Privacy policy

Privacy Notice for our Social Media Profiles

1. Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. For detailed information on data protection, please refer to our privacy policy listed below this text.

Data Collection on this Website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section “Responsible Entity” in this privacy policy.

How do we collect your data?

Your data is collected partly when you provide it to us, for example by entering information in a contact form.

Other data is collected automatically or with your consent when you visit the website through our IT systems. This primarily includes technical data (e.g., web browser, operating system, or time of page access). Collection of this data occurs automatically as soon as you access this website.

What do we use your data for?

Some of the data is collected to ensure the website is provided correctly. Other data can be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time for the future. Additionally, you have the right to request the restriction of processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For these rights or any other questions regarding data protection, you may contact us at any time.

Analytics Tools and Third-Party Tools

When visiting this website, your browsing behaviour may be statistically analysed. This is mainly done using so-called analytics programs.

Detailed information about these analytics programs can be found in the following privacy policy.

2. Hosting

We host the contents of our website with the following provider:

Host Europe

The provider is Host Europe GmbH, Hansestraße 111, 51149 Cologne, Germany (hereinafter “Host Europe”). When you visit our website, Host Europe collects various log files, including your IP addresses.

For details, please refer to Host Europe’s privacy policy: https://www.hosteurope.de/AGB/Datenschutzerklaerung/.

The use of Host Europe is based on Article 6(1)(f) GDPR. We have a legitimate interest in a reliable presentation of our website. If applicable consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes storing cookies or accessing information on the user’s device (e.g., for device fingerprinting). Consent can be revoked at any time.

Order Processing

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a data protection law-required contract that ensures that the service processes personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General Information and Mandatory Details

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can identify you personally. This privacy policy explains which data we collect and for what purpose. It also explains how and why this is done.

Please note that data transmission over the Internet (e.g., communication via email) may have security gaps. Complete protection of data from access by third parties is not possible.

Responsible Entity

The responsible entity for data processing on this website is:

wekama GmbH
Adalbert-Stifter Straße 25
84424 Isen, Germany

Telephone: 0841 23236409
E-mail: ingolstadt@california-skin.de

The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period is indicated in this privacy policy, your personal data will remain with us until the purpose of data processing no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons to store your personal data (e.g., tax or commercial retention periods); in the latter case, deletion occurs after these reasons cease to apply.

General Notes on Legal Basis of Data Processing

If you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR if special categories of data under Article 9(1) GDPR are processed. In the case of explicit consent for transferring personal data to third countries, data processing also takes place on the basis of Article 49(1)(a) GDPR. If you consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is additionally based on § 25(1) TDDDG. Consent can be revoked at any time. If your data is required for the performance of a contract or pre-contractual measures, we process your data based on Article 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to comply with a legal obligation on the basis of Article 6(1)(c) GDPR. Data processing may also be based on our legitimate interest under Article 6(1)(f) GDPR. The relevant legal basis in each case is explained in the following sections of this privacy policy.

Recipients of Personal Data

As part of our business activities, we work with various external parties. In some cases, it may be necessary to transmit personal data to these external parties. We only pass on personal data to external parties if it is necessary for fulfilling a contract, if we are legally obliged to do so (e.g., disclosure to tax authorities), if we have a legitimate interest under Article 6(1)(f) GDPR, or if another legal basis allows the data transfer. When using order processors, we only pass on customer personal data based on a valid contract for order processing. In cases of joint processing, a joint processing contract is concluded.

Withdrawal of Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can withdraw previously given consent at any time. The legality of the data processing carried out until the withdrawal remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to Lodge a Complaint with a Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or place of the alleged violation. This right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or to fulfil a contract, in a commonly used, machine-readable format. If you request direct transmission of the data to another controller, this will only be done if technically feasible.

Right of Access, Rectification, and Deletion

You have the right, within the applicable legal provisions, to obtain free information about your stored personal data, its origin, recipients, and the purpose of data processing, and, where applicable, the right to correct or delete this data. For this or any other questions regarding personal data, you may contact us at any time.

Right to Restrict Processing

You have the right to request restriction of the processing of your personal data. You may contact us at any time to exercise this right. The right to restriction of processing applies in the following cases:

• If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. During this verification period, you have the right to request restriction of processing.
• If the processing of your personal data was/ is unlawful, you can request restriction instead of deletion.
• If we no longer need your personal data, but you need it for the exercise, defence, or enforcement of legal claims, you have the right to request restriction instead of deletion.
• If you have filed an objection under Art. 21(1) GDPR, a balance must be struck between your interests and ours. Until it is determined whose interests prevail, you have the right to request restriction of processing.

If you have restricted the processing of your personal data, such data may only be processed – apart from storage – with your consent or for the assertion, exercise, or defence of legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

SSL / TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator. You can identify an encrypted connection by the “https://” in the browser address bar and the lock symbol.

When SSL/TLS encryption is active, data you transmit to us cannot be read by third parties.

4. Data Collection on This Website

Cookies

Our website uses so-called “cookies”. Cookies are small data packets and do not cause any harm to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain on your device until you delete them yourself or they are automatically removed by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third parties within websites (e.g., cookies for processing payment services).

Cookies serve different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or video playback). Other cookies can be used to analyse user behaviour or for advertising purposes.

Cookies that are required to carry out electronic communication, to provide certain functions requested by you (e.g., for the shopping cart function), or to optimise the website (e.g., cookies to measure web traffic) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is indicated. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. If consent has been obtained for the storage of cookies and similar recognition technologies, processing takes place solely on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent can be revoked at any time.

You can configure your browser to inform you about cookie usage and to allow cookies only in individual cases, to block acceptance of cookies for specific situations or in general, and to activate automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Which cookies and services are used on this website can be found in this privacy policy.

Consent via Usercentrics

This website uses the consent technology provided by Usercentrics to obtain your consent for the storage of certain cookies on your device or for the use of certain technologies and to document this in a GDPR-compliant manner. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).

When you visit our website, the following personal data is transmitted to Usercentrics:

• Your consent(s) or withdrawal of consent(s)
• Your IP address
• Information about your browser
• Information about your device
• The time of your visit to the website
• Geolocation

In addition, Usercentrics stores a cookie in your browser to assign the consents granted or withdrawn. The data collected in this way is stored until you request deletion, delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.

The use of Usercentrics is intended to obtain legally required consents for the use of certain technologies. The legal basis for this is Art. 6(1)(c) GDPR.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the service mentioned above. This is a legally required agreement that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Server Log Files

The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

These data are not merged with other data sources.

The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimisation of its website – for this, server log files must be recorded.

Contact Form

If you submit enquiries to us via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of handling the enquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your enquiry is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if obtained; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose of data storage no longer applies (e.g., after your enquiry has been fully processed). Mandatory legal requirements, in particular retention periods, remain unaffected.

Enquiries via Email, Telephone or Fax

If you contact us by email, telephone, or fax, your enquiry, including all personal data arising from it (name, enquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your enquiry is related to the performance of a contract or necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if obtained; consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request deletion, revoke your consent to storage, or the purpose of data storage no longer applies (e.g., after your enquiry has been fully processed). Mandatory legal requirements, particularly statutory retention periods, remain unaffected.

ProvenExpert

We have integrated review badges from ProvenExpert on this website. The provider is Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, https://www.provenexpert.com.

The ProvenExpert badge allows us to display customer reviews submitted about our company on ProvenExpert on our website in a badge format. When you visit our website, a connection with ProvenExpert is established, allowing ProvenExpert to determine that you have visited our website. ProvenExpert also collects your language settings to display the badge in the selected language.

The use of ProvenExpert is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in presenting customer reviews as transparently as possible. If appropriate consent has been obtained, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, as far as consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TDDDG. Consent can be revoked at any time.

Matelso

We use the call tracking technology of MaTelSo GmbH, Heilbronnerstr. 150, 70191 Stuttgart (“Matelso”), based on our legitimate interests (i.e., to ensure the quality of our online services). The phone number provided on our website is a so-called call tracking number, which records, stores, and transmits the time, date, call acceptance, call duration, and phone numbers of both parties to Matelso and the called participant for the purpose of measuring advertising effectiveness. Further information can be found in Matelso’s privacy policy: https://www.matelso.com/de/privacy-statement.

You can prevent call tracking and the collection of the above-mentioned data by calling the number provided in the legal notice. You can additionally prevent the collection of your phone number by calling anonymously using a “hidden number”.

5. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It merely serves to manage and deliver the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on their website. If the relevant consent has been requested, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be found on the provider’s website via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. The operator receives various usage data, such as page views, time spent on pages, operating systems used, and the user’s origin. These data are assigned to the user’s device. A linkage to a user ID does not take place.

Furthermore, Google Analytics can record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the collected data sets and applies machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be found on the provider’s website via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

IP Anonymisation

IP anonymisation is enabled on this website. This means that your IP address is shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the website operator, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Further information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Data Processing Agreement

We have concluded a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms into Google (keyword targeting). Targeted advertisements can also be displayed based on user data held by Google (e.g. location data and interests) (audience targeting). As the website operator, we can analyse this data quantitatively, for example to determine which search terms led to the display of our ads and how many resulted in corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be found on the provider’s website via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, both Google and we can recognise whether users have carried out certain actions. For example, we can evaluate how often specific buttons on our website are clicked and which products are viewed or purchased most frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our advertisements and which actions they carried out. We do not receive any information that personally identifies users. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be withdrawn at any time.

More information about Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be found on the provider’s website via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Meta Pixel (formerly Facebook Pixel)

This website uses the visitor action pixel (Meta Pixel) from Facebook/Meta for conversion measurement. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the collected data may also be transferred to the United States and other third countries.

This allows the behaviour of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook advertisement. This enables the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and to optimise future advertising measures.

The data collected is anonymous to us as the operator of this website; we cannot identify users. However, the data is stored and processed by Facebook, allowing it to be linked to the respective user profile, and Facebook may use it for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://en-gb.facebook.com/about/privacy/). This enables Facebook to display advertisements on and outside Facebook. We as website operators have no control over this use of data.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be withdrawn at any time.

We use the “advanced matching” feature within the Meta Pixel.

Advanced matching allows us to transmit various types of data (e.g. address, county, postcode, hashed email addresses, names, gender, date of birth or phone numbers) of our customers and prospects collected via our website to Meta (Facebook). This activation enables us to tailor our Facebook advertising campaigns even more precisely to people interested in our offers. Advanced matching also improves the assignment of website conversions and expands custom audiences.

Where personal data collected via this tool is transmitted to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited solely to the collection of data and its transmission to Facebook. Any subsequent processing by Facebook is not part of the joint responsibility. The jointly agreed obligations are set out in an agreement on joint processing, the wording of which is available at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy information when using the Facebook tool and for implementing the tool securely on our website. Facebook is responsible for the data security of its products. You may exercise data subject rights (e.g. access requests) directly with Facebook. If you exercise your rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://en-gb.facebook.com/help/566994660333381.

Further information about how Facebook protects your privacy can be found in its privacy policy: https://en-gb.facebook.com/about/privacy/.

You can also deactivate the “Custom Audiences” remarketing feature in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do so.

If you do not have a Facebook account, you can deactivate Facebook-based advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/uk/your-ad-choices/.

The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be found on the provider’s website via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.

6. Newsletter

Newsletter Data

If you wish to subscribe to the newsletter offered on our website, we require an email address from you as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No further data is collected, or only on a voluntary basis. We use newsletter service providers, which are described below, for the handling of the newsletter.

Rapidmail

This website uses Rapidmail for sending newsletters. The provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany.

Rapidmail is a service that enables the organisation and analysis of newsletter distribution. The data you enter for the purpose of subscribing to the newsletter is stored on Rapidmail’s servers in Germany.

Data Analysis by Rapidmail

For analytical purposes, the emails sent via Rapidmail contain a so-called “tracking pixel” which connects to the Rapidmail servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened.

Furthermore, we can use Rapidmail to determine whether and which links in the newsletter message are clicked. All links in the email are tracking links that enable your clicks to be counted. If you do not wish to be analysed by Rapidmail, you must unsubscribe from the newsletter. We provide an appropriate link for this purpose in every newsletter message.

For more details about Rapidmail’s analytical functions, please visit the following link: https://de.rapidmail.wiki/kategorien/statistiken/.

Legal Basis

The processing of data takes place on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage Period

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter, either with us or with the newsletter service provider, and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected.

After unsubscribing from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.

For more information, please refer to Rapidmail’s data security information: https://www.rapidmail.de/datensicherheit.

Commissioned Data Processing

We have concluded a Data Processing Agreement (DPA) with the above-mentioned service provider. This is a contract required under data protection law that ensures that this provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

7. Plugins and Tools

YouTube

This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our web pages that includes a YouTube video, a connection to the YouTube servers is established. In doing so, the YouTube server is informed which of our pages you have visited.

YouTube may also store various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve user experience, and prevent fraud attempts.

If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR. Where corresponding consent has been requested, processing takes place solely on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Further information on how user data is handled can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards for data processing in the US. Each company certified under the DPF commits to upholding these data protection standards. For more information, please visit the provider’s website: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

External Fonts (Proxy Server)

Google Fonts

This site uses so-called web fonts provided by Google to ensure the uniform presentation of fonts. The Google Fonts are delivered via a proxy server provided by webhelps! Online Marketing GmbH, which does not collect, use, or forward any access data. No connection to Google’s servers is established in this process.

For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and Google’s Privacy Policy: policies.google.com/privacy.

Font Awesome

This site uses Font Awesome fonts to display icons. Font Awesome fonts are delivered via a proxy server provided by webhelps! Online Marketing GmbH, which does not collect, use, or forward any access data. No connection to the servers of Fonticons, Inc. takes place.

For more information about Font Awesome, please refer to the Font Awesome Privacy Policy: fontawesome.com/privacy.

Online Appointments with Shore

We offer patients the option to book an appointment for our consultation online via our website or the portal https://www.shore.com/de/impressum/. To do this, we use the service provided by Shore GmbH, Ridlerstraße 31, 80339 Munich, Germany. The system displays available times in our appointment calendar. To use the service, you must enter certain personal data and agree to the current privacy policy of Shore GmbH during the booking process. The data you enter into the form will be transmitted exclusively for the purpose of scheduling appointments and for sending appointment-related information (e.g. appointment confirmation) to Shore GmbH, processed there, and automatically forwarded to us. Shore GmbH does not pass on the data to third parties for advertising or other commercial purposes. Please also refer to the privacy policy of Shore GmbH: https://www.shore.com/de/datenschutz/

TRUSTINDEX

To display customer reviews from various review platforms, this website uses a function provided by Trustindex Ltd., Lechner Ödön fasor 3. A/2/3., 1095 Budapest, Hungary, hereinafter “Trustindex”.

When a page containing the Trustindex component is accessed, a connection is established to the Trustindex server to display the reviews. Through this connection, Trustindex can identify from which website the request was sent and to which IP address the display is transmitted.

We have concluded a Data Processing Agreement with Trustindex.

CLEANTALK

This website uses anti-spam plugins from CleanTalk. The provider is CleanTalk Inc, 711 S Carson Street, Suite 4, Carson City, NV, 89701, USA (hereinafter “CleanTalk”).

CleanTalk protects our website from spam activities (e.g. prevention of unsolicited advertising, unwanted messages, or comments). For this purpose, CleanTalk collects various personal data such as IP address, email address, sender’s nickname, information about JavaScript technology in the sender’s browser, and the entered text.

This information is transferred to and stored on a CleanTalk server in the EU.

For security reasons and to protect against spam, your data is processed in the CleanTalk Cloud Service and stored in log files for a maximum of 31 days. After this period, the data is completely deleted.

The use of CleanTalk is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible from spam activities. Where consent has been requested, processing takes place solely on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device within the meaning of the TDDDG. Consent can be revoked at any time.

The transfer of data to the United States is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://cleantalk.org/publicoffer#privacy.

Our Social Media Profiles

This Privacy Policy Applies to the Following Social Media Profiles

• https://www.facebook.com/california.skin/?locale=de_DE
• https://www.instagram.com/california.skin.ingolstadt/
• https://www.youtube.com/@californiaskin6316

Data Processing by Social Networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks such as Facebook, X, etc., can generally analyse your user behaviour extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media profiles triggers numerous data processing operations relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media platform can assign this visit to your user account. Your personal data may also be collected even if you are not logged in or do not have an account on the respective social media platform. In this case, data collection occurs, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media platforms can create user profiles in which your preferences and interests are stored. This allows interest-based advertising to be displayed to you both on and outside the respective social media presence. If you have an account on the respective social network, interest-based advertising may be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media platforms. Depending on the provider, additional processing operations may be carried out by the operators of the social media platforms. For details, please refer to the terms of service and privacy policies of the respective social media platforms.

Legal Basis

Our social media profiles are intended to ensure as comprehensive a presence on the Internet as possible. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6(1)(a) GDPR).

Controller and Assertion of Rights

If you visit one of our social media profiles (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during your visit. You may assert your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) in principle both against us and against the operator of the respective social media platform (e.g., Facebook).

Please note that, despite joint responsibility with the social media platform operators, we do not have full influence over the data processing operations of the social media platforms. Our options are primarily determined by the company policies of the respective provider.

Storage Period

The data directly collected by us via the social media presence will be deleted by our systems as soon as you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.

We have no influence over the storage duration of your data that is stored by the social network operators for their own purposes. For details, please refer directly to the operators of the social networks (e.g., in their privacy policies, see below).

Your Rights

You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to object, to data portability, and to lodge a complaint with the competent supervisory authority. Furthermore, you can request the correction, blocking, deletion, and under certain circumstances, the restriction of processing of your personal data.

Social Networks in Detail

Facebook

We maintain a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter “Meta”). According to Meta, the data collected may also be transferred to the USA and other third countries.

We have entered into a joint controller agreement with Meta (Controller Addendum). This agreement specifies which data processing operations we and Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can independently adjust your advertising settings in your user account. To do so, click the following link and log in:https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

For further details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the US. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Instagram

We maintain a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381.

For details on how your personal data is handled, please refer to Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the US. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

YouTube

We maintain a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how your personal data is handled can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the US. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active