Privacy Policy

Privacy Policy

Mann & Schröder GmbH (hereinafter referred to as “Mann & Schröder Cosmetics”), Bahnhofstraße 14, 74936 Siegelsbach and Schröder Cosmetics GmbH & Co. KG (hereinafter referred to as “Schröder Cosmetics”), Mann & Schröder Str. 1, 74928 Hüffenhardt (hereinafter also referred to jointly as “we or our”) take the protection of your personal data very seriously and strictly adhere to all applicable laws and regulations on data protection, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG). The following explanations provide you with an overview of how we ensure this protection and which data we process for which purpose.

1. Usage Data

Every time this website is accessed and every time a file is retrieved, general data about this process is automatically stored in a log file. The storage serves exclusively system-related and statistical purposes (based on Art. 6 para. 1 letter f.) DSGVO), as well as in exceptional cases to report criminal offences (based on Art. 6 para. 1 letter f.) DSGVO, § 25 para. 2 No. 2 TTDSG). Our legitimate interest is to ensure the delivery of the website and to combat abuse and troubleshooting. The data is not passed on to third parties or evaluated in any other way, unless there is a legal obligation to do so (Art. 6 para. 1 letter c) DSGVO). In detail, the following data record is stored about each retrieval:

 

  • name of the retrieved file
  • date and time of the retrieval
  • amount of data transferred
  • message whether the retrieval was successful
  • description of the type of web browser used
  • operating system used
  • the previously visited page
  • provider
  • your IP address

 

We pass on the collected data to the responsible internal departments or to external service providers who act for us as order processors (e.g. hoster, provider of the content management system) for processing in accordance with the processing required for the presentation of the website and the creation of the content.

 

The deletion of the log file takes place as soon as they are no longer needed for the purposes mentioned, at the latest after 7 days.

 

2. Personal data via the contact form.

Personal data will only be processed by us if we are permitted to do so by law, or if you have given us your consent.

In detail:

a. Contact form

When you contact us, we store your data on the basis of Art. 6 (1) (b) DSGVO, in the case of inquiries in connection with a contract, and Art. 6 (1) (f) DSGVO for the purpose of processing your inquiry and in the event that further correspondence should take place. When processing the data that arises in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal review or in accordance with the respective communication request.
For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. For the use of the contact form, the following data is mandatory:

  • your first and last name,
  • a valid e-mail address,
  • your specific message.

The listed data will be processed by us for the following purposes:

  • to be able to identify you and
  • to be able to answer your question.

In addition, you can voluntarily provide your address for a postal contact.

The use of the form provided via the website is on a voluntary basis and is neither contractually nor legally required. You are not obliged to contact us via the form, but can also use the other contact options provided on our website. If you wish to use our form, you must fill in the fields marked as mandatory. If you do not fill in the required information of the form, you will either not be able to send the request or we will unfortunately not be able to process your request.

We pass on the collected data to the respective internal departments for processing. In addition, external IT service providers such as our hoster have access to the data entered via the form.

The personal data collected by us for the purpose of responding to your inquiry will be automatically deleted after the inquiry you have made has been dealt with, if the circumstances indicate that the matter in question has been conclusively clarified and there are no legal obligations to retain the data.

 

3. Microsoft365

We use Microsoft365. As a result, we cannot rule out the possibility that your (sensitive) data may also be transferred outside the European Economic Area and thus outside the material scope of the GDPR or that your (sensitive) data may be accessed, e.g. as part of support by Microsoft or other cloud providers. This applies in particular to the transfer of your (sensitive) data to and access to your (sensitive) data from the USA. There is no unrestricted adequacy decision by the European Commission for the USA. A transfer of your (sensitive) data therefore takes place in accordance with Art. 46 para. 2 lit. c) GDPR generally on the basis of the standard contractual clauses of the European Commission. You can obtain a copy of the passages of the contracts concerning you from us.

 

4. Cookies – General information

4.1 Information and purposes

We use so-called cookies and similar technologies in some areas on this website (hereinafter generally referred to as “Tools”). Cookies are small text files that are placed on your computer to store certain information and can be stored by your browser. Through such file elements, your computer can be identified as a technical entity during your visit to this website with the same terminal device. During your visit to the website or the next time you visit our website with the same terminal device, the information stored in cookies is sent back either to our website (“first party cookie”) or to another website of a third-party provider to which the cookie belongs (“third party cookie”).

The stored and returned information allows the respective website to recognize that you have already accessed and visited it with the browser of your end device. Some cookies also enable us to recognize individual users by means of pseudonyms, e.g. an individual or random IDs, so that we can offer individual services. In addition, other technologies, such as local storage or device fingerprinting, may be used by which information from your terminal device used when visiting our website is read and used for recognition purposes.

This website uses the following types of tools

  • Essential tools

To ensure that the requested service can be provided.

  • Functional tools

Additional tools to measure the performance/attractiveness of our website and to provide other additional(personalized) functionalities.

  • Statistical tools

Conducting basic analysis and evaluation of the use of our website.

  • Marketing tools

Cross-site marketing profiling tools based on your user behavior.

The tools are set by our website or the external services to maintain the full functionality of our website, to improve the user experience and to optimize our web offering or to pursue the purpose stated in your consent.

For the tools we use, we will inform you in the respective sections of the privacy policy whether and how cookies are set and used in each case. You can also find further information on the cookie management platform used on this website.

 4.2 Legal basis

The use of tools and any further storage and processing of personal data will only take place with your express consent or if this is absolutely necessary so that you can use the services offered and accessed by you accordingly.

Legal bases are Art. 6 para. 1 lit. f DSGVO (legitimate interest), § 25 para. 2 No. 2 TTDSG or Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO (consent), § 25 para. 1 TTDSG. Consent according to Art. 6 para. 1 lit. a DSGVO is also considered consent in the sense of § 25 para. 1 TTDSG for setting the cookie on or reading information from the user’s terminal device. Insofar as another legal basis is mentioned according to the DSGVO, the storage or setting of the cookie or the reading out of information is carried out on the basis of the exception according to § 25 para. 2 no. 2 TTDSG.

In the case of tools that are used on the basis of a legitimate interest, it generally applies that our legitimate interest is to ensure the functionality of our website and the services integrated on it (necessary tools). In addition, it may be that the tools increase user-friendliness and enable an optimized design of our web offering. Here, we have weighed your interests against our interests.

With the help of the tools, we can only identify, analyze and track you if you have consented to the use of the tool and your personal data pursuant to Art. 6 (1) lit. a DSGVO, Section 25 (1) TTDSG.

You will be informed which legal basis is relevant for the respective tools below in the respective sections on the tools used.

4.3 Deletion and objection

In addition to tools that are only used during a session and deleted after the website visit (“session cookies”), tools can also be used to store user settings and other information for a certain period of time (e.g. two years) (“permanent cookies”). Details on the deletion periods are listed with the respective tool. Most of the cookies used are so-called “session cookies”, which are deleted when you end your browser session.

However, you usually have the option of setting your browser to prevent cookies from being stored on your end device. Cookies that have already been set can be deleted at any time via browser settings. You can find instructions on how to do this in the help function of your browser.

A general objection to cookies used for online advertising can be declared for a large number of the services used on websites within the framework of developed self-regulation programs, e.g. via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ . We would like to point out that the setting made will be deleted when you delete your cookies

We point out that the exclusion of cookies may lead to functional limitations of the website.

4.4 Essential cookies

In some areas of this website, we use so-called technically essential cookies. Some functions of this website cannot be offered without the use of cookies. Essential cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

The use of essential cookies on our website is possible without your consent. For this reason, essential cookies cannot be individually disabled or enabled. However, you always have the option to generally disable cookies in your browser (see above). These cookies are automatically deleted after a time defined by us.

On this website, the following cookies are used, which are technically essential for the operation of the website:

 

Cookie name Provider Purpose Storage duration Type
PHPSESSID M&S / CMS Use in connection with session handling session essential

 

We base the use of cookies on Art. 6 para. 1 letter f) DSGVO as well as § 25 para. 2 No. 2 TTDSG. The processing is carried out to enable the functioning of our website. It is therefore essential to protect our legitimate interests.

5. Essential services

5.1 Usercentrics (CMP Tool)

We use the consent management service of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (“Usercentrics”) on this website for the purpose of consent management.

Data processing purposes

The following list represents the purposes of data collection and processing:

  • compliance with legal obligations to obtain consent for data processing and use of cookies or other technologies, as well as fulfillment of obligations to provide evidence
  • consent storage

Technologies used

Local Storage

Collected data

When using the Service, the following data is collected:

  • opt-in and opt-out data
  • referrer URL
  • user Agent
  • user settings
  • consent ID
  • time of consent
  • consent type
  • template version
  • banner language

Legal basis

The legal basis for the data processing is the fulfillment of legal obligations according to Art. 6 para. 1 s. 1 lit. c DSGVO as well as Art. 25 para. 2 no. 2.

Place of processing

European Union

Retention period

The consent data (consent and revocation of consent) is stored for three years. The data is then deleted immediately.

Data recipient

Usercentrics GmbH (processor)

Data protection officer of the data recipient

Below you will find the e-mail address of the data protection officer of the data recipient: datenschutz(at)usercentrics.com.

Privacy policy of the data recipient

Click here to read the privacy policy of the data recipient: https://usercentrics.com/privacy-policy/

More information about the service

For more information on Usercentrics, please visit: https://usercentrics.com/ .

5.2 Google Tag Manager

We use the tag management system “Google Tag Manager” from Google Ireland Limited, Google Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”) on this website.

Via Google Tag Manager, tags can be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes of other tools are integrated via the Google Tag Manager. The Tag Manager makes it possible to control when a particular tag is triggered, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all deactivated tracking tags that are implemented with Google Tag Manager.

Data processing purposes

The following list represents the purposes of data collection and processing:

  • tag management

Technologies used

  • website tags

Collected data

When using the Service, the following data is collected:

  • aggregated data about the tag triggering
  • the Google Tag Manager does not store any personal data

Legal basis

The legal basis for the data processing is the legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO as well as Art. 25 para. 2 no. 2 TTDSG.

Place of processing

  • European Union and third-party countries
  • transmissions to and access from third-party countries are possible. As suitable guarantees for data transmission to the USA, so-called standard contractual clauses pursuant to Art. 46 Bas. 2 lit c DSGVO have been concluded with Google. For third-party countries/companies for which an adequacy decision exists, the adequacy decision pursuant to Art. 46 (1) DSGVO applies. Information on data transfer to third-party countries by Google can also be found under the following link: https://privacy.google.com/businesses/controllerterms/mccs/ .

Retention period

The data is deleted within 14 days after retrieval.

Data recipient

  • Alphabet Inc. (subprocessor)
  • Google LLC (subprocessor)
  • Google Ireland Limited (subprocessor)

Data protection officer of the data recipient

Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/contact/general_privacy_form

Privacy policy of the data recipient

Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en

Cookie policy of the data recipient

Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en

6. Services for functional purposes

6.1 Google Maps

We use the integrated map service “Google Maps” from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”) on this website. To make it easier to find the nearest retailer, you have the option of entering your zip code or address.

Data processing purposes

The following list represents the purposes of data collection and processing:

  • Show maps

Technologies used

  • API

Collected data

Information about the use of our website is already collected when those subpages are called up in which the map from Google Maps is integrated.

When using the Service, the following data is collected:

  • date and time of visit
  • location information
  • IP address
  • URL
  • usage data
  • search terms
  • geographic location

This collection of data takes place regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Legal basis

The legal basis for data processing is your consent within the meaning of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG.

Deactivate data processing

You can prevent future data collection and execution of the service by clicking here and disabling the “Google Maps” service within the “Functional” category.

If you do not agree with the future transmission of your data to the data recipient in the context of the use of the service, you also have the option of completely deactivating the service by switching off the JavaScript application in your browser.

Google Maps and thus also the map display on this website can then not be used in both cases.

Click here to revoke on all domains of the processing company: https://safety.google/privacy/privacy-controls/

Place of processing

  • European Union and third-party countries

Retention period

The data will be deleted as soon as they are no longer needed for the processing purposes.

Data recipient

  • Alphabet Inc. (subprocessor)
  • Google LLC (subprocessor)
  • Google Ireland Limited (processor)

Disclosure to third-party countries

The collected information is usually transferred to a server of the service provider in the USA and stored there.

For the transfer of data to the USA, we have agreed with Google Ireland Limited on the standard data protection clauses approved by the EU Commission and therein also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.

Details on data processing, which comply with the standard contractual clause, can be found here: https://business.safety.google/adscontrollerterms/

Data protection officer of the data recipient

Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/troubleshooter/7575787?hl=en

Privacy policy of the data recipient

Click here to read the privacy policy of the data recipient: http://www.google.com/intl/de/policies/privacy/

Cookie policy of the data recipient

Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en

6.2 Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website, a service that verifies whether data entry is made by a human or by an automated program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”).

Data processing purposes

Because reCAPTCHA is intended to verify whether data entry on our websites (e.g. in a contact form) is done by a human or by an automated program, reCAPTCHA analyzes your website behavior based on various characteristics. For the analysis, reCAPTCHA evaluates various information. The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. You will not be notified that an analysis is taking place.

The following list represents the purposes of data collection and processing:

  • bot protection
  • spam prevention
  • fraud detection

Technologies used

  • scripts

Collected data

When using the Service, the following data is collected:

  • browser language
  • browser plug-ins
  • click path
  • date and time of visit
  • IP address
  • user behavior
  • time spent on a page
  • user input
  • device information
  • mouse movements
  • geographic location
  • device operating system

Legal basis

The legal basis for data processing is your consent within the meaning of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG.

Deactivate data processing

You can prevent future data collection and execution of the service by clicking here and disabling the “reCAPTCHA” service within the “Functional” category.

Place of processing

  • European Union and third-party countries

Retention period

The data will be deleted as soon as they are no longer needed for the processing purposes.

Data recipient

  • Alphabet Inc. (subprocessor)
  • Google LLC (subprocessor)
  • Google Ireland Limited (processor)

Disclosure to third-party countries

The collected information is usually transferred to a server of the service provider in the USA and stored there.

For the transfer of data to the USA, we have agreed with Google Ireland Limited on the standard data protection clauses approved by the EU Commission and therein also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.

Details on data processing, which comply with the standard contractual clause, can be found here: https://business.safety.google/adscontrollerterms/

Data protection officer of the data recipient

Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/contact/general_privacy_form

Privacy policy of the data recipient

Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en

Cookie policy of the data recipient

Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en

6.3 Google Fonts

The services „Google reCAPTCHA“ and „Google Maps“ used by us on this website use so-called web fonts (hereinafter “Google Fonts”) for display, which are provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin 4, Ireland (hereinafter “Google”). When you call up our website, the browser loads the required web fonts into the browser cache in order to display texts and fonts correctly.

If your browser does not support web fonts, a standard font is used by your computer.

For the above purpose, the browser used must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address.

Data processing purposes

The following list represents the purposes of data collection and processing:

  • provision of fonts for the services „Google reCAPTCHA“ and „Google Maps“
  • improvement of the services

Technologies used

  • API

Collected data

When using the Service, the following data is collected:

  • IP address
  • aggregated usage figures
  • font request
  • referrer URL
  • CSS requests
  • user Agent
  • browser information

Legal basis

The legal basis for the data processing is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. If you consent to the use of the services “Google reCAPTCHA” and “Google Maps”, this also includes consent to the Google Fonts.

Deactivate data processing

You can prevent future data collection and execution of the service by clicking here and disabling the services “reCAPTCHA” und “Google Maps“ within the category “Functional”. Because Google Fonts is linked to the two services, deactivation is only possible in this way.

Place of processing

  • European Union

Retention period

The data will be deleted as soon as they are no longer needed for the processing purposes.

Data recipient

  • Alphabet Inc. (subprocessor)
  • Google LLC (suprocessor)
  • Google Ireland Limited (processor)

Disclosure to third-party countries

The collected information is usually transferred to a server of the service provider in the USA and stored there.

For the transfer of data to the USA, we have agreed with Google Ireland Limited on the standard data protection clauses approved by the EU Commission and therein also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.

Details on data processing, which comply with the standard contractual clause, can be found here: https://business.safety.google/adscontrollerterms/

Data protection officer of the data recipient

Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/contact/general_privacy_form

Privacy policy of the data recipient

Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en

Cookie policy of the data recipient

Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en

More information about the service

Weitere Informationen zu Google Web Fonts finden Sie unter https://developers.google.com/fonts/faq/

6.4 YouTube

We use embedded YouTube videos on this website, which are stored on https://www.youtube.com. They are displayed on our website using a so-called “framing technology” and can be played directly here. The provider of YouTube is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). As soon as you play a video, data is transferred to YouTube, a Google company.

Data processing purposes

The following list represents the purposes of data collection and processing:

  • show videos

Technologies used

  • cookies

YouTube is integrated via the extended privacy mode.

Collected data

When using the Service, the following data is collected:

  • device information
  • IP address
  • referrer URL
  • videos viewed

This transmission takes place regardless of whether you have a user account with YouTube or not.

If you are logged in to a Google user account, your data will be directly assigned to this account. If you do not wish this, you must log out of your user account before playing the video.

The data transmitted to YouTube is stored by YouTube in the form of user profiles and used for advertising and market research purposes and for the personalized design of their website. With the help of this evaluation, YouTube can generate demand-optimized advertising (even for users who are not logged in) and inform other YouTube users about your visit to our portal.

Legal basis

The legal basis for data processing is your consent within the meaning of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG.

Deactivate data processing

You can prevent future data collection and execution of the service by clicking  and disabling the “YouTube Video” service within the “Functional” category.

You can object to the above-mentioned creation of user profiles by contacting YouTube.

Click here to revoke on all domains of the processing company: https://safety.google/privacy/privacy-controls/

Place of processing

  • European Union

Retention period

Data are deleted as soon as they are no longer needed for the processing purposes.

Data recipient

  • Alphabet Inc. (subprocessor)
  • Google LLC (subprocessor)
  • Google Ireland Limited (joint processor)

Disclosure to third-party countries

The collected information is usually transferred to a server of the service provider in the USA and stored there.

For the transfer of data to the USA, we have agreed with Google Ireland Limited on the standard data protection clauses approved by the EU Commission and therein also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.

Details on data processing, which comply with the standard contractual clause, can be found here: https://business.safety.google/adscontrollerterms/

Data protection officer of the data recipient

Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/contact/general_privacy_form

Privacy policy of the data recipient

Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en

Cookie policy of the data recipient

Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en

7. Services for statistical purposes

7.1 Google Analytics

We use “Google Analytics” on this website, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”).

Data processing purposes

On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

The following list represents the purposes of data collection and processing:

  • Statistics in order to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you. In addition, we receive information about the functionality of our website (for example, to detect navigation problems).

Technologies used

  • Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
  • Pixel
  • JavaScript
  • device fingerprint

Collected data

When using the Service, the following data is collected:

  • click path
  • date and time of visit
  • device information
  • location information
  • IP address
    • We would like to point out that on this website Google Analytics has been extended by the code “gat. anonymizeIp();” to ensure anonymized collection of IP addresses (so-called IP masking).
  • visited pages
  • referrer URL
  • browser information
  • host name
  • browser language
  • browser type
  • screen resolution
  • device operating system
  • interaction data
  • user behavior
  • visited URL

We also use the “demographic characteristics and interests” function of Google Analytics, which enables us to obtain reports on age, gender and interest categories. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers and cannot be assigned to any specific person.

We have adjusted the configuration of Google Analytics so that only the website analysis function is used, unless separate consent has been given for the advertising functions.

Legal basis

The legal basis for data processing is your consent within the meaning of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG.

Deactivate data processing

You can prevent future data collection and execution of the service by clicking here and disabling the services ” Google Analytics” and “Google Analytics 4” within the category “Statistics”.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

You can deactivate the above-mentioned “demographic characteristics and interests” function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics.

Click here to revoke on all domains of the processing company: https://safety.google/privacy/privacy-controls/

Place of processing

  • European Union and third-party countries

Retention period

The deletion of Analytics data and set cookies is set to 14 months for Google Analytics Universal and 2 months for Google Analytics 4 Property.

Data recipient

  • Alphabet Inc.(subprocessor)
  • Google LLC (subprocessor)
  • Google Ireland Limited (processor)

When configuring Google Analytics, care was taken to ensure that Google receives this data as a processor and is therefore not allowed to use this data for its own purposes. The configuration of the “Google Analytics advertising functions” is independent of this and is described separately in the corresponding sections, insofar as these are also used on this website.

Disclosure to third-party countries

The information collected is generally transferred to a server of the service provider in the USA and stored there.

For the transfer of data to the USA, we have agreed with Google Ireland Limited on the standard data protection clauses approved by the EU Commission, and in these clauses we have also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data, depending on the level of protection required. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.

Details on data processing, which comply with the standard contractual clause, can be found here: https://business.safety.google/adscontrollerterms/

Data protection officer of the data recipient

Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/contact/general_privacy_form

Privacy policy of the data recipient

Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en

Cookie policy of the data recipient

Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en

8. Services for marketing purposes

8.1 Google Ads Conversion Tracking

We use “Google Ads Conversion Tracking” on this website. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”).

When you click on an ad placed via Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user’s computer.

With the help of Google Ads Conversion Tracking, Google and we can recognize whether you have performed certain actions on the website. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

Data processing purposes

The following list represents the purposes of data collection and processing:

  • conversion tracking
  • analysis
  • measuring the success of marketing campaigns

Technologies used

  • cookies
  • tracking pixel
  • tracking code

Collected data

When using the Service, the following data is collected:

  • browser language
  • browser type
  • clicked ads
  • cookie ID
  • date and time of visit
  • IP address
  • referrer URL
  • web request
  • user behavior

Legal basis

The legal basis for the data processing is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG.

Deactivate data processing

You can prevent future data collection and execution of the service by clicking here and disabling the “Google Ads Conversion Tracking” service within the “Marketing” category.

You can disable Google interest-based ads on Google in your browser by activating the “Off” button at https://adssettings.google.de/authenticated or by deactivating them at http://www.aboutads.info/choices /.

Click here to revoke on all domains of the processing company https://safety.google/privacy/privacy-controls/

Place of processing

  • European Union and third-party countries

Retention period

The data will be deleted as soon as they are no longer needed for the processing purposes.

Data recipient

  • Google Ireland Limited
  • Google LLC
  • Alphabet Inc

There is a joint responsibility regarding the data processing in connection with Google Ads Conversion between Google and us according to Art. 26 DSGVO. We have agreed with Google that the primary responsibility under the GDPR for the processing of the data will be assumed by us and that we will fulfill all obligations under the GDPR with regard to the processing of the data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR).

Data protection officer of the data recipient

Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/troubleshooter/7575787?hl=en

Privacy policy of the data recipient

Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en

Cookie policy of the data recipient

Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en

9. Other services

9.1 Affiliate Programme und Affiliate-Links

We include so-called affiliate links or other references (which may include, for example, search masks, widgets or discount codes) to the offers and services of us or third-party providers on this website in connection with our online offer (collectively referred to as “affiliate links”). If you follow the Affiliate Links or subsequently take advantage of the offers, we may receive a commission or other benefits from the providers of the Affilliate Programs (collectively, “Commission”).

In order to be able to track whether you have taken advantage of the offers of an affiliate link used by us, it is necessary that the respective providers learn that users have followed an affiliate link used within our online offer. The assignment of the affiliate links to the respective business transactions or to other actions (e.g. purchases) serves the sole purpose of commission accounting and will be cancelled as soon as it is no longer necessary for the purpose.

For the purposes of the aforementioned assignment of the affiliate links, the affiliate links may be supplemented by certain values that are a component of the link or may be stored elsewhere, e.g. in a cookie. The values may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.

a. Amazon affiliate program

We participate in the Amazon EU affiliate program of Amazon EU SARL, Niederlassung Deutschland, Marcel-Breuer-Str. 12, 80807 Munich, Germany (Amazon).  On our pages are integrated by Amazon advertisements and links to the site of Amazon.de, from which we can earn money through advertising reimbursement. Amazon uses cookies to track the origin of orders. This allows Amazon to recognize that you have clicked the partner link on our website.

The legal basis for this processing is your consent in accordance with Art. 6 para. 1 p. 1 lit. af) DSGVO and § 25 para. 1 TTDSG.The collected information is usually transferred to a server of the service provider in the USA and stored there.

For the transfer of data to the USA, we have agreed with Amazon on the standard data protection clauses approved by the EU Commission and also agreed therein on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.

Details on data processing, which comply with the standard contractual clause, can be found here: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010&language=en_GB&currency=EUR

For more information about Amazon’s use of data, please see Amazon’s privacy policy: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401 .

b. AWIN

We use the affiliate program of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter “AWIN”) on this website in the form of text links, image links, advertising banners or input masks. AWIN uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of the use of the website. AWIN also uses so-called web beacons. These are invisible graphics used to collect information. Through these web beacons, visitor traffic on these pages can be analyzed. The information generated by cookies and/or web beacons about the use of this website and delivery of advertising formats is transmitted to a server of AWIN and stored there. AWIN will use this information for the purpose of evaluating your use of the website in relation to the advertisements, compiling reports on website activity and advertising for website operators, among other things. Awin can process the remuneration (i.e. commission payments) through this evaluation and allocation. For this purpose, data such as a transaction ID, order number, order date, publisher, net merchandise value and the advertising medium used are transmitted.

The legal basis for this processing is your consent in accordance with Art. 6 para. 1 p. 1 lit. f) DSGVO and § 25 para. 1 TTDSG.

If you do not wish these cookies to be stored, you can also deactivate the acceptance of these cookies in your internet browser. You can delete the cookies on your hard drive at any time. Alternatively, you can also deactivate Awin cookies via this link: https://www.awin.com/de/rechtliches/optout.

10. SSL or TLS encryption

We use SSL or TLS encryption on this website for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

11. Retention period

Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

12. Responsible Company

The

Mann & Schröder GmbH

Bahnhofstrasse 14

74936 Siegelsbach / Germany

Phone: +49 7264 7002-0

Fax: +49 7264 7002-777

E-mail: info(at)mann-schroeder.de

and the

Schröder Cosmetics GmbH & Co KG

Mann & Schröder Str. 1

74928 Hüffenhardt

Phone: +49 7264 7002-0

Fax: +49 7264 7002-777

E-mail: info(at)schroeder-cosmetics.de

are jointly responsible for the described processing of personal data within the meaning of Art. 4 (7) GDPR and Art. 26 GDPR.

The parties have jointly determined the purposes and means of data processing. They are therefore jointly responsible for the protection of your personal data within the process stages described below (Art. 26 GDPR).As part of their joint responsibility under data protection law, Party 1 and Party 2 have agreed which of them will fulfill which obligations under the GDPR. This applies in particular to the exercise of the rights of the data subjects and the fulfillment of the information obligations pursuant to Articles 13 and 14 GDPR. Even if there is joint responsibility, we fulfill the data protection obligations according to the respective responsibilities as follows: The data collection on a website is carried out by the company specified in the respective legal notice. The data will subsequently be processed by the company if you have given your consent or if this is necessary for contractual purposes or the implementation of pre-contractual measures or to safeguard the legitimate interests of the respective company. Each company shall make the information required under Art. 13 and 14 GDPR available to the data subjects free of charge in a precise, transparent, comprehensible and easily accessible form in clear and simple language. Each party shall provide the other party with all necessary information from its sphere of activity.

Certain processing operations may be carried out under the responsibility of other companies. This is indicated under the respective descriptions of the processing, if this is the case.

13. Our data protection officer

If you have any questions on the subject of data protection, please do not hesitate to contact our data protection officer:

Mr. Michael Egenberger
E-Mail: datenschutz(at)mann-schroeder.de

14. Data Subject Rights

The following data subject rights can be asserted both with Mann & Schröder Cosmetics (e.g. by e-mail to marketing(at)mann-schroeder.de) and with Schröder Cosmetics (e.g. by e-mail to marketing(at)schroeder-cosmetics.de). Data subjects will generally receive the information from the office where the rights were asserted.

a. Right to information

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If necessary, we will inform the other company immediately of any legal positions asserted by data subjects. You will provide each other with all information necessary to respond to requests for information.

b. Correction/deletion/restriction of processing

Furthermore, you have the right to demand from us that

  • inaccurate personal data concerning you be corrected without delay (right to rectification);
  • personal data concerning you be deleted without delay (right to erasure); and
  • the processing be restricted (right to restriction of processing).

c. Right to data portability

You have the right to receive personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.

d. Right of withdrawal

You have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

e. Right of objection

If the processing of personal data concerning you is necessary for the performance of a task carried out in the public interest (Art. 6(1)(e) DSGVO) or for the protection of our legitimate interests (Art. 6(1)(f) DSGVO), you have the right to object.

f. Right of appeal

If you believe that the processing of personal data concerning you is in breach of the DSGVO, you have the right to lodge a complaint with a supervisory authority, without prejudice to other legal remedies.

15. Data recipient

Unless expressly stated in this paragraph or above in the description of the individual processing operations, your personal data will not be disclosed to third parties or other recipients.

For the provision (hosting) and for the content-related as well as technical operation of our website, we use the services of external service providers. The personal data collected on this website is stored on the hoster’s servers and can be viewed by our technical service provider. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via the website. The use of the external service providers is in the interest of a secure, fast and efficient provision of our website by a professional provider. The external service providers will only process your data to the extent necessary to fulfill their performance obligations to us and will follow our instructions regarding the data processed for these purposes. We have concluded a contract with each of the service providers used regarding commissioned processing in accordance with Art. 28 DSGVO.

We reserve the right, in the event of a legal obligation, to disclose information about you if the disclosure is required of us by lawfully acting authorities or law enforcement bodies. The legal basis is Art. 6 (1) c) DSGVO (legal obligation).

16. Change of the privacy policy

We reserve the right to adapt this data protection declaration in the event of any changes to the legal situation, the service offered on the website and the data processing. However, this only applies with regard to declarations on data processing. If your consent is required or components of the data protection declaration contain provisions of the contractual relationship with you, the changes will only be made with your consent.

You can regularly inform yourself about any changes in this data protection declaration.

Status: April 2024