This data protection regulation applies to personal data that we collect and process while you are using our online services. Please refer to the following information for the type of data we collect and how we use it.
1. Name and contact information of the individual responsible for processing and of the company data protection officer
This data protection information applies to the processing of data by:
Person responsible for processing your personal data
38304 Wolfenbüttel (Germany)
phone: +49 5331 7108480
fax: +49 5331 7108489
Data protection officer
Company: BEL NET GmbH
Mr Marco Schuller
You can reach our data protection officer at:
phone: +49 (0)531 21 44 178
Post: Christian-Pommer-Strasse 23, 38112 Braunschweig, Germany
2. Collection and storage of personal data and the form and purpose of its use
a) When visiting our website
When you open our website https://www.original-dermaroller.de, your device’s browser automatically sends information to the server used by our website. This information is temporarily saved in a log file. During this process, the following information is collected without any action on your part and is stored until it is deleted automatically:
- IP address of the enquiring computer,
- Date and time you accessed our website,
- Name and URL of the retrieved file,
- Website from which our site was accessed (referrer URL),
- Browser used and, if applicable, the operating system of your computer and the name of your access provider.
We process the data in question for the following purposes:
- To ensure that a connection to our website can be established smoothly,
- To ensure that our website is easy to use,
- To evaluate our system security and stability and
- For other administrative purposes.
b) When registering for our newsletter
We only ever send newsletters, emails and other electronic notifications containing promotional information (“newsletters”) with the consent of the recipient or a legal permit.
Provided you have expressly agreed to receive such information in accordance with Article 6, Clause 1, Sentence 1, lit. a) of the German General Data Protection Regulation (DSGVO), we will use your email address to send you our newsletter on a regular basis. To receive the newsletter, you are required to state your name, an email address and specify the product that interests you.
Registering to receive our newsletter is subject to a double-opt-in procedure. i.e. once you have registered, you will receive an email asking you to confirm your registration. Newsletter registrations are logged so that we are able to prove that the registration process meets legal requirements. This includes storing the time of registration and confirmation and the IP address. Likewise, changes to the data stored on you by shipping providers are logged.
You can deregister at any time, for example, by clicking the link at the end of any newsletter. Alternatively, you can make us aware of your wish to deregister at any time by sending an email to info(at)original-dermaroller.de.
c) When using our contact form
We offer you the opportunity to contact us by email with questions of any kind. It is essential that you provide us with your title, your first name and surname, a valid email address and a telephone number so we know who sent the query and to enable us to address the query. You may provide us with further particulars if you wish. The processing of data for the purposes of making contact with us is carried out in accordance with Article 6, Clause 1, Sentence 1, lit. a) of the German General Data Protection Regulation (DSGVO) on the basis of the consent you have voluntarily provided. The personal data we collect will be deleted automatically once the query you have submitted has been dealt with.
d) When ordering online
We only ever transmit personal data to third parties if this is an essential aspect of fulfilling contractual obligations, for instance, to the institution responsible for processing the payment or the company entrusted with the delivery of the goods. The data will not be transmitted again unless you have expressly agreed to this. Your data will not be passed to third parties, for example, for advertising purposes, unless you have expressly agreed to this.
If you would like to place an order on our online shop, it is essential that you provide the personal data we require to process your order so that a purchase contract can be concluded. The mandatory details required for the processing of orders are highlighted. Any other information you provide is voluntary. We process the data you have provided for the purposes of fulfilling your order. To do so, we may pass your payment details to the institution responsible for processing the payment. The legal basis in this case is Article 6, Clause 1, Sentence 1, lit. b) of the German General Data Protection Regulation (DSGVO).
You have the option to create a customer account on a voluntary basis which enables us to save your data for future purchases. If you opt to create an account under “My Account”, the data you provide will be saved on a revocable basis. You can delete any other data, including your user account, at any time on the customer portal.
We may also use the data you provide to inform you about other interesting products in our portfolio or to send you emails with technical information.
Due to the requirements of commercial law and tax law, we are obliged to store your address, payment and ordering details for a period of ten years. However, we limit the scope of processing activities after a period of two years, i.e. your data is only used for the purposes of adhering to statutory requirements.
To prevent third parties from gaining unauthorised access to your personal data, in particular financial data, the order process is encrypted using TLS technology.
3. Disclosure of data
Your personal data will not be transmitted to third parties for purposes other than the ones detailed below. We only pass your personal data to third parties if:
- You have expressly agreed to this in accordance with Article 6, Clause 1, Sentence 1, lit. a) of the German General Data Protection Regulation (DSGVO),
- It is necessary to disclose data for the assertion, exercise or defence of legal claims in accordance with Article 6, Clause 1, Sentence 1, lit. f) of the German General Data Protection Regulation (DSGVO) and that there is no reason to believe that you have an overriding and legitimate interest in the non-disclosure of your data,
- There is a legal obligation to disclose the data in accordance with Article 6, Clause 1, Sentence 1, lit. c) of the German General Data Protection Regulation (DSGVO) and
- This is permitted by law and is necessary in the course of fulfilling contractual agreements you have entered into in accordance with Article 6, Clause 1, Sentence 1, lit. b) of the German General Data Protection Regulation (DSGVO).
5. Analysis tools
a) Tracking tools
The tracking measures we use, which are detailed below, are implemented on the basis of Article 6, Clause 1, Sentence 1, lit. f) of the German General Data Protection Regulation (DSGVO). We use these tracking measures to ensure that the layout of the website is demand-driven and that the website is subject to continuous optimisation. The other reason for making use of tracking measures is to collect statistical data on the use of our website and to evaluate this data with a view to optimising our online services for the customer. These interests are deemed to be legitimate as laid down in the aforementioned regulations. The respective data processing purposes and data categories can be found in the relevant tracking tools.
b) Google Analytics
We make use of Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”), for the purposes of ensuring that the layout of our webpages is demand-driven and that the webpages are subject to continuous optimisation. In this context, pseudonymised user profiles are created and cookies (see point 4) are used. The information generated by the cookie about your use of this website, such as
- Browser type/version,
- Operating system used,
- Referrer URL (the site you visited previously),
- Host name of the computer establishing access (IP address),
- Time of the server request,
is transmitted to a Google server in the USA and stored there. The information is used to evaluate your use of the website, to compile reports on the website activities, and to provide other services associated with the website and internet usage for the purposes of market research and the demand-driven layout of these webpages. This information may also be transmitted to third parties provided this is legally stipulated or if third parties have been commissioned to process this data. Under no circumstances will your IP address be merged with other data of Google. The IP addresses are anonymised so that identification is impossible (IP masking). You can prevent cookies from being installed through the corresponding settings in your browser software. However, we would like to point out that you may not be able to use all of the functions of this website to the full extent in that case. In addition, you can prevent the data created by the cookie and related to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de). Alternatively and particularly in the case of browsers on mobile devices, you can prevent the data from being collected by Google Analytics by clicking the following link: Disable google analytics. This sets up an opt-out cookie which prevents your data from being collected when you visit this website in the future. The opt-out cookie is stored on your device and will only work in this browser and only in relation to our website. If you delete the cookies in this browser, you will need to set up the opt-out cookie again. You can find additional information on data protection in connection with Google Analytics on the Google Analytics help page (https://support.google.com/analytics/answer/6004245?hl=de).
c) Google Adwords Conversion Tracking
We also make use of Google Conversion Tracking to collect statistical data on the use of our website and to evaluate this data with a view to optimising our website for the customer. If you arrive at our website by clicking a Google ad, Google Adwords will store a cookie (see point 4) on your computer. These cookies lose their validity after 30 days and are not used to identify the user personally. If the user visits certain webpages of the Adwords customer’s website and the cookie has not yet expired, the customer and Google will be able to recognise that the user has clicked on the ad and has been redirected to this webpage. Each Adwords customer receives a different cookie. As such, cookies cannot be tracked via the websites of Adwords customers. The information gathered with the aid of the conversion cookie is used to generate conversion statistics for Adwords customers who have opted to use conversion tracking. The Adwords customers are informed about the total number of users who have clicked on their ad and were then redirected to a page featuring a conversion tracking tag. However, they do not receive any information that could be used to identify users personally.
If you do not want to take part in the tracking procedure, you can refuse to have the associated cookie placed on your computer, for instance, in the browser settings that disable the placement of cookies across the board. You can also deactivate cookies for conversion tracking by setting up your browser in such a way that cookies from the domain “www.googleadservices.com” are blocked. You can find Google’s data protection notice regarding conversion tracking here (https://services.google.com/sitestats/de.html).
6. Social media plug-ins
We make use of social media plug-ins from the social networks Facebook, Twitter and Instagram on our website on the basis of Article 6, Clause 1, Sentence 1, lit. f) of the German General Data Protection Regulation (DSGVO) in order to raise awareness of our company. The promotional objective behind this decision is deemed to be a legitimate interest as defined by the German General Data Protection Regulation (DSGVO). The respective supplier is responsible for ensuring that the system operates in a manner that is compliant with data protection regulations. We incorporate these plug-ins using the two-click method in order to protect visitors to our website in the best way possible.
Social media plug-ins from Facebook are used on our website in order to personalise visits to the website. To do this, we use the “LIKE” or “SHARE” button. This is a service provided by Facebook. If you open a page on our website that contains such a plug-in, the browser establishes a direct connection to the servers of Facebook. The content of the plug-in will be sent directly to your browser by Facebook and integrated into the website. By integrating the plug-ins, Facebook receives the information that your browser has opened the relevant page on our website even if you do not have a Facebook account or are not currently logged into Facebook. This information (including your IP address) is transmitted to a Facebook server in the USA by your browser and stored there.
If you are logged into Facebook, Facebook can assign your visit to our website to your Facebook account directly. If you interact with the plug-ins, e.g. you press the “LIKE” or “SHARE” buttons, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also publicised on Facebook and shown to your Facebook friends. Facebook is permitted to use this information for the purposes of advertising, market research and for the demand-driven design of Facebook pages. To this end, Facebook creates user, interest and relationship profiles, for example, in order to evaluate how you use our website with regard to the advertisements shown to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. If you do not want Facebook to assign the data collected in relation to our website to your Facebook account, then you must log out of Facebook before you visit our website. For the purpose and scope of data collection and further processing and use of the data by Facebook, as well as your rights and options for privacy protection, please refer to the data protection information provided by Facebook at (https://www.facebook.com/about/privacy/).
Plug-ins for the brief messaging network of Twitter Inc. (Twitter) are integrated into our webpages. You can recognise the Twitter plug-ins (tweet button) by the Twitter logo on our website. You can find an overview of tweet buttons here (https://about.twitter.com/resources/buttons). If you open a page on our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. This means that Twitter receives the information that you visited our website using your IP address. If you click the Twitter “tweet button” while logged into your Twitter account, the contents of our webpages can be linked to your Twitter profile. This enables Twitter to associate the visit to our webpages with your user account. As the provider of these webpages, we would like to point out that we do not receive any knowledge of the content of the transmitted data and its use by Twitter.
Our website uses components (videos) from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc. of Amphitheatre Parkway, Mountain View, CA 94043, USA. For this, we use the option of ” – Privacy Enhanced Mode – ” provided by YouTube. When you access a webpage that has an embedded video, a connection to the YouTube servers is established and the content is displayed on the website by sending a message to the browser. According to YouTube, in the ” – Privacy Enhanced Mode – “, only data is transmitted to the YouTube server, in particular which of our webpages have been visited when the video is watched. If you are logged into YouTube at the same time, this information will be associated with your YouTube account. You can prevent this by logging out of your account before visiting our website.
For more information about YouTube’s privacy practices, please visit the following link: https://www.google.de/intl/de/policies/privacy/
Plug-ins from the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated on our website. Each time a webpage is accessed that offers one or more Vimeo video clips, a direct connection is established between the browser and a Vimeo server in the United States. Information about the visit and the IP address will be stored there. By interacting with the Vimeo plug-ins (e.g. clicking the start button), this information is also transmitted to Vimeo and stored there. If you have a Vimeo user account and you do not want Vimeo to collect information about you through this website and link it to the respective Vimeo membership information, you must log out of Vimeo before visiting the website.
In addition, Vimeo uses an iFrame (in which the video is called up) to call the Google Analytics tracker. This is Vimeo’s own tracking to which we have no access. Tracking by Google Analytics can be stopped using the deactivation tools that Google offers for some Internet browsers. In addition, users can prevent the collection by Google of data generated by Google Analytics and related to their use of the website (including the user’s IP address), as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
7. Rights of persons affected
You have the right:
- To request information about the personal data we have processed in relation to your person in accordance with Article 15 of the German General Data Protection Regulation (DSGVO). In particular, you can request information about the reasons for data processing, the category of the personal data, the categories of the recipients to which your data was or is disclosed, the intended period of storage, the existence of a right to demand correction, deletion, restrictions on processing or objection, the existence of a right of appeal, the origin of your data provided it was not collected by us, and about the existence of automated decision-making including profiling and, where applicable, meaningful information regarding its particulars;
- To request that incorrect or incomplete personal data we have stored in relation to your person is corrected or completed without delay in accordance with Article 16 of the German General Data Protection Regulation (DSGVO);
- To request the deletion of the personal data we have stored in relation to your person in accordance with Article 17 of the German General Data Protection Regulation (DSGVO) provided the processing procedure is not essential in exercising the right to freedom of expression and information, in fulfilling a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- To request that a restriction be placed on the processing of your personal data in accordance with Article 18 of the German General Data Protection Regulation (DSGVO) provided you contest the accuracy of the data, the processing procedure is unlawful yet you refuse deletion of the data and we no longer require the data yet you require the data for the assertion, exercise or defence of legal claims or you have filed an objection against the processing of the data in accordance with Article 21 of the German General Data Protection Regulation (DSGVO);
- To receive the personal data relating to your person that you have provided us with in a structured, commonplace and machine-readable format or to request that it is transmitted to another responsible party in accordance with Article 20 of the German General Data Protection Regulation (DSGVO);
- To revoke the consent given to us at any time in accordance with Article 7, Clause 3 of the German General Data Protection Regulation (DSGVO). This means that we are no longer permitted to carry out the data processing activities that were based on this consent and
- To file a complaint with a supervisory authority in accordance with Article 77 of the German General Data Protection Regulation (DSGVO). In this regard, typical points of contact are the supervisory authority of your usual place of residence or work or our company headquarters.
8. Right of objection
Provided your personal data is processed on the basis of legitimate interests in accordance with Article 6, Clause 1, Sentence 1, lit. f) of the German General Data Protection Regulation (DSGVO), you have the right to file an objection against the processing of your personal data in accordance with Article 21 of the German General Data Protection Regulation (DSGVO) if there are grounds arising from your particular situation or the objection is based on direct advertising. In the latter case, you have a general right of objection that will be acted upon without the need to specify a particular situation. If you would like to make use of your right of revocation or objection, it shall suffice to send an email to info(at)original-dermaroller.de.
9. Data security
During website visits, we make use of the popular SSL procedure (Secure Socket Layer) in conjunction with the highest possible level of encryption that is supported by your browser. This typically constitutes 256-bit encryption. If your browser does not support 256-bit encryption, we make use of 128-bit v3 technology instead. To find out whether a single page of our website is transmitted in an encrypted manner, check to see if the key or lock symbol in the lower status bar of your browser is locked. In addition, we apply appropriate technical and organisational security measures in order to protect your personal data against accidental or deliberate manipulation, partial or full loss, destruction and against unauthorised access by third parties. Our security measures are continuously improved in line with technological progress.
10. Validity and modification of this data protection declaration
This data protection declaration is currently valid and was last updated in May 2018. It may be necessary to modify this data protection declaration if our website and associated offerings undergo development or if statutory or official regulations change. You can open and print out the currently applicable data protection declaration at any time by clicking https://www.original-dermaroller.de/en/home-skin-care/service/privacy-statement/.
Wolfenbüttel, May 2018