(Version: September 2019)
CUTIFEM COSMETICS takes the protection of your personal data very seriously. The following data protection information will inform you about how we handle your data and about your rights regarding your personal data.
1. Person responsible (controller)
Controller within the meaning of the EU General Data Protection Regulation (GDPR) is: CUTIFEM COSMETICS GMBH, Friedrichstraße 171, 10117 Berlin, Germany Phone: +49 30 21459-450 (standard landline rates apply), Fax: +49 30 21459-453 E-Mail: firstname.lastname@example.org
2. Visiting our website
You can visit our website without disclosing any personal information. Every time you visit our website, our webserver temporarily stores the following access data and information within a so called server log file:
- date, time and frequency of the processing request
- IP-address assigned to your computer by the access provider
- website, hyperlink, application e.g. of the processing request
- quantaty of transferred data
- name and URL of the requested files
- message whether file access was succesful
- identification data of your browser and operating system you use
- name of the requesting provider
These data will be used solely to ensure a smooth and secure operation of the website and analysed for the purpose of improving our website. We also reserve the right to check the log files via the last known IP address of such users who, based on certain facts, are suspected of using our website illegally or in breach of contract. The record will only be used for this purposes and will be deleted after six months.
The legal basis for this data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract, and Art. 6 (1) (f) GDPR, which allows the processing of data because of our legitimate interest to optimize the functionality of our website, to make sure that the website is displayed correctly and to ensure the systems security and technical administration of network infrastructure.
3. Data security
We have implemented technical and organisational measures to ensure that that the regulations governing data protection are observed by CUTIFEM COSMETICS as external service providers. This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of personal data and other confidential content (such as orders in our online shop or the inquiries you send to us as the site operator). You can recognize an encrypted connection by the string “https://” and the lock icon displayed in your browser’s address bar.
Some of the cookies we use are deleted after you close your browser (so-called session cookies). Other cookies are stored on your hard disk and enable us to recognise your browser when you visit our website again (so-called persistent cookies). Persistent cookies will automatically be deleted after a certain time that varies depending on the cookie.
The legal basis for data processing using cookies is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract, and Art. 6 (1) (f) GDPR, which allows the processing of data because of our legitimate interest to ensure the best functionality of our website for the user and an as customer-friendly design of the ordering process as possible.
Please note that disabling of functional cookies may limit your access to some features of our website, such as the registered customer and shopping cart function.
5. Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Trustmark and the collected reviews as well as to offer Trusted Shops products to buyers after an order.
This is necessary to safeguard our legitimate prevailing interests in an optimal marketing by ensuring the safety of your purchase according to Art. 6 (1) (f)GDPR. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH (herinafter called: Trusted Shops), Subbelrather Str. 15C, 50823 Cologne, Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. Trusted Shops uses also service provider from the USA. An adequate level of data protection is guaranteed. Further information to the data security of Trusted Shops can be found here: https://www.trustedshops.co.uk/imprint/
When the Trustbadge is called up, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security problems. The log files are automatically deleted 90 days after creation at the latest.
6. Contact by e-mail
When you contact us by e-mail all personal data you send us, will only be stored and used for purposes of contacting you and answering your questions and concerns. The legal basis for this data processing is Art. 6 (1) (f) GDPR, which allows the processing of data because of our legitimate interest in processing your request. In case you contact us with the intention to conclude an agreement we also store your data pursuant to Art. 6 (1) (b) GDPR. After final processing of your request, we will delete the received data, unless the deletion conflicts with legal or contractual obligations to retain data.
6. Data processing in regards to custumer registration and order process
Personal data is processed for the purpose of contract processing if you voluntarily provide it to us registering for our services. Which data is collected is evident from the input form. You may choose whether to provide this information. Mandatory information requested (marked with an asterisk *) must be provided in full to complete the order or registration.
The legal basis for this data processing is Art. 6 (1) (b) GDPR. Your e-mail address is additionally used according to Art. 6 (1) © GDPR, because it is necessary to send you our order confirmation. In addition we store the IP address regarding your order to protect us in the case of internet fraud, Art .6 (1) (f) GDPR. We delete this IP address at the end of a period of six month from the date of your oder.
After complete processing of the contract or deletion of your custumer account, your data will be restricted for further processing and deleted after expiry of the storage periods under tax and commercial law, unless you have expressivly consented to further use of your data beyond this.
7. Postal advertising
Due to our legitimate interest in sending personalized postal mail for the purpose of advertising and in accordance with Art. 6 (1) (f) GDPR we reserve the right to store and use your first and last name and your postal address, as well as your optionally provided information about a possible academic title and company, for our own advertising purposes, e.g. to send you interesting offers and information about our products by post.
8. Data transfer in the course of processing the order
Personal data as part of the implementation and fulfilment of contracts is only used and processed within the scope of the necessity to fulfil the contract. In accordance with Art. 6 (1) (b) GDPR we will pass on the data required for the fulfilment of the contract to the shipping company assigned with the delivery, if this is necessary for the delivery of the ordered goods.
Depending on which payment service provider you select during the order process, we pass on the necessary data for the processing of payments to the credit institution assigned with the payment, and if applicable, to payment service providers assigned by us or to the selected payment service. The legal basis for this data processing is Art. 6 (1) (b) GDPR. In some cases, the selected payment service providers also collect this data themselves if you create an account there. In this case, you must log in to the payment service provider with your access data during the ordering process. The data protection declaration of the respective payment service provider applies in this respect.
9. Your rights
As a data subject, you have the following rights:
in accordance with art. 15 GDPR,
you have the right to request information about your personal data processed by us to the extent described therein;
in accordance with art. 16 GDPR,
you have the right to demand the immediate correction of incorrect or complete personal data stored by us;
in accordance with art. 17 GDPR,
you have the right to request the deletion of your personal data stored with us, unless further processing is required to exercise freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims;
in accordance with art. 18 GDPR,
you have the right to request the restriction of the processing of your personal data, insofar as the correctness of the data is denied by you, the processing is unlawful, but you refuse to delete it, we no longer need the data, but you do need it to assert, exercise or defend legal claims or you have lodged an objection to the processing pursuant to art. 21 GDPR;
in accordance with art. 19 GDPR,
you have the right to be informed on your request about each recipient to whom your personal data have been disclosed;
in accordance with art. 20 GDPR,
you have the right to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible, if this is technically possible;
in accordance with art. 7 (3) GDPR,
you have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
in accordance with art. 77 GDPR,
you have the right to complain to a supervisory authority. You can also contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.
Right of objection
Insofar as we process personal data as described above in order to protect our legitimate interests that are overriding in the process of balancing of interests, you have the right to object to this processing on compelling legitimate grounds relating to your particular situation at any time with effect for the future.
After exercising your right of objection, we will not process the data concerned any further for these purposes, unless we can prove compelling and legitimate grounds for this processing, which outweigh your interests, fundamental rights and freedoms, or if the processing is essential for the purpose of establishing, exercising or defending legal claims.
If the data is processed for direct marketing purposes, you have the right to object to such processing, as described above, at any time with effect for the future. If you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
10. Duration of storage and deletion of personal data
The duration of the storage of personal data depends on the existing legal archival requirements (such as retention periods relating to commercial or tax law). After expiry of the various statutory retention periods all personal data will be deleted immediately, if the data are no longer necesssary for contract processing, contract initiation and/or there s no other legitimate interest for continued storage or in the case that you have expressivly consented to further use of your data beyond this.