Data protection declaration

2. Definitions

Personal data

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

3. Kinds of personal data

Access data

In case we conclude a supplier contract, we process the personal data that you provide to us, such as first and last name of managing directors and employees, e-mail addresses, fax numbers, addresses, account details, VAT identification number, information about the small business owner, if necessary. We also process commercial data (purchase prices, turnover etc.).

Cookies

Cookies are small files that allow specific information related to the device to be stored on the access device.

Input data

If you register with us as a customer, fill out the contact form on our website or contact us by other means (e.g. telephone, e-mail), we process the personal data that you enter in the respective form or provide to us by other means (e.g. surname, first name, e-mail address, address).

4. Purposes of processing

Access data

Our hosting provider collects access data on our behalf for security reasons to control fraud and abuse and for statistical recording of website use. The legal basis for the processing is Art. 6 (1) sentence 1 f DSGVO. For processing of the IP address by third-party providers, see section 6.

Cookies

On the one hand, cookies serve the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they can be used to collect statistical data on website use and to be able to analyse it for the purpose of improving our offers.

The legal basis for the use of cookies is Art. 6 para. 1 f DSGVO. Our legitimate interest in collecting data follows from the fact that we require the use of cookies for the purpose of user-friendliness of our website and optimisation of our offers.

Position data

If you use our institute finder, your position data (geographical coordination data) may be collected. Further information on this can be found in section 6.

Input data

If you register as a customer, we use your personal data for the administration of your account (legal basis Art. 6 para. 1 sentence 1 b DSGVO). If you use our contact form or provide us with your personal data by other means, we will use it to process your request (legal basis Art. 6 para. 1 sentence 1 a, f DSGVO). If you communicate with us via e-mail, your e-mails and the personal data communicated therein will be transported on our behalf to the servers of our e-mail provider Space.Net AG in order to be stored on our servers (legal basis Art. 6 para. 1 sentence 1 a, f DSGVO).

Our legitimate interest in collecting data within the meaning of Art. 6 para. 1 f DSGVO follows from the fact that we cannot process your request (registration, contact, order processing) without your data.

5. Data processing by third parties

Hosting

Our website is operated on the servers of the hosting provider Space.Net AG. This company processes the personal data mentioned under point 3 on our behalf for the operation of our website and for abuse control. The legal basis for this is Art. 6 para. 1 sentence 1 f DSGVO.

Plug-ins, usage analysis

We integrate various services and content from third-party providers on our website. The integration may result in the processing of your personal data. In addition, the integration of third-party content may result in the transfer of data to countries outside the EU. You can find more information on this under point 6.

The legal basis for the integration of the services and content is Art. 6 para. 1 sentence 1 f DSGVO. Our legitimate interest for data processing follows from the fact that we use the services of third parties for the purpose of user-friendliness of our website and optimisation of our offers.

6. Google Analytics, Institute Finder and Google Maps

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout

We would like to point out that on this website Google Analytics has been extended by the code "gat. anonymizeIp();" to ensure anonymised collection of IP addresses (so-called IP masking).

You can find more information on the terms of use and data protection at support.google.com/analytics/answer/6004245.

Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 f DSGVO. Our legitimate interest in collecting data follows from the fact that we require the use of Google Analytics for the purpose of optimising our offers.

Institute finder and Google Maps

You can use our institute finder to find a Reviderm store near you. To do this, you can either click on the "Institute near me" button. You will then be asked if we may collect your location data. If you agree, this data will be collected by Google Maps and you will be shown the Reviderm store closest to your position. You can also click on the interactive map on the www.reviderm.com/institute/institutsfinder.html page or enter the country and postcode/city in the input field. The nearest store will then be displayed. If you then click on "Your route to the institute", you will be redirected to the Google Maps page. There you can then enter the route data. By visiting our website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, according to our knowledge, the following information is transmitted to Google: Date and time of the visit to the relevant website, internet address or URL of the website accessed, IP address of the access device and, on the Google Maps page as part of route planning, the start and destination address entered. This is done regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

For more information on the purpose and scope of data collection and processing by Google, please refer to Google's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy.

Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

The legal basis for the use of the Institute Finder and Google Maps is Art. 6 para. 1 sentence 1 f DSGVO. Our legitimate interest in collecting data follows from the fact that we use Google Analytics for the purpose of better locating our Reviderm stores and thus optimising our offers.
 

7. Voluntary provision of data

The provision of personal data when visiting our website is neither legally or contractually required nor necessary for the conclusion of a contract. You are also not obliged to provide personal data when visiting our website, however, access data is collected automatically when you visit our website. If you wish to register as a customer, registration data is required.

8. Duration of the processing

Access data, cookies

Access data is stored by our hosting provider for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum period of 6 months and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

If IP addresses are processed by third-party providers, we have no influence on the duration of the processing. You can find the links to the data protection declarations of the third-party providers under point 6. There you can inform yourself about the duration of the processing.

Input data

We process personal data that you provide via our forms or communicate to us in any other way for the duration of the processing of your request, provided that this data is not subject to the retention periods under tax and commercial law or consent justifies continued storage.

9. Right to object

Based on Article 6 (1) sentence 1 f GDPR, you have the right to object at any time against the personal data processed, provided there are reasons for the objection, which arise from your particular situation. However, your personal data will be further processed, if there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of you as a person or for the establishment, exercise or defence of legal claims.

10. Other data subject rights

If you have given your consent, you have the right to withdraw it. We point out that a revocation does not change the legality of the processing given until the revocation (no retroactive effect of the revocation).

You have the right, within the framework of the GDPR, to obtain information about us from us free of charge about existing personal data concerning you (Art. 15 GDPR).

Furthermore, you have the right to correction in accordance with the GDPR (Art. 16 DSGVO), deletion (Art. 17 GDPR), restriction (Art. 18 GDPR) and transfer (Art. 20 GDPR) of your personal data.

You also have the right to contact the data protection supervisory authority responsible for us in justified cases to complain (Art. 77 GDPR).

You can exercise your rights under the GDPR by e-mail or in writing. The contact details of the authority can be found below.

11. Contact details

Responsible:

REVIDERM AG
Robert-Bosch-Str. 7
DE 82054 Sauerlach
Tel .: (+49) 08104/8873 0
Fax +49 08104/8873 999
E-Mail: datenschutz@reviderm.com
Data protection officer:
E-Mail: datenschutz@reviderm.com

Data protection supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht
(Bavarian State Office for Data Protection Supervision)
Postal address
Postfach 606
91511 Ansbach
Deutschland / Germany
Telephone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
E-Mail: poststelle@lda.bayern.de

As of September 2020