Data protection information
(version 1.0; as at 01.10.2018)
Overview of Contents
- Name and contact details of the data controller and of the company data protection officer
- Purposes of data processing, legal bases and legitimate interests pursued by Ultimate Skin Aesthetics GmbH or third parties, and categories of recipients
- Transfer to recipients outside the EU
- Integration of third-party content
- Your rights
- Changes to this policy
The following data protection information concerns the type and scope of processing of so-called personal data by Ultimate Skin Aesthetics GmbH. Personal data are pieces of information that are or may be associated directly or indirectly with you as a person. When you access the website/app of Ultimate Skin Aesthetics GmbH, various pieces of information are exchanged between your end device and our server. These may include personal data. The information collected in this way is used, among other things, to optimise our website. Our website and our services are not aimed at children under the age of 16. In accordance with the provisions of the GDPR, you have various rights that you can assert with regard to us. These include the right to object to certain types of data processing, in particular, data processing for marketing purposes. The opportunity to object is highlighted in the text. If you have any questions about our data protection information, please feel free to contact us at any time using the details for the data controller below.
Name and contact details of the data controller
This data protection information applies to data processing by Ultimate Skin Aesthetics GmbH, Luise-Rainer-Straße 7-11, 40235 Düsseldorf, Germany; Managing Directors: Susanne Cornelius, Dr. Christian Korte (“Data Controllers”), and to the following websites and apps: www.hashtag-innerbeauty.de.
PURPOSES OF DATA PROCESSING, LEGAL BASES AND LEGITIMATE INTERESTS PURSUED BY ULTIMATE SKIN AESTHETICS GMBH OR THIRD PARTIES, AND CATEGORIES OF RECIPIENTS
- Accessing our website/app
When you access our website/app, the browser used on your end device automatically sends information to the servers of our website/app, and this is saved temporarily in so-called logfiles. We have no control over this. The following information is recorded without your participation and saved until it is erased automatically:
- the IP address of the requesting device connected to the internet,
- the date and time of access,
- the name and URL of the file accessed,
- the website/app from which access was made (referrer URL),
- the browser you are using
The legal basis for processing of the IP address is Article 6(1) point f) GDPR. Our legitimate interest arises from the purposes of data collection listed below. Please remember in this connection that we are not able to draw any conclusions about your identity from the data collected, and we do not attempt to do so.
The IP address of your end device and the other data listed above are used by us for the following purposes:
- Ensuring problem-free establishment of a connection,
- Ensuring convenient use of our website/app,
- Evaluating system security and stability.
The data are stored for a period of 10 days, and the IP address is then erased automatically. The data in the log files are stored separately from your other data.
In addition, we use so-called cookies and tracking tools for our website/app. The precise procedures involved in this and the way in which your data are used in this connection are explained in more detail in section 3.2.
- Online presence and website optimisation
- Cookies and similar technologies – general information
- Google analytics for web analysis (with anonymisation function)
For the purposes of design in accordance with demand and ongoing optimisation of our site, we use Google Analytics, a web analysis service of Google Inc. (“Google”) on the basis of Article 6(1) point f) GDPR. Pseudonymised user profiles are created and cookies are used in this context. The information generated by the cookie about your use of this website, such as
- browser type/version,
- operating system used,
- referrer-URL (the page visited previously),
- hostname of the accessing computer (IP address),
- time of the server request,
are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, compile reports about website activities and provide other services relating to website and internet use for the purposes of market research and design of these web pages in accordance with demand. This information may also be transmitted to third parties, insofar as this is legally prescribed or if third parties have been commissioned to process the data. Under no circumstances will your IP address be associated with other Google data. The IP addresses are anonymised so that they cannot be associated with anyone (so-called IP masking).
Alternatively, you can use the browser add-on that can be download here and installed: https://tools.google.com/dlpage/gaoptout.
Installation of the browser add-on constitutes an objection. If your device is wiped, formatted or re-installed at a later date, you must install the browser add-on again.
We have configured Google Analytics in such a way that the data on which the reports are based are erased at the latest after 36 months.
- Cookies and similar technologies – general information
- Accessing our website/app
RECIPIENTS OUTSIDE THE EU
With the exception of the processing specified under section 3.2, we shall not transfer your data to recipients based outside the European Union or the European Economic Area. The processing specified under section 3.2 brings about data transmission to the servers of the tracking and targeting technology providers commissioned by us. Those servers may be located in the US. Data transmission is carried out in accordance with the principles of the so-called Privacy Shield and on the basis of so-called standard contractual clauses of the EU Commission.
INTEGRATION OF THIRD-PARTY CONTENT
In addition to your right to withdraw your consent that you have given to us, the following rights are available to you if the corresponding legal conditions are met:
- Right to information about your personal data that we have stored, in accordance with Art. 15 GDPR; in particular, you can obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or are being disclosed, the planned duration of storage and the origin of your data if it has not been collected directly from you,
- Right to rectification of incorrect data or completion of correct data in accordance with Art. 16 GDPR,
- Right to erasure of the data we have stored about you in accordance with Art. 17 GDPR, provided that no statutory or contractual storage periods or other statutory obligations or rights must be observed regarding further storage,
- Right to restriction of processing of your data in accordance with Art. 18 GDPR, insofar as the correctness of the data is contested by you, the processing is unlawful but you refuse to have the data erased; the data controller no longer needs the data but you need them to pursue, exercise or defend against legal claims or you have lodged an objection to processing in accordance with Art. 21 GDPR,
- Right to data portability in accordance with Art. 20 GDPR, i.e., the right to have selected data stored by us about you transferred to you in a commonly used, machine-readable format, or to demand their transmission to another data controller
- Right to lodge a complaint with a supervisory authority. You can usually have recourse to the supervisory authority responsible for your normal place of residence or workplace or for the location of your company’s registered office.
- Right to object Under the conditions of Art. 21(1) GDPR, an objection can be raised to data processing for reasons resulting from the particular situation of the data subject.
The above general right to object applies to all the purposes of processing described in this data protection information, based on Article 6(1) point f) GDPR. Unlike the specific right to object to data processing for marketing purposes, under the GDPR we are obliged to comply with such a general objection only if you provide us with reasons of overriding importance (e.g. a possible risk to life or health). In addition, you have the option of recourse to the supervisory authority responsible for Ultimate Skin Aesthetics GmbH or to firstname.lastname@example.org.
MODIFICATIONS TO THIS POLICY