Data protection declaration

2. Definitions

Personal data

"Personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. types of personal data

Access data

Access data is data about each access to the server on which our website is located. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Cookies

Cookies are small files that allow specific information related to the device to be stored on the access device

Input data

If you fill out the contact form on our website or contact us by other means (e.g. telephone, e-mail), we process the personal data that you enter in the respective form or provide to us by other means (e.g. last name, first name, e-mail address, address).

Order and registration data

This is the data you provide for ordering via our online shop and registering as a customer.

4. Purposes of processing

Access data

Our hosting provider collects access data on our behalf for security reasons for fraud and abuse control as well as for statistical recording of website usage. The legal basis for the processing is Art. 6 (1) sentence 1 f) DSGVO. For the processing of the IP address by third-party providers, see section 6.

Cookies

The website uses the following cookies:

Essential Cookies:

Essential cookies enable basic functions and are necessary for the proper functioning of the website. The legal basis for the use of cookies is Art. 6 para. 1 f) DSGVO. Our legitimate interest in collecting data follows from the fact that we require the use of cookies for the purpose of user-friendliness of our website and optimisation of our offers.

Marketing cookies:

Are used by third-party providers or publishers to display personalised advertising. They do this by tracking visitors across the website. More information on the cookies used can be found in the privacy settings for our website, which you can access here. The legal basis for the use of cookies is Art. 6 para. 1 a) DSGVO. You can consent to the use of these cookies within the framework of the data protection settings.

 

Input data

If you use our contact form or provide us with your personal data by other means, we will use it to process your request (legal basis Art. 6 para. 1 sentence 1 a, f) DSGVO). If you communicate with us via e-mail, your e-mails and the personal data communicated therein will be transported on our behalf to the servers of our e-mail hosting provider to be stored on their servers and our servers (legal basis Art. 6 para. 1 sentence 1 a, f DSGVO). Our legitimate interest in collecting data within the meaning of Art. 6 para. 1 f) DSGVO follows from the fact that we cannot process your request (contacting you, processing your request) without your data.

Order and registration data

We process order data for contract processing (legal basis is Art. 6 para. 1 sentence b DSGVO). In addition, we collect usage data such as your IP address for each order for the purpose of fraud and abuse control (legal basis is Art. 6 para. 1 sentence 1 f DSGVO). We process registration data to open and manage your account (legal basis is Art. 6 para. 1 sentence b DSGVO). We process further data in the customer area in order to make your purchase as convenient and time-saving as possible (legal basis is Art. 6 para. 1 sentence 1 f DSGVO).

Service offers by e-mail

As a customer of ours, you will receive service offers from us by e-mail at irregular intervals, provided you have given us an e-mail address. You will receive these offers from us regardless of whether you have subscribed to a newsletter. In this context, we use the e-mail address provided by you in connection with the use of our service to advertise our own services that are similar to those that you have used with us on the basis of a booking you have already made (legal basis is Art. 6 para. 1 sentence 1 f) DSGVO). If you do not wish to receive offers by e-mail, you can object to receiving them at any time at info@reviderm.com and at the end of each offer e-mail, without incurring any costs other than the transmission costs according to the basic rates.

Postal advertising / telephone advertising

We also use your name and address for direct postal advertising (legal basis is Art. 6 para. 1 sentence 1 f) DSGVO). We only undertake telephone advertising measures if you have given your consent to this (legal basis is Art. 6 Para. 1 Sentence 1 f) DSG-VO).

5. Data processing by third parties

Hosting

Our website is operated on the servers of our hosting provider. This provider processes the personal data mentioned in section 3 on our behalf for the operation of our website and for abuse control. The legal basis for this is Art. 6 para. 1 sentence 1 f) DSGVO.

Plug-ins, usage analysis

We integrate various services and content from third-party providers on our website. The integration may result in the processing of your personal data. In addition, the integration of third-party content may result in the transfer of data to countries outside the EU. You can find more information on this under point 6. The legal basis for the integration of the services and content is Art. 6 para. 1 sentence 1 f) DSGVO. Our legitimate interest for data processing follows from the fact that we use the services of third parties for the purpose of user-friendliness of our website and optimisation of our offers.

6. Plug-ins, usage analysis, external media

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (incl. your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout. For more information on terms of use and data protection, please visit support.google.com/analytics/answer/6004245. When visiting our website, you may or may not consent to the use of Google Analytics in the cookie bar or in the privacy settings under "Marketing". If you consent, you give your consent within the meaning of Art. 49 (1) sentence 1 a) DSGVO that your data (IP address, timestamp, user behaviour on our website, if applicable) will be transmitted to Google in the USA and processed there. The ECJ considers the USA to be a country with a level of data protection that is not adequate by European standards. There is a risk of access by US authorities. In addition, we do not know exactly how Google processes your data. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 a) DSGVO.

Google Tag Manager and Remarketing

For easier management of the aforementioned Google tools, we use the Google Tag Manager and Google Remarketing, an advertising analysis tool. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It is only used for administration and the tools integrated via it. Depending on the integrated tool, the Google Tag Manager collects IP addresses of website visitors and passes them on to the Google tools. For more information on the purpose and scope of data collection and its processing by Google, please refer to Google's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy. If you click on "Confirm" at the bottom of the cookie bar when visiting our website without changing the settings regarding Google Tag Manager and Remarketing on the Cookie Settings page, you consent within the meaning of Art. 49 (1) sentence 1 a) DSGVO to your data (IP address, timestamp, user behaviour on our website, if applicable) being transmitted to Google in the USA and processed there. The ECJ considers the USA to be a country with a level of data protection that is not adequate by European standards. There is a risk of access by US authorities. In addition, we do not know exactly how Google processes your data. The legal basis for the use of the Google Tag Manager is Art. 6 para. 1 sentence 1 a DSGVO.

Tracking -Pixel

We currently use the following tracking pixels: Facebook pixel Tracking pixels are small graphics that are automatically loaded when a web page or HTML email is accessed. This allows us to track the behaviour of site visitors after they have been redirected to our website by clicking on a third-party advertisement. This allows us to evaluate the effectiveness of the advertisements for statistical and market research purposes and to optimise future advertising measures. The data collected is anonymised for us as the operator of this website, so we cannot draw any conclusions about the identity of the users. However, the data is processed by the thirdparty providers. This enables a connection to the respective user profile. We cannot influence this use of the data. We have neither influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the third-party providers. The legal basis for the use of the tracking pixels is Art. 6 para. 1 sentence 1 a) DSGVO. In the cookie bar or the data protection settings, you can consent to the use of the Facebook tracking pixel under "Marketing". By doing so, you give your consent within the meaning of Art. 49 (1) sentence 1 a) DSGVO that your data is transmitted to the provider based in the USA and processed there. The ECJ considers the USA to be a country with an inadequate level of data protection according to European standards. There is a risk of access by US authorities. In addition, we do not know exactly how Facebook/Meta Platforms Inc. processes your data. If necessary, you can also prevent the use of pixels by setting your browser software accordingly. Addresses of the pixel provider and URL with data protection information: Meta Platforms, Inc, 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php.

Matelso Tracking

Our website uses a service provided by matelso GmbH, Stuttgart. When you call a number switched for us by ma-telso, information about the call is transferred to a web analysis service used by us (e.g. Google Analytics). matelso also reads cookies set by our analysis service or other parameters of the website you visit, for example referrer, document path, remote user agent. The corresponding information is processed by matelso according to our instructions and stored on servers in the EU. You can find more information at: matelso.com/de/privacy-statement. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

 

External media

Institute finder and Google Maps

You can use our institute finder to find a Reviderm store near you. To do this, you can either click on the "Institute near me" button. You will then be asked if we may collect your location data. If you agree, this data will be collected by Google Maps and you will be shown the Reviderm store closest to your position. You can also click on the interactive map on the www.reviderm.com/institute/institutsfinder.html page or enter the country and postcode/city in the input field. The nearest store will then be displayed. If you then click on "Your route to the institute", you will be redirected to the Google Maps page. There you can then enter the route data. By visiting our website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, to the best of our knowledge, the following information is transmitted to Google: Date and time of the visit to the relevant web page, internet address or URL of the web page accessed, IP address of the access device and, on the Google Maps page, the start and destination address entered as part of the route planning. This is done regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and to exercise this right you must contact Google. Further information on the purpose and scope of data collection and processing by Google can be found in Google's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy. If you click on "Confirm" at the bottom of the cookie bar when visiting our website without changing the settings regarding Google Maps on the Cookie Settings page, you consent to your data (IP address, time stamp, user behaviour on our website, if applicable) being transmitted to Google in the USA and processed there in accordance with Art. 49 (1) sentence 1 a) DSGVO. The ECJ considers the USA to be a country with an inadequate level of data protection according to European standards. There is a risk of access by US authorities. In addition, we do not know exactly how Google processes your data. The legal basis for the use of the Institute Finder and Google Maps is Art. 6 para. 1 sentence 1 f DSGVO. Our legitimate interest in collecting data follows from the fact that we use Google Maps for the purpose of better locating our Reviderm stores and thus optimising our offers. Further information on Google's data protection guidelines can be found at: www.google.com/intl/de/policies/privacy/.

7. Categories of recipients of personal data

Payment provider

If you pay in our online shop by PayPal, credit card or direct debit, your payment information is automatically transmitted to the payment provider for the purpose of payment processing (legal basis is Art. 6 para. 1 sentence 1 f) DSGVO). Regarding the processing by the payment provider, please refer to their privacy policy

Web hosting provider

The data mentioned in section 3 are processed on our behalf and on our instructions by our web hosting provider for the purpose of operating our website and for fraud and misuse control. If you communicate with us via e-mail, your e-mails and the personal data communicated therein will be stored on our behalf on the servers of our web hosting provider (legal basis is Art. 6 para. 1 sentence 1 a, f DSGVO).

IT service provider

Our IT service providers receive access to the data mentioned in section 3 on our behalf and on our instructions, insofar as this is necessary for technical reasons and for website optimisation and system maintenance (legal basis is Art. 6 para. 1 sentence 1 f DSGVO)

Shipping service provider / logistics service provider

If we deliver goods, we use shipping service providers to whom your first and last name and delivery address and, if applicable, with your consent, your telephone number are transmitted (legal basis is Art. 6 para. 1 sentence 1 b DSGVO).

Integration of third-party services and content

With regard to the integration of services and content of third parties on our website and the data transfers in this regard, see section 6.

Tax consultant and auditor

For the purpose of bookkeeping and filing tax returns, we transmit your data to our tax advisors and auditors to the extent necessary (legal basis is Art. 6 para. 1 sentence 1 f DSGVO).

Other recipients

Your data will only be passed on to other third parties in the following cases: - if necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed (legal basis is Art. 6 Para. 1 Sentence 1 f DSGVO); - we are legally obliged to disclose data in connection with official enquiries, court orders or legal proceedings. We work with service providers as processors or joint controllers and have concluded a contract pursuant to Art. 28 or Art. 26 DSGVO.

8. Voluntary provision of data

The provision of personal data when visiting our website is neither legally or contractually required nor necessary for the conclusion of a contract. You are also not obliged to provide personal data when visiting our website, however, access data is collected automatically when you visit our website. If you register as a customer and wish to use our login area, registration data is required.

9. Duration of the processing

Access data

The access data is stored by our hosting provider for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum period of 6 months and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Cookies, third-party providers

If IP addresses are processed by third-party providers, we have no influence on the duration of the processing. You will find the links to the data protection declarations of the third-party providers under point 6. There you can inform yourself about the duration of the processing. In addition, we inform you about the duration of the cookie sessions or cookie runtimes in the cookie bar or data protection settings.

Postal advertising

We will use your personal data for postal advertising until you object to this.

Input data

Personal data that you provide via our forms or communicate to us in any other way will be processed by us for the duration of the processing of your request, unless this data is subject to retention periods under tax and commercial law or consent justifies continued storage. In any case, the data will be stored until the expiry of limitation periods for claims for damages. Order and contract data For evidence purposes, we must retain order data for three years from the end of the year in which the ordered item was delivered. Any claims shall become statute-barred at the earliest at this point in time in accordance with the statutory limitation period. In addition, this data may be subject to longer retention periods under tax and commercial law; these are 6-10 years.

Order and contract data

For evidence purposes, we must retain order data for three years from the end of the year in which the ordered item was delivered. Any claims shall become statute-barred at this point in time at the earliest in accordance with the statutory limitation period. In addition, this data may be subject to longer retention periods under tax and commercial law; these are 6-10 years.

10. Opposition

You have the right to object at any time to the personal data processed on the basis of Art. 6 (1) sentence 1 f) DSGVO, provided that there are grounds for the objection arising from your particular situation. However, your personal data will be further processed if there are compelling legitimate grounds to further process the data that override the interests, rights and freedoms of your person, or if the processing serves the assertion, exercise or defence of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to the processing of personal data for the purpose of such marketing at any time without giving reasons (Art. 21 DSGVO).

11. Further data subject rights

If you have given your consent, you have the right to revoke it. We would like to point out that a revocation does not change the lawfulness of the processing granted until the revocation (no retroactive effect of the revocation).

Within the scope of the GDPR, you have the right to request information free of charge about the personal data we hold about you (Art. 15 GDPR).

Furthermore, in accordance with the GDPR, you have the right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction (Art. 18 GDPR) and transfer (Art. 20 GDPR) of your personal data.

You also have the right to complain to the competent data protection supervisory authorities in justified cases (Art. 77 DSGVO).

You can assert your rights under the GDPR by e-mail or in writing. You can find the contact details of the provider below.

11. Contact details

Provider as responsible body:

REVIDERM AG

Robert-Bosch-Str. 7

DE-82054 Sauerlach

Tel.: (+49) 08104 / 8873-0

Fax +49 08104 / 8873-999

Data Protection Officer:

E-Mail: datenschutz@reviderm.com

Data protection supervisory authority:

Bavarian State Office for Data Protection Supervision

Postal address

PO Box 606

91511 Ansbach

Germany

Telephone: +49 (0) 981 53 1300

Telefax: +49 (0) 981 53 98 1300

E-Mail:poststelle@lda.bayern.de

A list of all data protection supervisory authorities with contact details can be found here: www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html

 

As of April 2023