We at Atout Cosmetics GmbH (hereinafter referred to as "we" or "Atout Cosmetics") are pleased about your interest in our company and our online shop "shop.atoutcosmetics.com".
We attach great importance to the protection of your personal data and treat it confidentially. The processing of your personal data takes place exclusively within the framework of the legal provisions of data protection law of the European Union, in particular the General Data Protection Regulation (GDPR) and other applicable regulations.In this privacy policy, we inform you about the processing of your personal data on our website https://www.shop.atoutcosmetics/en-de (hereinafter "website") and about your rights under the GDPR.
1. Name and contact details of the controller responsible for processing
This privacy policy applies to data processing by the following controller:
Atout Cosmetics GmbH
Harderweg 2
22549 Hamburg
Germany
E-mail: info@atoutcosmetics.com
Phone: +49 (0)40 429336 77 – 0
We have appointed a data protection officer for our company:
PROLIANCE GmbH
Dominik Fünkner
Leopoldstr. 21
80802 München
Deutschland
E-mail: datenschutzbeauftragter@datenschutzexperte.de
Telephone: +4989250039227
www.datenschutzexperte.de
2. Object of data protection
The object of data protection is "personal data". These are all information that relates to an identified or identifiable natural person (so-called data subject). This includes, for example, information such as name, postal address, e-mail address or telephone number.
You will find specific information on the personal data processed by us in the individual data processing operations listed below.
3. Collection and storage of personal data as well as the nature and purpose of their processing:
a. When visiting the website
When you visit our website, information is automatically sent to the server of our website by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion after a few days:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which access is made (referrer URL)
- Website accessed via our website
- Browser used and, if applicable, the operating system of your computer as well as the name of your access provider
We process the data mentioned for the following purposes:
- Ensuring a smooth connection setup of the website Ensuring comfortable use of our website
- Evaluating system security and stability
- For other administrative purposes
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the above-listed purposes for data collection. In no case do we use the collected data to draw conclusions about your person.
In addition, we use cookies and analysis services when you visit our website. For more information, please see sections 5 and 6 of this privacy policy.
b. When ordering a newsletter
If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your email address to regularly send you our newsletter. Providing an email address is sufficient to receive the newsletter.
If you purchase goods or services on our website and provide us with your email address, we may subsequently use it to send you information about similar goods or services. In such a case, the newsletter will only contain direct advertising for our own similar goods or services. The legal basis for the sending of this information following the sale of goods or services is § 7 (3) UWG in conjunction with Art. 6 para. 1 sentence 1 lit. f GDPR.
You can unsubscribe at any time, regardless of whether the sending of the newsletter is based on consent or legal permission, for example, via a link at the end of each newsletter. Alternatively, you can send your request to unsubscribe at any time by email to: info@atoutcosmetics.com. No costs other than the transmission costs at the basic rates will be incurred.
The data necessary for sending the newsletter will be deleted as soon as it is no longer required for the purpose of its collection and to the extent that no other legal authorization exists for its further processing. Your email address will therefore only be stored for sending the newsletter until you revoke your consent or object to receiving the newsletter.
c. When using our contact form and email contact
If you have any questions, we offer you the opportunity to contact us via a form provided on the website. The information about your person, email address, and address is required to be able to respond to your request promptly.
Alternatively, you can contact us via the email address provided. In this case, the personal data transmitted by email will be stored.
The data processing for the purpose of contacting us is Art. 6 para. 1 lit. f GDPR. If the purpose of contacting us is to conclude a contract, Art. 6 para. 1 lit. b GDPR is an additional legal basis for the processing.
The personal data we collect from you will be deleted once we have completed processing your request.
d. When ordering goods and services through our website
With your customer account, accessible with your email address and self-chosen password, you have access to your previous orders and control over your personal data for processing orders at any time.
On your request, we will delete the customer account. Until then, we will store the corresponding data without any time limit so that you can access it at any time. We will block the data related to specific orders after the customer account is deleted (after the warranty period has expired) and delete it after the statutory retention periods have expired.
4. Disclosure of data
We only disclose your personal data to third parties (recipients) if we are legally entitled to do so under data protection law. Below we inform you about the cases in which this may be the case. We may disclose your personal data to third parties (recipients) if:
- you have given us your consent for one or more specific purposes (Art. 6 para. 1 sentence 1 lit. a GDPR)
- processing is necessary for the performance of a contract with you, or for the performance of pre-contractual measures that are carried out at your request (Art. 6 para. 1 sentence 1 lit. b GDPR)
- processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 para. 1 sentence 1 lit. c GDPR)
- processing is necessary to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring the protection of your personal data prevail (Art. 6 para. 1 sentence 1 lit. f GDPR)
Furthermore, we work with service providers, so-called contract processors, to whom we transmit your personal data and who process your data on our behalf and according to our instructions within the meaning of Art. 28 GDPR. These service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. Specifically, these are the following service providers:
Google Analytics
We will forward information about your delivery address as well as your email address to a logistics company commissioned by us for the purpose of processing the purchase contract. To ensure that the goods are delivered according to your wishes, we use your email address to contact you prior to delivery to inform you of the delivery time. Within this email, you also have the opportunity to specify your preferred delivery location or a drop-off location.
5. Cookies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device, nor do they contain viruses, Trojans or other malware.
The cookie stores information that is related to the specific device being used. However, this does not mean that we gain immediate knowledge of your identity.
On the one hand, the use of cookies is intended to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our website.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a certain predetermined period of time. If you visit our website again to use our services, it will automatically be recognized that you have already been with us and which inputs and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 6). These cookies enable us to automatically recognize when you visit our website again that you have already been with us. Instructions on how to delete these cookies can be found in section 6.
The data processed by cookies are necessary for the stated purposes to protect our legitimate interests as well as those of third parties according to Art. 6 para. 1 sentence 1 lit. f DSGVO.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, the complete deactivation of cookies can lead to the fact that you cannot use all functions of our website.
Further information on usage-based online advertising is also available on the consumer portal http://www.meine-cookies.org. On meine-cookies.org you can also deactivate or activate the collection of usage data and view the status of activation with different providers via the following link: http://www.meine-cookies.org/cookies_verwalten/praeferenzmanager-beta.html
We have partnered with Usercentrics to implement Cookiebot on our website. For more information on this partnership, please refer to point 12 below.
6. Analysis tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. a DSGVO. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective purposes of data processing and data categories can be found in the corresponding tracking tools in this section.
Google Analytics
For the purpose of needs-based design and continuous optimization of our websites, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland). In this context, pseudonymous usage profiles are created and cookies (see section 5) are used. The information generated by the cookie about your use of this website, such as:
- browser type/version
- used operating system
- referrer URL (the previously visited website)
- hostname of the accessing computer (IP address)
- time of the server request,
is transmitted to Google servers in the USA and stored there in the context of the data processing agreement we have concluded with Google. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for market research purposes and to design these internet pages according to requirements. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking). Sessions and campaigns are terminated after a certain period of time has elapsed. Sessions are terminated after 30 minutes of inactivity and campaigns after six months at the latest. The time limit for campaigns can be a maximum of two years.
You can prevent the installation of cookies by adjusting your browser software settings; however, please note that if you do so, you may not be able to use all the functions of this website to their full extent.
You can also prevent Google from collecting data generated by the cookie about your use of the website (including your IP address) and processing this data by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). For more information on data protection in connection with Google Analytics, please refer to the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).
7. Social Media
We use Shariff buttons from the social networks Facebook, Instagram, Pinterest, and Youtube on our website. The buttons are simple HTML links. We use the Shariff solution in this context. With the Shariff solution, a script is called up to determine, for example, how often the share button of a page has been clicked: For this purpose, the script contacts the social network via the programming interfaces and retrieves the numbers. Personal data about you is not transmitted. Instead of your IP address, only our server address is transmitted to Facebook, Google, and Twitter. You only come into direct contact with Facebook, Google, or Twitter when you become active. Before that, the social networks cannot collect any data about you. As long as you do not click on a link to share content, you remain invisible to the networks. If you click on the link, the information obligation regarding data collection and processing no longer lies with us, but with the operator of the social network.
8. Rights of data subjects
You have the right:
- to obtain from us confirmation as to whether or not personal data concerning you is being processed, and where that is the case, access to the personal data and the information specified in Article 15 GDPR;
- to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the completion of incomplete personal data, including by means of providing a supplementary statement;
- to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds specified in Article 17 GDPR applies, in particular if the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- to obtain from us restriction of processing where one of the grounds specified in Article 18 GDPR applies, such as if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
- to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us;
- to withdraw your consent at any time if the processing is based on your consent, without affecting the lawfulness of processing based on consent before its withdrawal;
- to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
9. Right to object
Where we process your personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
If you wish to exercise your right to object or withdraw your consent, please send an email to info@atoutcosmetics.com.
10. Further information
We inform you according to Art. 13 para. 2 lit. e GDPR that the provision of your personal data to us is neither a statutory nor a contractual requirement, nor a requirement necessary to enter into a contract, and you are not obliged to provide us with your personal data. The non-provision of personal data has no consequences for you.
According to Art. 13 para. 2 lit. f GDPR, we would like to inform you about the following:
We do not process your personal data for the purposes of automated decision-making.
According to Art. 13 para. 1 lit. f GDPR, we would like to inform you that we do not intend to transfer your personal data to a third country or an international organization.
11. Data security
During your visit to our website, we use the common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
In addition, we use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Updating and changing this privacy policy
This privacy policy is currently valid and has the status of July 2020.
Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed at any time on our website at
info@atoutcosmetics.com