cookie and usage data.
Processing location: Ireland/USA - Privacy Policy - Opt Out. EU standard contractual clauses + security measures.
GRANTING AND WITHDRAWING CONSENT
Users may give and withdraw consent to the use of cookies and other identifiers by making appropriate settings in the cookie notice or by adjusting the settings via the relevant privacy settings widget, if available.
In addition, users can manage corresponding settings for identifiers directly from their own device settings and - for example - prevent the storage of third-party identifiers. It is also possible to delete previously stored identifiers, including those used to store the user's original consent, via appropriate browser or device functions. The user can find, for example, information on how to manage identifiers in the most commonly used browsers at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet Explorer.
With regard to all identifiers used by third parties, users can manage their settings and withdraw their consent by using the relevant opt-out link (if available), using the means indicated in the third party's privacy policy or contacting the third party.
In addition, users are advised that they may follow the guidance of YourOnlineChoices (EU), the Network Advertising Initiative (US) and the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar services. Such initiatives allow users to set their tracking preferences for almost all advertising tools. A4 COSMETICS therefore recommends that users make use of this tool in addition to the information provided in this document.
DEFINITIONS AND LEGAL NOTICES
PERSONAL INFORMATION (OR DATA) FOR THE PURPOSES OF THIS COOKIE POLICY
Any information by which, directly or in combination with other information, the identity of a natural person is or may be determined.
USAGE DATA
Information that this website (or third party services that this website uses) automatically collects, such as: the IP addresses or domain names of the computers of users who use this website, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used to send the request to the server, the size of the response file received, the numerical code indicating the status of the server response (successful result, error, etc.), the country of origin, the type of file received, the number code indicating the status of the server's response (successful result, error, etc.), the type of file received, the type of file requested and the type of file requested. ), the country of origin, the functions of the browser and operating system used by the user, the various time data per call (e.g. how much time was spent on each page of the application) and information about the path followed within an application, in particular the order of the pages visited, as well as other information about the operating system of the device and/or the IT environment of the user.
USE DATA
Information that this website (or third party services that this website uses) automatically collects, such as: the IP addresses or domain names of the computers of users who use this website, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used to send the request to the server, the size of the response file received, the numerical code indicating the status of the server response (successful result, error, etc.), the country of origin, the features of the browser and operating system used by the user, the various time stamps per request (e.g. how much time was spent on each page of the application) and the time spent on each page of the application. ), the country of origin, the functions of the browser and operating system used by the user, the various time data per call (e.g. how much time was spent on each page of the application) and information about the path followed within an application, in particular the order of the pages visited, as well as other information about the operating system of the device and/or the IT environment of the user.
USER
The person using this website who, unless otherwise specified, is the same as the data subject.
AFFECTED
The natural person to whom the personal data relates.
PROCESSOR (OR DATA PROCESSOR).
Natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller as described in this Privacy Policy.
CONTROLLER (OR PROVIDER, SOMETIMES ALSO OWNER).
The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data and the means used for that purpose, including the security measures relating to the operation and use of this website. Unless otherwise specified, the controller is the natural or legal person through whom this website is offered.
THIS WEBSITE (OR APPLICATION)
The hardware or software tool used to collect and process the user's personal data.
SERVICE
The service offered through this website as described in the relevant terms of use (if any) and on this page/application.
EUROPEAN UNION (OR EU).
Unless otherwise stated, all references in this document to the European Union are to all current Member States of the European Union and the European Economic Area (EEA).
COOKIE
Cookies are identifiers consisting of a small record stored in the user's browser.
IDENTIFIER
Any technology, including cookies, that enables the storage of information or access to previously stored information on the user's device.
END OF THE COOKIE_POLICY
5. INTEGRATION OF THE Trusted Shops Trust Badge
For displaying the quality label for Trusted Shops and possibly collected ratings and for offering Trusted Shops products for buyers after placing their order on this website a Trusted Shops Trust Badge is included on this website.
This measure safeguards our interests of optimal marketing, which prevails other interests and enables a secure purchase according to Art. 6 para. 1 s. 1 lit f GDPR. The Trust Badge and the marketed services are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. Within a data processing by order, the Trust Badge will be made available by a CDN service provider (Content Delivery Network). Trusted Shops GmbH also engages service providers from the USA. However, an adequate data protection level is ensured in that respect. You can find further information on the protection of data by Trusted Shops GmbH in its data protection policy.
When clicking on the Trust Badge, the webserver automatically tracks so-called server logfiles, including your IP address, date and time of your access, transferred amount of data, the provider who started the request (access data) and tracking the access. Individual access data will be stored in a security data bank for analyzing conspicuities with respect to security. The log files will be automatically deleted within 90 days after they have been collected.
Further personal data will be transferred to Trusted Shops GmbH in case you decide to use the Trusted Shops products after placing your order or you have already subscribed for its usage. The contractual agreement between you and Trusted Shops will apply. For this purpose, personal data will automatically be collected from your order data. If you have already subscribed as buyer for the use of products your hashed email address via cryptologic one-way function will be checked by using a neutral parameter. Before transfer, your email address will be converted in a hash data which cannot be decoded by Trusted Shops. This parameter will automatically be deleted after checking a match.
This procedure is required to comply with our prevailing legitimate interests and those of Trusted Shops, which includes the protection of buyers with respect to the concrete order and providing the transactional rating services pursuant to Art. 6 para. 1 s. 1 lit f) GDPR. For further details including your right of withdrawal please check the data protection policy linked within the Trust Badge and above in this Section.
6. Customer Account
On our Shop, you can set up a customer account.
When creating a customer account, you will be asked to enter your first name, last name, e-mail address and a password. E-mail address and password serve as your access data, which we cross-check with the inputs you provide when logging into your customer account. We use your surname and first name to identify you as our contractual partner. Hence, the purposes of this data processing are pre-contractual measures and fulfillment of the contract.
We use your access data (e-mail address and password), which you enter in order to access your customer account, to verify the information you provided when setting up your customer account. This also promotes the purpose of fulfilling the contract. To complete the registration process, we will provide you with an e-mail with a link. Your registration will not be completed before you click on the link. If you do not click on the link for more than 14 days, your registration data will be deleted unless you are registered as a guest with an order in our system.
Setting up a customer account is voluntary. You can place orders as a guest at any time, even without a customer account. In this case, however, you cannot log into our customer account area and you will need to re-enter your personal data if you make an additional order at a later stage.
After having set up a customer account, you can access and edit your personal data and your address book. If you enter names and addresses of third parties (e.g. in the address book or as shipping address), we assume that you are authorized to do so, and you gained the prior consent of the affected individuals.
You can terminate your customer account at any time with short notice. We reserve the right to terminate your account with one month's notice to the end of the month if you did not log into your account for five years or more. In this case, also your data will be deleted right away or after expiration of statutory safekeeping periods.
7. Ordering goods
o Order process
The data (including but not limited to name and address) provided in your order are required for pre-contractual purposes and for the fulfilment of the contract. Without such data, no contract can be entered into. We will ask you for your phone number based on our legitimate interest to contact you by telephone in case of questions regarding your orders. If you do not provide us with your telephone number, we will not be able to ask you any questions about orders. The data provided by you (name, address, telephone number and e-mail address) will be stored electronically and used to carry out your order, which means processing your payment processing and delivering your goods. We use the e-mail address you provide to confirm receipt and acceptance of your order and verify that the e-mail address you provided actually belongs to you. By this means, we take pre-contractual measures. If you do not provide us with your email address, we will not be able to inform you of the status of the order and verify that the email address is yours.
o Vouchers
By the order process described above you are also able to buy a voucher with a specific amount. You will then receive a voucher code you can forward to a third party or use it yourself. The voucher code only tells us the amount of the voucher. It does not include any further data, including personal data.
o Payment Methods
All payment methods listed in this section will be provided by the service “Shopify Payments” offered by Stripe Payments Europe, Ltd, C/O A&L Goodbody, Ifsc, North Wall Quay, Dublin 1. Ireland. Further information can be found here: https://www.shopify.de/legal/terms-payments-de
We therefore entered into a data processing agreement by order with Stripe which can be accessed here: https://www.shopify.ca/legal/dpa?shpxid=7511f1dc-259E-4057-C237-730A6ECF3044 For Stripe’s data privacy policy, please click here: https://www.shopify.com/legal/privacy
Currently, you can choose between the following payment methods:
• PAYONE (Purchase on account).
• Credit card.
• PayPal
• SOFORT Ueberweisung.
• Google Pay,
• Amazon Pay and
• Apple Pay (only visible to users of Apple devices).
When choosing the payment option "purchase on account" the amount of your invoice, order number and date of birth will be collected and processed by PAYONE GmbH, Lyoner Str. 9, 60528 Frankfurt on the Main, Germany (hereinafter referred to as "PAYONE"). PAYONE is a payment service provider who initiates your payment for the goods you ordered. With the goods or by e-mail you will receive an invoice from PAYONE. PAYONE will then forward this payment to A4Cosmetics.
The payment method “credit card” will be offered by “Shopify Payments” from Stripe. Please insert your credit card data (name, number, expiration data, CV-Code).
If you would like to use PayPal for your payment, the amount to be paid will be transferred to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"), after which your log-in data will be collected by PayPal. The data processing takes place according to your own contractual user relationship with Paypal. Except for the information on your successful payment we do not receive any of your payment data.
SOFORT GmbH, a company belonging to the Klarna Group, resident at Theresienhoehe 12, 80339 Munich, Germany offers the payment method “SOFORT Ueberweisung” to you. To proceed your payment, SOFORT GmbH collects the following personal data: name, IBAN, reference, amount and date.
The payment methods Google, Amazon and Apple Pay are offered by the respective services and assume that you have registered for them. In this respect, your information about the order will be forwarded to the payment provider and the payment provider will then arrange the transfer to us with the payment data stored in your user account. In this respect, we do not collect any payment data ourselves, with the exception of the payment method you have chosen.
We process your data based on the payment method and with the payment provider you selected to initiate the payment of goods to process the payment and our economic interest in outsourcing processes that are not part of our main business. If you do not want to provide the information requested for that payment method, that payment method will not be available and you will need to choose an alternative payment method.
Further details on data protection can be found on the following websites:
• PAYONE:
https://www.payone.com/dsgvo/
https://www.paypal.com/UK/webapps/mpp/ua/privacy-full)
• PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
• SOFORT Ueberweisung:
https://www.klarna.com/sofort/privacy-policy/
8. Sending newsletters / Sweepstakes
On our Shop, you can subscribe for our e-mail newsletter.
When subscribing for our newsletter you make the following agreement:
"I agree that ESM GmbH & Co. KG, Munich, regularly (maximum 2 times per month) informs me by e-mail about current offers and interesting facts about A4 Cosmetics. I can withdraw this consent at any time with effect for the future. The lawfulness of the newsletters sent up to the receipt of the revocation will not be affected thereby."
You can unsubscribe from the newsletter by using the unsubscribe option provided in the newsletter or simply by notifying us, e.g. by sending an e-mail to onlineshop@a4cosmetics.de . You cannot use this service without providing your e-mail address for the newsletter.
Sweepstakes
On occasional basis, A4Cosmetics hosts sweepstakes through the Shop or social media.
A4Cosmetics will store and subsequently delete the personal data provided for the purpose and duration of the execution and processing of the competition, unless there are any statutory retention obligations. In the latter case, the data will be blocked for any other use. When registering for the competition, the mandatory data must be indicated accordingly. If the registration for or participation in the competition is made by using social media, the data may be stored with the operator of the social media due to your user agreement with him.
9. Online Advice and Order by Phone
If need be and at your request, we can advise you on our products by phone. For this service we are available under the phone number 089-33035656. This conversation will not be recorded, even if you place an order. During the consultation, we take notes recording the information relevant to the order only and, if not already available, take the necessary information, such as your name, address and/or e-mail address. At your request, we will put together an offer on skin care products and forward it to you. This is made for pre-contractual purposes in accordance with Article 6 (1) p. 1 lit. b) GDPR. If you place an order immediately, the data is collected for contractual purposes (Art. 6 sec. 1 p. 1 lit. b) GDPR).
10. Using the contact form and our customer support number
By this Link https://www.a4healthandbeauty.de/pages/contact you can ask us questions about products or other topics. You will need to provide us with your name, email address and message. You can also use our service hotline. The purpose for providing your data varies based on your request and your status as an interested party or customer. It can be fulfilling an agreement or providing pre-contractual measures. We cannot answer your request without the requested information. If you do not provide voluntary details, this will be without any consequences. If you forward us optional details, we will use it to contact you.
11. Statutory and contractual duties to provide data
The provision of your data as described in this data privacy policy is neither contractually required nor prescribed by law.
12. Disclosure of your data, including hosting services for this Shop
We will only disclose your data to third parties if we are entitled or obliged to do so by applicable law.
We are authorized to do so if you give us consent or third parties who process data on our behalf: If we do not carry out our business activities (e.g. operation of the Shop, product adaptation, customer service, production and dispatch of advertising material, data analysis and, if applicable, data clearing, payment processing) ourselves, but have them carried out by other companies, and these activities are connected with the processing of your data, we have previously contractually bound these companies to use the data only for the purposes permitted by law. We are authorised to monitor these companies in that respect. Data will also be shared with Google Ireland through the Google Maps service on a shared responsibility basis.
When you order goods in our Shop we forward your data required for delivery (name, address) to the respective shipping company. If delivery shall take place to a country of the EU except for Germany more than one shipping company can be involved. Additionally, we forward your payment data to the responsible bank for payment in order to process payments unless you selected a payment service provider for this purpose.
In the event of a default in payment name, address and date of birth will be forwarded to collection service providers and processed on our behalf for debt recovery. This shall speed accelerate the collection of debts as our legitimate interest.
In particular cases, we may be bound by law to pass your personal data along to authorities or courts. This data processing is therefore based on a legal obligation.
HOSTING BY SHOPIFY
Our Shop is hosted on the e-commerce platform of Shopify (Shopify Inc., 150 Elgin Street 8th Floor Ottawa, ON K2P 1L4 Canada). Shopify thus acts as a data processor and we have concluded a (standard) contract with Shopify for order data processing. All data collected in this Shop, including your personal data, are stored on Shopify's servers. In order to avoid international data transfer to the USA, the data is stored in Ireland on servers of Shopify's Irish subsidiary Shopify International Ltd., acting as sub-processor.
13. Storage period and deletion of data
The data that you provide when setting up a customer account will be stored until you terminate your customer account or you do not log into your customer account for a period of 5 years and we therefore terminated your customer account. This shall include but not be limited to order data.
Your blog comments (including the displayed name and email address) will be stored by A4Cosmetics until you withdraw your consent or the content will be deleted by A4Cosmetics.
Apart from that, we store your order data for up to 10 years pursuant to the legal retention periods. To the extent that your data needs to serve as evidence in a legal dispute, those data will be stored for the duration of the legal dispute or the statutory limitation periods, respectively. While the limitation period can be up to 30 years (see Art. 195 pp of the German Civil Code), the regular limitation period is three years.
The data that you provide when using our contact form or service number will be deleted as soon as we can assume that your request has been completely clarified and that this data has not been collected for contractual purposes at the same time. Communication on warranty rights is stored for the duration of the warranty period or the end of the respective limitation period. Data collected and used on the basis of your consent will be deleted after receipt of your withdrawal.
14. Your rights (rejection, revocation, information, correction, restriction of processing, deletion, transferability, complaint)
• Objection
You have the right at any times to object the processing of your personal data which is processed in connection with this shop. Therefore, you can use the contact data of section 1 and 2. If you reject, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
o Revocation
In addition, you have the right to revoke any consent given with effect for the future. The lawfulness of the processing activities based on your consent will, however, not be affected up to the exercise of the right of revocation.
o Other rights
You have the right, free of charge, to be provided with information regarding your personal data stored by us, to correct inaccurate data, and to have data being restricted in processing or deleted. You also have the right to be provided with your data in a structured, commonly used and machine-readable format and to have your data transmitted by us to another person. Finally, you have the right to lodge a complaint with a supervisory authority.
With the exception of your right to lodge a complaint with a supervisory authority, you may address your relevant request to the contact details specified in sections 1 and 2 above.
15. Data security
Your personal data will be transmitted via the Internet in encrypted form. We secure the Website and the other systems by technical and organisational measures, in particular, the encryption technology, SSL (Secure Socket Layer), against any loss, destruction, access, alteration or dissemination of your data by unauthorised persons. You can access your customer account only by entering your personal password. Please treat any access data strictly confidential and close your browser window if you terminated the communication with us, in particular if you use the device with others.
Taking into account the state of technology, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the likelihood and severity of an infringement of the rights and freedoms of natural persons, the A4COSMETICS has implemented appropriate technical and organisational measures within the meaning of Article 32 GDPR.
The following measures will, inter alia, be taken to protect your data and to protect them against any loss, destruction, access, alteration or dissemination by unauthorised persons:
o ensuring the confidentiality, integrity, availability and resilience of the processing systems and services;
o ensuring the speedy restoration of the availability of personal data in the event of a physical or technical incident;
o the implementation of procedures for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures for ensuring the security of the processing.
Please note that, while we endeavor to create a secure and reliable Shop for users, the absolute confidentiality of messages or materials transmitted to, or from, the Shop cannot be guaranteed.