Data protection

Overview of Contents

1. Overview
2. Name and contact details of the data controller and of the company data protection officer
3. Purposes of data processing, legal bases and legitimate interests pursued by Ultimate Skin Aesthetics GmbH or third parties, and categories of recipients
   1. Accessing our website or app
   2. Online presence and website optimisation
4. Transfer to recipients outside the EU
5. Integration of third-party content
6. Your rights
7. Changes to this policy

1. Overview
   

   The following data protection information concerns the type and scope of processing of so-called personal data by Ultimate Skin Aesthetics GmbH. Personal data are pieces of information that are or may be associated directly or indirectly with you as a person. When you access the website/app of Ultimate Skin Aesthetics GmbH, various pieces of information are exchanged between your end device and our server. These may include personal data. The information collected in this way is used, among other things, to optimise our website. Our website and our services are not aimed at children under the age of 16. In accordance with the provisions of the GDPR, you have various rights that you can assert with regard to us. These include the right to object to certain types of data processing, in particular, data processing for marketing purposes. The opportunity to object is highlighted in the text. If you have any questions about our data protection information, please feel free to contact us at any time using the details for the data controller below.

2. Name and contact details of the data controller

   This data protection information applies to data processing by Ultimate Skin Aesthetics GmbH, Luise-Rainer-Straße 7-11, 40235 Düsseldorf, Germany; Managing Directors: Susanne Cornelius, Dr. Christian Korte (“Data Controllers”), and to the following websites and apps: www.hashtag-innerbeauty.de.

3. PURPOSES OF DATA PROCESSING, LEGAL BASES AND LEGITIMATE INTERESTS PURSUED BY ULTIMATE SKIN AESTHETICS GMBH OR THIRD PARTIES, AND CATEGORIES OF RECIPIENTS

   1. Accessing our website/app
      When you access our website/app, the browser used on your end device automatically sends information to the servers of our website/app, and this is saved temporarily in so-called  logfiles. We have no control over this. The following information is recorded without your participation and saved until it is erased automatically:
      • the IP address of the requesting device connected to the internet,
      • the date and time of access,
      • the name and URL of the file accessed,
      • the website/app from which access was made (referrer URL),
      • the browser you are using

      The legal basis for processing of the IP address is Article 6(1) point f) GDPR. Our legitimate interest arises from the purposes of data collection listed below. Please remember in this connection that we are not able to draw any conclusions about your identity from the data collected, and we do not attempt to do so.

      The IP address of your end device and the other data listed above are used by us for the following purposes:

      • Ensuring problem-free establishment of a connection,
      • Ensuring convenient use of our website/app,
      • Evaluating system security and stability.

      The data are stored for a period of 10 days, and the IP address is then erased automatically. The data in the log files are stored separately from your other data.

      In addition, we use so-called cookies and tracking tools for our website/app. The precise procedures involved in this and the way in which your data are used in this connection are  explained in more detail in section 3.2.

   2. Online presence and website optimisation
      
      
      1. Cookies and similar technologies – general information
         We use so-called cookies on our website. Cookies are small files that are created automatically by your browser and stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your end device and do not contain any viruses, trojan horses or other malware. The cookie stores information that relates to the specific end device used. This does not mean, however, that we obtain direct knowledge of your identity in this way. Using cookies serves, on the one hand, to make your use of our website more convenient. For example, we use so-called session cookies to detect that you have already visited certain pages of our website. These are erased automatically as soon as you leave our site. In addition, we use temporary cookies that are stored for a specific period on your end device, also in the interests of user-friendliness. If you visit our site again to make use of our services, they automatically recognise the fact that you have visited us previously and remember your inputs and settings so that you do not have to repeat them. On the other hand, we use cookies to analyse the use of our website statistically, to optimise it for you and to display information specifically tailored to you. These cookies make it possible for us to recognise you when you visit our website again. The cookies are erased automatically after a defined period. Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are saved on your computer or that you always receive a notification before a new cookie is created. Complete deactivation of cookies may, however, mean that you cannot use all of the functions of our website. The period for which the cookies are stored depends on their purpose and is not the same in all cases. In addition, some of the services integrated into this website use so-called pixel tags (also referred to as web beacons): these are small, usually invisible graphics that are integrated into websites and other services to carry out statistical analyses. Insofar as processing of personal data is carried out by Ultimate Skin Aesthetics GmbH in the context of the use of cookies and similar technologies to provide this website, it is performed on the basis of Art. 6(1) point f) GDPR. Our legitimate interest lies in being able to offer our website securely and in a way that meets demand.
      2. Google analytics for web analysis (with anonymisation function)
         For the purposes of design in accordance with demand and ongoing optimisation of our site, we use Google Analytics, a web analysis service of Google Inc. (“Google”) on the basis of Article 6(1) point f) GDPR. Pseudonymised user profiles are created and cookies are used in this context. The information generated by the cookie about your use of this website, such as
         • browser type/version,
         • operating system used,
         • referrer-URL (the page visited previously),
         • hostname of the accessing computer (IP address),
         • time of the server request,

         are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, compile reports about website activities and provide other services relating to website and internet use for the purposes of market research and design of these web pages in accordance with demand. This information may also be transmitted to third parties, insofar as this is legally prescribed or if third parties have been commissioned to process the data. Under no circumstances will your IP address be associated with other Google data. The IP addresses are anonymised so that they cannot be associated with anyone (so-called IP masking).

         You can object to the use of cookies either by configuring your web browser in such a way that cookies in general, are not saved or by clicking here.

         Alternatively, you can use the browser add-on that can be download here and installed: https://tools.google.com/dlpage/gaoptout.

         Installation of the browser add-on constitutes an objection. If your device is wiped, formatted or re-installed at a later date, you must install the browser add-on again.

         Further information about Google’s privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html . Google Analytics is explained in more detail at: https://www.google.com/intl/de_de/analytics/.

         We have configured Google Analytics in such a way that the data on which the reports are based are erased at the latest after 36 months.

4. RECIPIENTS OUTSIDE THE EU
   

   With the exception of the processing specified under section 3.2, we shall not transfer your data to recipients based outside the European Union or the European Economic Area. The processing specified under section 3.2 brings about data transmission to the servers of the tracking and targeting technology providers commissioned by us. Those servers may be located in the US. Data transmission is carried out in accordance with the principles of the so-called Privacy Shield and on the basis of so-called standard contractual clauses of the EU Commission.

5. INTEGRATION OF THIRD-PARTY CONTENT

   We have integrated third-party content into our website in various places. This includes videos, card services, images and fonts. In the context of integration of this content, it is technically necessary for us to communicate your IP address to the third-party providers so that that content can be displayed to you. We do not store your IP address for the purpose of integration of third-party content. With your IP address, the use of cookies and other technologies (e.g. pixel tags, i.e. invisible graphics), the third-party providers may track your surfing behaviour and, in doing so, process other technical information in addition to your IP address (including your browser type/version, the operating system used, the page you visited previously, the host name of the accessing device, the time and other details about the use of our online service). The legal basis for processing your data is Article 6(1) sentence 1 point f) GDPR. We have a legitimate interest in optimising our website and improving our service to you by including third-party content. A more detailed description of the parties whose content we include and how your data is processed can be found below in the relevant description of the embedded content.• YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Privacy policy: https://policies.google.com/privacy An opt-out is available at: https://adssettings.google.com/authenticated

6. Your rights

   1. 1. Overview
          In addition to your right to withdraw your consent that you have given to us, the following rights are available to you if the corresponding legal conditions are met:
         • Right to information about your personal data that we have stored, in accordance with Art. 15 GDPR; in particular, you can obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or are being disclosed, the planned duration of storage and the origin of your data if it has not been collected directly from you,
         • Right to rectification of incorrect data or completion of correct data in accordance with Art. 16 GDPR,
         • Right to erasure of the data we have stored about you in accordance with Art. 17 GDPR, provided that no statutory or contractual storage periods or other statutory obligations or rights must be observed regarding further storage,
         • Right to restriction of processing of your data in accordance with Art. 18 GDPR, insofar as the correctness of the data is contested by you, the processing is unlawful but you refuse to have the data erased; the data controller no longer needs the data but you need them to pursue, exercise or defend against legal claims or you have lodged an objection to processing in accordance with Art. 21 GDPR,
         • Right to data portability in accordance with Art. 20 GDPR, i.e., the right to have selected data stored by us about you transferred to you in a commonly used, machine-readable format, or to demand their transmission to another data controller
         • Right to lodge a complaint with a supervisory authority. You can usually have recourse to the supervisory authority responsible for your normal place of residence or workplace or for the location of your company’s registered office.
      2. Right to object Under the conditions of Art. 21(1) GDPR, an objection can be raised to data processing for reasons resulting from the particular situation of the data subject.
         The above general right to object applies to all the purposes of processing described in this data protection information, based on Article 6(1) point  f) GDPR. Unlike the specific right to object to data processing for marketing purposes, under the GDPR we are obliged to comply with such a general objection only if you provide us with reasons of overriding importance (e.g. a possible risk to life or health). In addition, you have the option of recourse to the supervisory authority responsible for Ultimate Skin Aesthetics GmbH or to  info@ultimateskinaesthetics.com.

7. MODIFICATIONS TO THIS POLICY
   

   If we introduce new products or services, change internet procedures or if internet and IT security technology develops further, the privacy policy will be updated. We reserve the right to modify or add to the policy as necessary. We will publish the changes here. You should therefore visit this website regularly to check the latest version of the privacy policy.