We would hereby like to inform you of the ways and scope in which your personal data is processed by BCG Baden-Baden Cosmetics Group GmbH and your rights in accordance with data protection legislation.
§ 1 Who Is Responsible for Data Processing and How Do I Contact the Data Protection Officer?
The party responsible for data processing is:
BCG Baden-Baden Cosmetics Group GmbH
Data protection officer
Im Rosengarten 7
76532 Baden-Baden, Germany
Phone: +49 (0) 7221 688 100
Fax: +49 (0) 7221 688 369
Represented by: Managing Directors Hermann Crux and I-Ting Wu
You can contact our data protection officers via the contact data above or via email at email@example.com
§ 2 What Are the Purposes of and Legal Basis for Processing Data?
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (new FDPA) as well as all other relevant laws only insofar as this is required to provide information on this website as well as our services on this website.
If you are using the website simply for information purposes, that is to say, if you are not logging in or registering to use the website or providing us with any other information, we will not collect any personal data, with the exception of the data that your browser transmits in order to enable you to visit the website. These are:
- IP address
- Date and time of query
- Time zone difference in relation to Greenwich Mean Time (GMT)
- Content of request (specific page)
- Access status/HTTP status code
- Transferred data quantity in each case
- Website issuing the request
- Operating system and its interface
- Language and version of the browser software.
To ensure that the website functions, this information is saved in log files. Furthermore, this data is used for the purposes of ensuring that our information-technology systems are secure and optimizing our website.
Art. 6 (1) f) of the GDPR forms the legal basis for temporarily saving data and log files. If processing operations for personal data are based on acquiring the consent of the person affected, Art. 6 (1) a) of the GDPR serves as the legal basis.
Art. 6 (1) b) of the GDPR forms the legal basis for processing personal data in order to fulfill contracts in the case that one of the contracting parties is the person concerned. The same applies to implementing pre-contractual measures that necessitate processing operations. If our company is subject to a legal obligation for which it is necessary to process personal data, Art. 6 (1) c) of the GDPR serves as the legal basis. Art. 6 (1) d) of the GDPR is the legal basis in cases where vital interests of the persons concerned or another natural person necessitate the processing of personal data. If personal data is processed in order to protect the legitimate interests of our company or a third party, the interests, basic rights and fundamental freedoms of the person concerned are of secondary importance. Art. 6 (1) f) of the GDPR is the legal basis for processing data in this instance. Personal data can be passed onto our IT service providers for the purposes of making this website available.
§ 3 Data SecurityWe maintain up to date technical procedures to ensure data security, in particular in relation to the protection of your personal data against risks during data transfer and against third parties acquiring knowledge of these data. These procedures are continuously updated to reflect the current state of the art.
§ 4 Cookies
- You may configure your browser settings as required and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out that if you do so, you may not be able to use all of the functions of this website.
- Transient cookies are automatically deleted once you close the browser. This includes in particular session cookies. These store a session ID with which various queries from your browser can be assigned to the same session. This enables your computer to be identified on a return visit to the website. The session cookies are deleted once you log out or close the browser.
- Persistent cookies are automatically deleted after a specific period of time, which may vary from cookie to cookie. You may delete the cookies at any time in the security settings of your browser.
- Analysis cookies. We use analysis cookies to improve the content and quality of our website. Analysis cookies enable us to understand how our website is being used, which allows us to optimize our services on an ongoing basis
§ 5 Contact form
We collect your personal data when you provide it to us by filling out the contact form. The data provided will be processed exclusively to provide you with the requested information. The processing of further personal data during the sending process is based on the prevention of any misuse of the contact form, as well as ensuring the security of our information technology systems. Any further processing of your data for advertising purposes or market research will only take place with your express consent.
The following data is processed at the time of sending the message:
- IP address of the user
- Time of registration (date and time)
- Mandatory data: Name, company, telephone, e-mail, subject
- Voluntary data: Website.
The legal basis for the processing of the data is Art. 6 para.1 p.1 lit.a DSGVO if the user has given his consent. If the contact serves the purpose of concluding a contract, the legal basis is Art. 6 para.1 p.1 lit.b DSGVO. Otherwise, the processing of personal data corresponds to the legitimate interests of both you and us. We may be able to answer factual questions posed or respond to a possible suggestion. Thus, the data processing is also justified according to Art. 6 para.1 p.1 lit.f DSG-VO; this also applies to the processing of data in the context of the sending process.
As soon as the data is no longer required to achieve the original purpose for which it was collected, it is deleted. Personal data collected by means of the input mask of the contact form on the website is no longer required if there is no longer any communication with you. This is the case when it becomes clear upon consideration that the matter has ended for the future and no further communication will take place.
Additional personal data that we collect during the sending process will be deleted within a period of eight weeks.
You can revoke your consent to the processing of your personal data at any time. You can declare the revocation by sending a message to the contact details above. However, further communication can then no longer take place, as all personal data stored in the context of contacting you will be deleted in this case. The legality of the data processing processes already carried out remains unaffected by the revocation. You can declare your objection at any time by sending a message to the above contact details. However, further communication can then no longer take place, as all personal data stored in the context of contacting us will be deleted in this case.
Contact can also be made via an alternatively provided e-mail address, in the context of which the user’s personal data sent together with the e-mail will then be stored by our company.
§ 6 Contacting
You have the possibility to contact us by mail, telephone, fax or e-mail.
If you contact us by mail, we may process in particular your address data, date and time of receipt of the mail as well as the data resulting from your letter itself. If you contact us by telephone, we will process in particular your telephone number and, if necessary, your name, your e-mail address, the time of the call and details of your request during the conversation. If you contact us by fax, in particular the fax number or the sender ID as well as the data resulting from the fax will be processed. If you contact us by e-mail, your e-mail address, the time of the e-mail and the data resulting from the message text (including attachments, if applicable) will be processed.
The purpose of processing the above-mentioned data is to process your contact request and to be able to contact you in order to respond to your request.
The legal basis for the processing of personal data described here is Art. 6 para.1 p.1 lit.f DSGVO. Our legitimate interest is to offer you the possibility to contact us at any time and to be able to answer your inquiries. The personal data will be processed only as long as necessary for the processing of the contact request.
You can declare your objection at any time by sending a message to the contact details given above. However, further communication can then no longer take place, as all personal data that was stored in the context of the contact will be deleted in this case.
§ 7 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP ad-dress) will generally be transmitted to and stored by Google on servers in the United States. If IP anonymization is activated on this website, Google will truncate your IP address within the Member States of the European Union or in other treaty States of the European Economic Area prior to transmitting it to the US. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. Google will use this information on behalf of the website provider for the purpose of evaluating your use of the web-site, compiling reports on website activity and providing the website provider with other services relating to website activity and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google. You may prevent the collection for Google of the data (incl. your IP address) generated by cookies and related to your use of the website, and the processing of such data, by downloading and installing the browser plug-in that can be accessed at: tools.google.com/dlpage/gaoptout. or by using Google Analytics OptOut on the basis of a cookie. This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in truncated form, thereby preventing them from being traced to a specific person. If the data acquired about you can be attributed to a personal connection, this contact will be dismissed immediately and the personal data will be deleted without delay. We use Google Analytics so that we can analyze the usage of our website and improve it on a continuous basis. Using the statistics obtained, we can improve our services and make these more interesting for you as a user. In exceptional cases in which personal data is transferred to the USA, Google has signed up to the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is Art. 6 (1) (1) f) of the GDPR. The legal basis for processing the personal data of users is Art. 6 (1) f) of the GDPR. Processing the person-al data of users enables us to analyze the browsing behavior of our users. By analyzing the data acquired, we are able to compile information about the use of the individual components that make up our website, which helps us to improve our site and how user-friendly it is on a continuous basis. Our legitimate interest in processing data lies in these objectives in accordance with Art. 6 (1) f) of the GDPR. Anonymizing the IP address means that the user’s interest with regard to the protection of personal data is sufficiently taken into account. The data is deleted as soon as it is no longer required for our recording purposes. Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: www.google.com/analytics/terms/de.html, overview of data protection: www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy statement: www.google.de/intl/de/policies/privacy.
§ 8 Use of social media
We maintain publicly accessible profiles on social networks. Social networks, are generally able to comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered.
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, however, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, data is collected, for example, by recording your IP address via cookies that are stored on your terminal device.
- Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA;https://www.google.com/policies/privacy/partners/?hl=de.
- Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;http://www.linkedin.com/legal/privacy-policy.
We operate our social media presences in order to achieve the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 para.1 p.1 lit.f DSGVO. If applicable, the analysis processes initiated by the social networks are based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para.1 sentence 1 lit.a DSGVO). The data collected directly by us will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it or assert your objection or revocation of consent. Stored cookies remain on your terminal device until you delete them. Legal provisions, in particular retention periods, remain unaffected.
If you visit one of our presences in the social media (e.g. Facebook), you trigger a processing of your personal data during such a visit. In this case, we are jointly responsible with the operator of the respective social network for these data processing operations within the meaning of Art. 26 DSGVO. Your rights (right to information pursuant to Art. 15 DSGVO, right to rectification pursuant to Art. 16 DSGVO, right to erasure pursuant to Art. 17 DSGVO, right to restriction of processing pursuant to Art.18 DSGVO, right to data portability pursuant to Art. 20 DSGVO and right to lodge a complaint pursuant to Art. 77 DSGVO) can in principle be asserted both against us and against the operator of the respective social network (e.g. Facebook).
Please note that despite the joint responsibility according to Art. 26 DSGVO with the operators of social networks do not have full influence on the data processing and the assertion of affected rights of the individual social networks. You can declare your objection at any time by sending a message to the contact details above. You may then no longer be able to fully use the functions of the website.
§ 9 Use of Social Media Plug-Ins
We currently use the following social media plug-ins: LinkedIn via Juicer.
We use the so-called 2-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of these plug-ins. You can recognize the provider of the plug-in via the marking on the box above its initial letter or logo. We open up the possibility for you to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-ins provider receives the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under § 2 of this declaration will be transmitted. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers such as Facebook in the USA). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.
We have no influence on the collected data and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
The plug-in provider stores this data as usage profiles and uses it for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for non-logged-in users) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. Via plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para.1 p.1 lit.a DSGVO.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected by us will be directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.
For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;http://www.linkedin.com/legal/privacy-policy.
- Juicer, saas.group LLC, 304 S. Jones Blvd #1205, Las Vegas NV 89107, USA; https://www.juicer.io/eu-privacy
You may revoke your consent at any time by sending a message to the contact information provided above. You may then no longer be able to fully use the functions of the website. The legality of the data processing operations already carried out remains unaffected by the revocation.
§ 10 Links
On our website, we offer you the opportunity to access links from external sites in order to provide you with more detailed information. If you intend to click on the links, your IP address will be transmitted to the site operator. The links change continuously, therefore a listing of the individual links is omitted below. Nevertheless, please note their respective data protection declarations. You use the implemented links on a voluntary basis, therefore the legal basis for their use is Art. 6 para.1 p.1 lit.f DSGVO. We have no influence on possible further processing by the above-mentioned companies.
You may object at any time by sending a message to the above contact details. You may then no longer be able to fully use the functions of the website.
§ 11 Children
We do not collect personal information from minors. In the case of unwitting collection, we will delete it immediately.
§ 12 How long will my personal data be stored?
Your personal data will be processed for the duration of the fulfillment of the above purposes. Your log files in the context of the informational use of our website will be deleted after eight weeks. If we have processed the inquiries you have made, via the contact inquiry, and no contractual relationship results from your inquiry, your data will no longer be processed and will subsequently be deleted.
If, on the other hand, you revoke the consent you have given or have executed a revocation in accordance with Art. 21 DSGVO, your data will also no longer be processed and subsequently deleted. After the purpose has been fulfilled, the aforementioned data will either be deleted, if possible by the system, or the personal reference will be removed by anonymization and access to your data will be blocked. We will continue to send you contractual and legal information as long as the contract with you exists and/or we are legally obliged to do so.
Legal or contractual retention periods may inhibit the deletion or blocking of data. The periods of limitation can be up to three years due to §§ 195 ff. Bürgerliches Gesetzbuch (German Civil Code) up to thirty years; the regular limitation period is three years. In addition, the obligations to retain data under tax law, commercial law, tax law and other statutory obligations must be observed. The retention/documentation periods stipulated there are six to ten years plus the statute of limitations of a further five years. In order not to violate legal regulations or to lose the possibility of enforcing a claim or defending ourselves against such a claim, we reserve the right to delete the data only after the expiration of the last period that legitimizes the data storage.
§ 13 Does automated decision-making or profiling take place?
Neither automated decision-making nor profiling takes place within the scope of data processing when using our website. We have no influence on automated decision-making or profiling by external service providers.
§ 14 Am I obliged to provide my personal data?
You are neither contractually nor legally obligated to provide us with your personal data when using our Internet presence and the application options contained therein. You use our Internet presence and the services offered therein on a voluntary basis, therefore the non-provision of your data has no adverse legal consequences for you.
If you use our website for informational purposes only, you do, however, provide us with the data described in § 2, which your browser makes available to us.
If you contact us within the scope of the above-mentioned contact options via contact form, e-mail, letter, fax or telephone, we process your personal data in order to assign you and to be able to process your request. If you send us inquiries within the scope of an already existing contract, the data processing is necessary due to the existing contract with you. The legal basis for data processing is therefore Art. 6 para.1 p.1 lit.b DSGVO. If you are unable to provide us with this data, we will not be able to process your request further.
§ 15 What data protection rights can I assert as a data subject?
You have the right:
- in accordance with Art. 7 para.3 DSGVO, to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future. The legality of the data processing operations already carried out remains unaffected by the revocation.
- in accordance with Art. 15 DSGVO, to request information about your personal data processed by us at any time. In particular, you can request information about the processing purposes, the category of personal data and its origin, the categories of recipients to whom your data has been or will be disclosed, as well as the purpose and the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making, including profiling and, if necessary, meaningful information about its details;
- in accordance with Art. 16 DSGVO, to demand the immediate correction of incorrect or completion of your personal data stored by us;
- pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
- pursuant to Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
- pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
Please address all information requests, requests for information or revocations regarding data processing to the contact details above.
§ 16 Do I have the possibility to object to the processing?
Pursuant to Art. 21 (1) DSGVO, you have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) sentence 1 lit. f DSGVO for reasons that arise from your particular situation. We will then no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves our assertion, exercise or defense of legal claims.
You can declare your objection at any time by sending a message to the contact details above.
§ 17 Do I have the possibility to lodge a complaint?
If you are of the opinion that the processing of your personal data by us is unlawful or, if applicable, violates data protection law for other reasons, you can complain to a supervisory authority. You can contact a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement.