1) Information on the collection of personal data and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we would like to inform you about how we handle your personal data when you use our website. Personal data are all data with which you can be personally identified.
1.2 The person responsible for data processing on this website in terms of the Data Protection Basic Regulation (DSGVO) is twinflower beauty & lifestyle GmbH, Karlsbader Str. 26, 34134 Kassel, Germany, Tel.: +49 561 9979 2802, E-Mail: firstname.lastname@example.org. The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential contents (e.g. orders or requests to the person responsible), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.
2) Data collection when visiting our website
If you use our website for informational purposes only, i.e. if you do not register or provide us with information in any other way, we only collect the data that your browser sends to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website:
- Our visited website
- date and time at the time of access
- quantity of the transmitted data in Byte
- Source/reference from which you accessed the page
- Browser in use
- Used operating system
- Used IP address (if necessary: in anonymous form)
The processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of illegal use.
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit us (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 Para. 1 lit. b DSGVO either for the execution of the contract, in accordance with Art. 6 Para. 1 lit. a DSGVO in the case of a granted consent or in accordance with Art. 6 Para. 1 lit. f DSGVO to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
Under certain circumstances, we work together with advertising partners who help us to make our Internet offer more interesting for you. For this purpose, cookies from partner companies are also stored on your hard disk when you visit our website (cookies from third parties). If we work with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following paragraphs.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for each browser under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that the functionality of our website may be limited if cookies are not accepted.
Personal data is collected when you contact us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f DSGVO. If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after the final processing of your request. This is the case if it can be concluded from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
5) Data processing when opening a customer account and for contract processing
In accordance with Art. 6 Para. 1 lit. b DSGVO, personal data will continue to be collected and processed if you provide us with this information for the purpose of implementing a contract or opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the person responsible. We store and use the data you provide us with for the purpose of processing the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us.
6) Data processing for order processing
6.1 In order to process your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery within the framework of the contract processing, insofar as this is necessary for the delivery of the goods. Your payment data will be passed on to the assigned credit institute within the scope of the payment processing, as far as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b DSGVO.
6.2 Transfer of personal data to shipping service providers
If the goods are delivered by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany), we will pass on your e-mail address to DHL in accordance with Art. 6 para. 1 lit. a DSGVO before the goods are delivered for the purpose of agreeing on a delivery date or for announcing delivery, provided that you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Art. 6 para. 1 lit. b DSGVO. This information is only passed on to the extent necessary for the delivery of the goods. In this case a prior coordination of the delivery date with DHL or the delivery announcement is not possible.
The consent can be revoked at any time with future effect vis-à-vis the above-mentioned person in charge or vis-à-vis the transport service provider DHL.
6.3 Use of payment service providers (payment services)
If you pay via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, we will pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”), within the scope of the payment processing. The data will be passed on in accordance with Art. 6 para. 1 lit. b DSGVO and only to the extent necessary for the processing of payments.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal. For this purpose, your payment data may be passed on to credit agencies pursuant to Art. 6 para. 1 lit. f DSGVO on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit assessment with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary to process your payment in accordance with the contract.
If you choose a payment method from the payment service provider Stripe, the payment will be processed via the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we will pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b DSGVO. Your data will be passed on exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. You can find more information about the data protection of Stripe under the URL https://stripe.com/de/privacy#translation.
7) Use of evaluation and test seal graphics
Trusted Shops Trust Badge
To display our Trusted Shops seal of approval and to offer the Trusted Shops membership to buyers after an order, the Trusted Shops trust badge is integrated on this website.
This serves the protection of our in the context of a balancing of interests predominant legitimate interests in an optimal marketing of our offer, art. 6 exp. 1 lit. f DSGVO. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When the trust badge is called up, the web server automatically saves a so-called server log file, which contains e.g. your IP address, date and time of the call, transferred data volume and the requesting provider (access data) and documents the call. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your visit to the site.
Other personal data is only transmitted to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered for use. In this case the contractual agreement between you and Trusted Shops applies.
8) Web analysis services
Google (Universal) Analytics
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google (Universal) Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website (including the abbreviated IP address) is usually transferred to a Google server and stored there. This may also result in a transfer to the servers of Google LLC. in the USA.
This website uses Google (Universal) Analytics exclusively with the extension “_anonymizeIp()”, which ensures anonymization of the IP address by shortening it and excludes direct personal reference. Through the extension your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transferred to a Google LLC. server in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide us with further services related to website and Internet use. The IP address transmitted by your browser within the framework of Google (Universal) Analytics is not combined with other Google data.
You can prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link
As an alternative to the browser plugin or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you will need to click this link again): Disable Google Analytics
Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=en
In the event that personal data is transferred to Google LLC. with its registered office in the USA, Google LLC. has certified itself for the us European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please follow the procedure described above for making an objection.
9) Tools and Miscellaneous
– Google Web Fonts
This site uses so-called web fonts for the uniform display of fonts which are provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). When you call up a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.
To do this, the browser you are using must connect to Google’s servers. This may also involve the transmission of personal data to the servers of Google LLC. in the USA. In this way, Google gains knowledge that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If your browser does not support Web Fonts, a standard font will be used by your computer.
In the event that personal data is transferred to Google LLC., based in the USA, Google LLC. has certified itself for the us European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
10) Rights of the data subject
10.1 The applicable data protection law grants you comprehensive data protection rights (rights of information and intervention) vis-à-vis the person responsible for processing your personal data, about which we inform you below:
- Right of access in accordance with Art. 15 DSGVO: In particular, you have the right to be informed about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right of rectification, erasure, restriction of processing, opposition to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision making including profiling and, where applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees that apply pursuant to Art. 46 DPA when your data is transferred to third countries;
- Right of rectification in accordance with Art. 16 DSGVO: You have the right to request immediate rectification of incorrect data concerning you and/or completion of incomplete data stored by us;
- Right to deletion according to Art. 17 DSGVO: You have the right to request the deletion of your personal data if the conditions of Art. 17 para. 1 DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- Right to restrict processing according to Art. 18 DSGVO: You have the right to demand the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is checked; if you refuse to have your data deleted due to unlawful data processing and instead demand the restriction of the processing of your data; if you require your data for the assertion, exercise or defence of legal claims, after we no longer require these data after the purpose has been achieved; or if you have lodged an objection on the grounds of your particular situation, as long as it is not yet clear whether our justified reasons outweigh the objection;
- Right to be informed in accordance with Art. 19 DSGVO: If you have asserted the right of rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
- Right to data transfer in accordance with Art. 20 DSGVO: You have the right to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party, insofar as this is technically feasible;
- Right to revoke consents granted in accordance with Art. 7 Para. 3 DSGVO: You have the right to revoke at any time, with effect for the future, any consent to the processing of data that you have once given. In the event of revocation, we will delete the data concerned immediately, unless further processing cannot be based on a legal basis for processing without consent. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation;
- Right to appeal under Art. 77 DSGVO: If you believe that the processing of personal data concerning you is in breach of the DPA, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged breach occurred, without prejudice to any other administrative or judicial remedy.
10.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS DUE TO OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR SPECIAL SITUATION, WITH EFFECT FOR THE FUTURE.
HOWEVER, IF YOU WANT TO MAKE SURE THAT THE SITUATION IS CORRECT, YOU MUST USE THE CORRECT WORDING IN THE WORDING OF THE DOCUMENTS. IF WE DO NOT HAVE THE RIGHT OF APPEAL, WE WILL HAVE TO BE CAREFUL TO ENSURE THAT WE HAVE THE RIGHT TO APPEAL TO THE COURTS FOR THE RIGHT OF APPEAL IN THE CASE OF A DISPUTE, WHERE THERE IS AN INTEREST, A CONCERN AND A NEED FOR FAIRNESS, OR THE RIGHT TO APPEAL TO THE COURT OF JUSTICE, OR THE RIGHT TO APPEAL TO THE COURT OF FIRST INSTANCE FOR A RULING ON THE FREEZING ORDER, OR THE RIGHT OF APPEAL TO THE COURT OF JUSTICE FOR A RULING ON A COMPLAINT.
IF THE PERSON IN QUESTION IS THE PERSON RESPONSIBLE FOR A PARTICULAR SENTENCE, THE PERSON IN QUESTION MAY, IF NECESSARY, HAVE THE RIGHT TO REQUEST THAT THE PERSON IN QUESTION BE GIVEN THE OPPORTUNITY TO BE HEARD BY THE COURT, AND THE PERSON IN QUESTION MAY BE THE PERSON RESPONSIBLE FOR THE DECISION ON WHETHER OR NOT TO TAKE PART IN THE HEARING. IF YOU WISH TO DO SO, YOU MUST DO SO IN THE WIDEST POSSIBLE WAY.
IF YOU WANT TO KNOW MORE ABOUT THIS, YOU SHOULD READ THE WORDING OF THE WORDING OF THE CONTRACT ON THE DIRECTIVE.
11) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective legal retention period (e.g. retention periods under commercial and tax law).
When personal data are processed on the basis of an express consent pursuant to Art. 6 Paragraph 1 letter a DSGVO, these data are stored until the person concerned revokes his or her consent.
If there are legal retention periods for data which are processed within the framework of legal or similar obligations on the basis of Art. 6 Para. 1 lit. b DSGVO, these data are routinely deleted after expiry of the retention periods, provided that they are no longer required for the fulfilment or initiation of the contract and/or we have no justified interest in further storage.
When personal data are processed on the basis of Art. 6 Para. 1 letter f DSGVO, these data are stored until the person concerned exercises his or her right to object in accordance with Art. 21 Para. 1 DSGVO, unless we can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
In the case of processing of personal data for the purpose of direct advertising on the basis of Art. 6 para. 1 lit. f DSGVO, these data are stored until the data subject exercises his or her right to object in accordance with Art. 21 para. 2 DSGVO.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.