(1) The following data protection information informs you about the type and scope of the processing of so-called personal data by KOKEBI Cosmetics GmbH. Personal data is information that can be directly or indirectly assigned to you or can be assigned to you.
We do not pass on your personal data to third parties unless you have consented to such data being passed on or we are entitled or obliged to pass on data on the basis of statutory provisions and/or official or court orders.
Data processing by KOKEBI Cosmetics GmbH can essentially be divided into three categories:
– For the purpose of contract processing, all data required for the performance of a contract with KOKEBI Cosmetics GmbH is processed. If external service providers are also involved in the processing of the contract, e.g. logistics companies or payment service providers, your data will be passed on to them to the extent necessary in each case.
– In addition to processing the contract, we also use the data collected from you for the purpose of informing you about new offers and promotions from time to time.
– When you call up the KOKEBI Cosmetics GmbH website/application, various pieces of information are exchanged between your end device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimise our website or to display advertising in the browser of your end device.
Within the scope of our online services, including the portals for registration, we collect data insofar as this is necessary for the fulfilment of our contractual obligations towards you or you have consented to this. These include in particular:
– Master data such as surname, first name and date of birth
– Contact details such as address, telephone number and email address
– If necessary, further data requested in the forms.
In connection with the creation of an account and the processing of orders, we also collect and process certain additional data that is required for the fulfilment of our contractual obligations towards you. This includes in particular
– Data from correspondence (postal and electronic) between you and us;
– Data from postal, electronic and telephone communication.
We also process data from other sources insofar as it is necessary for the fulfilment of the contract concluded with you or pre-contractual measures or you have given your consent. This also applies to data that we have permissibly received from affiliated companies.
We only process personal data from publicly accessible sources (e.g. authorities, internet) if this is legally permissible, sth because this is necessary for the provision of our services or you have consented.
(2) Our website and our services are not aimed at children under the age of 16.
(3) In accordance with the provisions of the GDPR, you have various rights that you can assert against us. These include the right to object to selected data processing, in particular data processing for advertising purposes. The option to object is highlighted in print.
(4) We have taken technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are bound by the applicable data protection laws.
(5) Our security measures are subject to a continuous improvement process and our data protection statements are updated. Please ensure that you have the latest version.
(6) If the contract is related to other services, the privacy notices of these other services will apply additionally.
(7) If you have any questions about our data protection information, you are welcome to contact our company data protection officer at any time. You will find the contact details below.
Please insert contact details of the data protection officer, if there is one.
Should our data protection officer not be able to answer your concerns to your satisfaction, you still have the right to lodge a complaint with the data protection supervisory authority responsible for your federal state.
Responsible body and contact
(1) The responsible party within the meaning of the data protection laws is KOKEBI Cosmetics GmbH, Tieckstr. 15, 10115 Berlin, Germany.
telephone number: +49 (0) 30 2790849-0
(2) If you wish to object to the collection, processing or use of your data by KOKEBI Cosmetics in accordance with these data protection provisions as a whole or for individual measures, you can send your objection by letter, email or telephone to the following contact address:
KOKEBI Cosmetics GmbH, Data Protection Department, Tieckstr. 15, 10115 Berlin, Germany, (“responsible party”).
Managing Director: Birgitta Bitschnau-Burkart, Local Court ___ HRB ___
phone number: +49 (0) 30 2790849-0
Use of your personal data
3.1. ACCESS DATA AND HOSTING
You can visit our websites without providing any personal information. Each time you call up a website, the web server only automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call.
This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving our services. In accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO, this serves to protect our legitimate interests in a correct presentation of our offer, which outweigh our interests in the context of a balancing of interests. All access data is deleted no later than seven days after the end of your visit to the site.
Hosting services may also be provided by a third-party provider. As part of processing on our behalf, a third-party provider then provides the services for hosting and displaying the website on our behalf. All data collected in the course of using this website or in forms provided for this purpose in the online shop as described below are processed on its servers. Processing on other servers only takes place within the framework explained here. This service provider is located within a country of the European Union or the European Economic Area.
3.2. DATA COLLECTION AND USE FOR CONTRACT PROCESSING, CONTACTING AND OPENING A CUSTOMER ACCOUNT
We collect personal data if you voluntarily provide it to us in the context of your order or when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, as we need the data in these cases to process the contract or to process your contact and you cannot send the order or contact without providing it. Which data is collected can be seen from the respective input forms. We use the data provided by you in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO for contract processing and processing your enquiries.
Insofar as you have given your consent to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO by deciding to open a customer account, we use your data for the purpose of opening a customer account.
After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. The deletion of your customer account is possible at any time and can be either by sending a message to the contact option described above or via a function provided for this purpose in the customer account.
3.3. TRANSFER OF DATA
In order to fulfil the contract in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the data protection declaration of the respective payment service provider applies.
The same applies to the transfer of data to our partners in cases where they take over the shipping for us (drop shipment).
Data is passed on to shipping service providers if you have given us your express consent to do so during or after your order. Based on this consent, we pass on your e-mail address to the selected shipping service provider in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO so that they can contact you before delivery for the purpose of delivery notification or coordination.
You can revoke your consent at any time by sending a message to the contact option described above or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data for any other purpose that is permitted by law and about which we inform you in this declaration.
DHL Parcel GmbH
Hermes Logistics Group Germany GmbH
Essener Street 89
3.4. EMAIL NEWSLETTER AND POSTAL ADVERTISING
We will send you e-mail advertising if you subscribe to our newsletter. We use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis based on your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO.
Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described above or via a link provided for this purpose in the newsletter.
After unsubscribing, we will delete your email address from the list of recipients unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.
E-mail advertising without registration for the newsletter and your right to object may take place if we receive your e-mail address in connection with the sale of a product or service and you have not objected to this. In this case, we reserve the right, on the basis of Section 7 (3) of the German Unfair Competition Act (UWG), to regularly send you offers by e-mail for similar products to those you have already purchased from our range. This serves to protect our legitimate interests in addressing our customers in an advertising manner, which outweigh our interests in the context of a balancing of interests. You can object to this use of your e-mail address at any time by sending a message to the contact option described above or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates.
E-mail advertising can take place when you register for our KOKEBI Cosmetics action alarm clock. In the case of articles that are not (or no longer) available, we use the data required for this purpose or separately provided by you in order to inform you by e-mail about the renewed availability of the products. The sending of these e-mails is based on your consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO. You can unsubscribe from the KOKEBI Cosmetics promotion alarm at any time by either sending a message to the contact option described below or via a link provided for this purpose in the email. After unsubscribing, we will delete your e-mail address unless you have expressly consented to further use of your data or we reserve the right to use data in a manner that goes beyond this, which is permitted by law and about which we inform you in this declaration.
The sending of electronic advertising (such as newsletters or promotional alerts) may be carried out on our behalf by a service provider to whom we pass on your e-mail address as part of a processing operation for this purpose. This service provider is located within a country of the European Union or the European Economic Area.
In addition, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g. to send you interesting offers and information about our products by letter post. This serves to protect our legitimate interests in addressing our customers in an advertising manner in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. The advertising mailings are provided as part of processing on our behalf by a service provider to whom we pass on your data for this purpose.
You can object to the storage and use of your data for these purposes at any time by sending a message to the contact option described above.
3.5. USE OF DATA FOR PAYMENT PROCESSING
PayPal uses the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the contact details below. This may result in us no longer being able to offer you certain payment options. You can also revoke your consent to this use of personal data at any time by contacting PayPal.
3.6. INTEGRATION OF THE TRUSTED SHOPS TRUSTBADGE
This serves to protect our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO, which prevail in the context of a balancing of interests. The trust badge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided by a CDN provider (Content Delivery Network) within the framework of order processing. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured. Further information on the data protection of Trusted Shops GmbH can be found here (https://www.trustedshops.de/impressum/#datenschutz ).
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. Individual access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted 90 days after creation at the latest.
Further personal data is transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. The contractual agreement between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered for product use is automatically checked using a neutral parameter, the email address hashed by cryptological one-way function. The e-mail address is converted into this hash value, which cannot be decrypted by Trusted Shops, before it is transmitted. After checking for a match, the parameter is automatically deleted.
3.7. COOKIES AND ADVERTISING ANALYSIS
In order to make the visit to our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to protect our legitimate interests in an optimised presentation of our offer, which outweigh our interests in the context of a balancing of interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.
Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser on your next visit (persistent cookies). You can find out how long they are stored in the overview in the cookie settings of your web browser. You can set your browser in such a way that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. This can be found for each browser by following the links below:
If cookies are not accepted, the functionality of our website may be limited.
Use of Google (Universal) Analytics for web analysis
This website uses Google (Universal) Analytics for website analysis. The web analytics service is provided by Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to protect our legitimate interests in an optimised presentation of our offer, which outweigh our interests in the context of a balancing of interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO. Google (Universal) Analytics uses methods that enable an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is usually transferred to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address is shortened before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. After the end of the purpose and the end of the use of Google Analytics by us, the data collected in this context will be deleted.
Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here (https://policies.google.com/privacy/frameworks?hl=de). Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.
You can prevent the collection of data generated by the cookie and related to your use of the website (incl. your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For website analysis purposes, data may be automatically collected and stored on this website, from which usage profiles are created using pseudonyms. This serves to protect our legitimate interests in an optimised presentation of our offer, which outweigh our interests in the context of a balancing of interests in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO. Cookies may be used for this purpose. The pseudonymised usage profiles are not merged with personal data about the bearer of the pseudonym without a separate, express consent. After the end of the purpose and the end of the use of eTracker by us, the data collected in this context will be deleted. You can object to the collection and storage of data at any time with effect for the future via the contact address given above. After your objection, an opt-out cookie will be stored on your terminal device. If you delete your cookies, you must click the link again.
We are always available at the above-mentioned contact address to answer any questions you may have about the evaluation tools used. Likewise, the relevant data and information on the service providers used can be requested free of charge from Kokebi by email at any time.
3.8. ONLINE MARKETING
Google AdWords Remarketing
We use Google Ads to advertise this website in Google search results and on third-party websites. For this purpose, the so-called remarketing cookie is set by Google when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous CookieID and on the basis of the pages you have visited. This serves to protect our legitimate interests in the optimal marketing of our website, which outweigh our interests in the context of a balancing of interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. After the end of the purpose and the end of the use of Google Ads Remarketing by us, the data collected in this context will be deleted.
Further data processing will only take place if you have consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalise the ads you see on the web.
In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data in order to form target groups.
Google Ads is an offering of Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).
Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here (https://www.privacyshield.gov/list). Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.
You can deactivate the remarketing cookie via this link (https://adssettings.google.com/authenticated?hl=nl). In addition, you can obtain information from the Digital Advertising Alliance (https://www.aboutads.info/) about the setting of cookies and make settings in this regard.
We use so-called retargeting technology on our website. This involves collecting information about the surfing behaviour of website visitors for marketing purposes in a purely anonymous form and setting cookies for this purpose. In this way, surfing behaviour can be analysed and subsequently targeted product recommendations can be displayed as suitable advertising banners when you visit other websites. In no case can the anonymised data be used to personally identify the visitor to the website. The collected data is only used to improve the advertising offer. It is not used or passed on to third parties. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
If this is used, the relevant data and information can be requested free of charge from KOKEBI Cosmetics GmbH by email at any time.
3.9. SOCIAL MEDIA
Use of social plugins from Facebook, Twitter, Instagram
So-called social plugins (“plugins”) from social networks are used on our website.
When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of the respective social network. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in.
This information (including your IP address) is transmitted by your browser directly to a server of the respective provider (possibly in the USA) and stored there. If you are logged in to one of the services, the providers can directly assign your visit to our website to your profile in the respective social network. If you interact with the plugins, for example by clicking the “Like” or “Share” button, the corresponding information is also transmitted directly to a server of the providers and stored there. The information is also published on the social network and displayed there to your contacts. This serves to protect our legitimate interests in optimal marketing of our offer, which outweigh our interests in the context of a balancing of interests, in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.
3.10. YouTube video plugins
Third-party content is integrated on this website. This content is provided by Google (“provider”). YouTube is a service of Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).
For videos from YouTube that are embedded on our site, the extended data protection setting is activated. This means that no information from website visitors is collected and stored by YouTube unless they play the video. The integration of the videos serves to protect our legitimate interests in the optimal marketing of our offer, which prevail in the context of a balancing of interests, in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO.
For the purpose and scope of the data collection and the further processing and use of the data by the providers on their pages, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to the data protection notices of the providers:
If you do not want the social networks to directly assign the data collected via our website to your profile in the respective service, you must log out of the respective service before visiting our website. You can also completely prevent the loading of the plugins with add-ons for your browser, e.g. with the script blocker “NoScript” (https://noscript.net/).
3.11. Google Maps:
3.12. Purpose of presence on social networks
Our presence on social networks and platforms such as Facebook, Twitter, YouTube, Instagram serves to improve active communication with our customers and interested parties. We provide information there about our products and ongoing special promotions.
When visiting our online presences in social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used on your terminal device for this purpose. Visitor behaviour and user interests are stored in these cookies. This serves according to Art. 6 Para. 1 lit. f. DSGVO, this serves to protect our legitimate interests in an optimised presentation of our offer and effective communication with customers and interested parties, which prevail in the context of a balancing of interests. If you are asked by the respective social media platform operators for consent (agreement) to data processing, e.g. by means of a checkbox, the legal basis for data processing is Art. 6 (1) lit. a DSGVO.
Insofar as the aforementioned social media platforms have their headquarters in the USA, the following applies: For the USA, there is an adequacy decision of the European Commission. This goes back to the EU-US Privacy Shield. A current certificate for the respective company can be viewed here (https://www.privacyshield.gov/list).
For detailed information on the processing and use of data by the providers on their sites, as well as a contact option and your rights and setting options in this regard to protect your privacy, in particular opt-out options, please refer to the data protection notices of the providers linked below. Should you still require assistance in this regard, you can contact us.
Data processing is carried out on the basis of an agreement between jointly responsible parties pursuant to Art. 26 DSGVO, which you can view here (https://www.facebook.com/legal/terms/page_controller_addendum).
Further information on data processing in the context of visiting a Facebook fan page (information on Insights data) can be found here ( https://www.facebook.com/legal/terms/information_about_page_insights_data).
Google/ YouTube: https://policies.google.com/privacy?hl=de
Option to object (opt-out):
Google/ YouTube: https://adssettings.google.com/authenticated?hl=de
3.13. SENDING OF RATING REMINDERS BY EMAIL
If you have given us your express consent to do so during or after your order in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, we will use your email address as a reminder to submit a rating of your order via the rating system we use.
This consent can be revoked at any time by sending a message to the contact option described above.
3.14. CONTACT OPTIONS AND YOUR RIGHTS
As a data subject, you have the following rights:
– Pursuant to Art. 15 DSGVO, the right to request information about your personal data processed by us to the extent specified therein;
– pursuant to Art. 16 DSGVO, the right to demand the correction of inaccurate or incomplete personal data stored by us without undue delay;
– in accordance with Art. 17 DSGVO, the right to request the erasure of your personal data stored by us, unless further processing is necessary
o to exercise the right to freedom of expression and information;
o to comply with a legal obligation;
o for reasons of public interest; or
o necessary for the assertion, exercise or defence of legal claims;
– in accordance with Art. 18 DSGVO, the right to request the restriction of the processing of your personal data, insofar as
o the accuracy of the data is disputed by you;
o the processing is unlawful, but you object to its erasure;
o we no longer require the data, but you need it to assert, exercise or defend legal claims; or
o you have objected to the processing in accordance with Art. 21 DSGVO;
– pursuant to Art. 20 DSGVO, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;
– pursuant to Art. 77 DSGVO, the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of consent given or objection to a specific use of data, please contact us directly using the contact details in our imprint.
Right of objection
Insofar as we process personal data as explained above in order to protect our legitimate interests which prevail in the context of a balance of interests, you may object to this processing with effect for the future (Art. 21 DSGVO). If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object if there are grounds arising from your particular situation.
After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.
If you wish to object to the processing of your personal data, please send us an email or write to the above contact address. In the event of an objection, however, it is possible that we will no longer be able to provide our services agreed with you or not to the agreed extent.
If you believe that we are in breach of the GDPR by processing personal data relating to you, you always have the right to lodge a complaint with the data protection supervisory authority responsible for your place of residence, your place of work or the place of the data protection breach.