data protection

The protection of your personal data is important to us. Of course, we guarantee its protection within the framework of the legal requirements and handle your personal data carefully. With this declaration we inform you about which types of personal data we collect, for what purposes this data is collected, how it is processed and what rights you have in this regard.

1.     Responsible body

The responsible body within the meaning of data protection laws is

Grafenberger Allee 68,
40237 Dusseldorf,
Germany

Email: hell@ovallskincare.de

2.     Collection and storage of personal data as well as the type and purpose of their use

We collect and store personal data in the following cases. We use this data exclusively in the manner and for the purposes set out below.

1. a) Visiting our website

When you visit our websitewww.ovallskincare.de , the browser used on your device automatically sends information to our website server, which is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

- the IP address of the requesting computer,
- the date and time of access,
- the name and URL of the retrieved file,
- the website from which access is made (referrer URL),
- the browser used and
- if applicable, the operating system of your computer and the name of your Internet access provider.

Log files are important sources of information for making processes on a system understandable. They can be used, for example, to analyze problems or reconstruct lost data. We use the data stored in the log files in this context to:

- to ensure the connection and use of our website,
- to evaluate and permanently ensure system security and stability,
- to ensure the technical administration of the network infrastructure,
- to optimise our internet offering,
- to carry out internal statistical surveys.

The legal basis for data processing is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Our legitimate interest in data processing follows from the purposes listed above. Under no circumstances do we use the data collected to draw conclusions about you personally. The IP address of the requesting computer is only evaluated in the event of attacks on the network infrastructure and for statistical purposes.

1. b) Use of contact form

You have the option of contacting us using a form provided on our website. You must provide your name, a valid email address and the reason for your contact. By providing your contact details, you consent to us using them to respond to your request.

We process the data you provide to us exclusively for the purpose of processing and answering your request.

The legal basis for data processing is our legitimate interest in processing your request, Art. 6 Para. 1 Clause 1 Letter f of GDPR, and the consent you gave when using the contact form to the processing of the data you entered in the contact form, Art. 6 Para. 1 Clause 1 Letter a of GDPR.

We would like to point out that it is not necessary to use our contact form to get in touch with us. We are also happy to answer your questions using the other contact details provided on our website. The personal data we collect to process your contact will be automatically deleted once your request has been processed.

1. c) Online shop registration

If you want to order our products via our website, you must register with our online shop. When you register, we collect the following personal data:

- First name Last Name,
- E-mail address,
- Password and
- Date customer account was created.

The collection and processing of this data takes place

- for your registration in our online shop and your continued access to it,
- to identify you as our customer.

The processing of your personal data is necessary to manage your registration in our online shop, Art. 6 Para. 1 S. 1 lit. b GDPR.

1. d) Purchase via our online shop

If you order our products through our online shop, we collect the following personal data in addition to the data already stored during registration:

- if applicable, company,
- Address, address extension,
- telephone number,
- Date of first purchase,
- if applicable, Packstation or post office (Packstation number or post office number and postal number)

The collection and processing of this data takes place

- to process and handle the order you place through our online shop,
- to provide information about our product range, our new products and current promotions relating to our product range,
- for invoicing,
- to handle any liability claims,
- to enforce our contractual claims against you.

The processing of your personal data is necessary to manage your registration in our online shop and to fulfil your orders in accordance with the contract, Art. 6 Para. 1 S. 1 lit. b GDPR.

Insofar as we use the processed personal data to inform you about our product range, in particular our new products and/or special promotions in connection with our product range, this is in our legitimate interest, Art. 6 Para. 1 Clause 1 Letter f of GDPR.

1. e) Subscribe to newsletter

With our electronic newsletter, in addition to information about special offers, products, news and events of the Privise.io brand, you will also regularly receive surveys about our products and occasional information about sales promotions in retail stores and Privoo.io competitions in which products from partner companies may also be presented.

You can register to receive our electronic newsletter via our website. When you register, we use the so-called double opt-in procedure, which means that registration is only completed when you confirm your wish to receive our electronic newsletter via a link that you receive in an email that we send to you at your request. In this case, we collect the following personal data from you:

- Your email address,
- Your first and last name,
- the IP address provided by your Internet service provider when you click on the link,
- the date and time of confirmation of the link.

The processing of the above data is carried out in order to

- to send you the newsletter,
- To be able to address you personally in our newsletter,
- the declaration of your consent to receive the electronic newsletter and
- to prove any misuse of your email address at a later date.

The legal basis for data processing is your consent, which you give when registering for our newsletter, Art. 6 Para. 1 Clause 1 Letter a of GDPR.

Unsubscribe from the newsletter

To unsubscribe from the newsletter, simply send an email to hello@ovallskincare.de with the subject "Unsubscribe newsletter".

1. f) Cookies and analysis services

Finally, we use cookies and analysis services when you visit our website. You will find more detailed information on this in section 4 ff. of this data protection declaration.

3.     Transfer of your data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below:

We will only share your personal information with third parties if:

- you have given your express consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR,
- the transfer is necessary in accordance with Art. 6 (1) sentence 1 lit. f GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- in the event that there is a legal obligation to disclose data pursuant to Art. 6 Paragraph 1 Clause 1 Letter c of GDPR,
- this is legally permissible and is necessary for the processing of contractual relationships with you according to Art. 6 Paragraph 1 Clause 1 Letter b of GDPR.

3.1.

Credit check by third party providers

When using Klarna invoice/installment purchase, a credit check is carried out by the third-party provider Klarna .
We have no influence on the data collection or final decision of the third-party provider.

4.     Cookies and tracking pixels

Like many other websites, we use so-called "cookies". Cookies are small text files that your web browser automatically saves on your computer's hard drive when you visit our website. We automatically receive certain data, such as your IP address and the browser you use, and can analyze your usage behavior when you visit our website in an anonymous form. Cookies cannot cause any damage to your hard drive. In particular, they cannot be used to start programs and/or transmit viruses. We do not receive any personal data about you through the cookies. It is not possible for us to assign the information stored in the cookies to an identified or identifiable natural person.

We also use so-called tracking pixels on our website. Tracking pixels are small scripts that are automatically loaded when you visit our website and enable tracking of your user behavior. We automatically receive certain data, such as your IP address and the browser you use, and can analyze your usage behavior when you visit our website in an anonymous form.

Cookies and tracking pixels help us in many ways to make your visit to our website easier, more pleasant and more meaningful. For example, by analyzing the usage behavior of visitors to our website, we are able to tailor our offering to your needs. Cookies are also sometimes used to simplify the ordering process. For the specific purposes we pursue, please refer to the following explanations of the individual cookies and tracking pixels we use.

If personal data is processed through individual cookies, this is necessary to carry out the contract with you, Art. 6 Para. 1 lit. b GDPR, or due to our legitimate interest in being able to offer you optimal functionality of our website and to operate our website as efficiently and economically as possible, Art. 6 Para. 1 S. 1 lit. f GDPR.

Of course, you can also view our website without cookies. Most Internet browsers are configured to accept cookies automatically. However, you can deactivate this function at any time or configure your browser so that a message always appears when you receive a new cookie. You can delete cookies that have already been stored. However, we would like to point out that deactivating cookies may mean that you cannot use all the functions of our website.

The following programs, which set cookies and tracking pixels, are used on our website:

1. a) Google Inc.

Our website uses various services from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"), which we explain to you below:

To optimize the service on our website, we use Google Analytics , a web analysis service. Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website, such as

- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- Hostname of the accessing computer (IP address),
- Time of the server request.

are usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these websites, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. In addition, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link.

In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link. This will install an opt-out cookie on your device. This will prevent Google Analytics from collecting data for this website and for this browser in the future as long as the cookie remains installed in your browser.

We use Doubleclick by Google . Doubleclick by Google uses cookies to show you advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which advertisements were displayed in your browser and which advertisements were accessed. The cookies do not contain any personal information. The use of DoubleClick cookies enables Google and its partner websites to display advertisements based on previous visits to our or other websites on the Internet. The information generated by the cookies is transferred by Google to a server in the USA for evaluation and stored there. Google adheres to the data protection provisions of the US Safe Harbor Agreement and is registered with the US Department of Commerce's Safe Harbor program. Under no circumstances will Google combine your data with other data collected by Google.

By using our websites, you agree to the processing of the data collected about you by Google and the previously described manner of data processing as well as the stated purpose. You can prevent the storage of cookies by setting your browser software accordingly. In addition, you can prevent Google from collecting the data generated by the cookies and relating to your use of the websites and from processing this data by Google by downloading and installing the browser plug-in available under the following link.

You can find more information about DoubleClick by Google and data protection here.

We use the remarketing or "similar target groups" function of Google Inc. This function serves the purpose of analyzing visitor behavior and interests.
Google uses cookies to analyze website usage, which forms the basis for creating interest-based ads. The cookies record visits to the website and anonymized data about website usage. No personal data of website visitors is stored. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously viewed product and information areas.

Your data may also be transferred to the USA. The European Commission has issued an adequacy decision for data transfers to the USA.
The processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to the legitimate interest in targeting website visitors with advertising by displaying personalized, interest-based advertising for visitors to the provider’s website when they visit other websites in the Google Display Network.

You can permanently deactivate the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: https://support.google.com/ads/answer/7395996?hl=de

Alternatively, you can disable the use of cookies by third parties by visiting the Network Advertising Initiative deactivation page at https://www.networkadvertising.org/choices/ and implementing the additional opt-out information provided there.

Further information about Google Remarketing and the associated privacy policy can be found at: https://www.google.com/privacy/ads/ .

We also use Google Conversion Tracking to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you. Google Adwords will place a cookie (see section 5) on your computer if you have accessed our website via a Google ad.

These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

Each Adwords customer receives a different cookie. Cookies cannot therefore be tracked across Adwords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this purpose - for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain "www.googleadservices.com" are blocked.

Google’s privacy policy regarding conversion tracking can be found here https://services.google.com/sitestats/de.html .

1. b) Facebook Inc.

If you have consented to this when visiting our website, we use the Facebook pixel , the tracking pixel of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. This pixel can be used to track the behavior of users after they have been redirected to our website by clicking on a Facebook ad. This enables us to record the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means we do not see the personal data of individual users. However, this data is stored and processed by Facebook, and we will inform you about this to the best of our knowledge. Facebook can link this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's data usage policy, which you can view here.

You also have the option of prohibiting Facebook and its partners from displaying advertisements. You can edit the settings for Facebook advertisements at the following link: https://www.facebook.com/ads/website_custom_audiences/ .

1. c) Adform Conversion Tracking

This website uses conversion tracking from Adform . The cookie for conversion tracking is set when a user comes into contact with an ad placed by Adform. These cookies do not contain any information that can be used to personally identify users. Users who do not wish to participate in tracking can deactivate the Adform cookie via their Internet browser. Further information on Adform's data protection policy can be found at https://site.adform.com/privacy-policy-opt-out/ . There you also have the option of preventing tracking via an opt-out.

1. d) Amazon Inc.

We use the functions of the two web analysis services Amazon Conversion Pixel and Amazon Remarketing Pixel on our website . The provider in each case is Amazon.com, Inc., 410 Terry Ave. North Seattle, WA, USA. The Amazon Conversion Pixel and the Amazon Remarketing Pixel also use cookies that are stored on your device and that enable analysis of your use of the website as well as personalized advertising.

Here, too, you can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out again that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent Amazon from collecting the data generated by the cookie and relating to your use of the website and from processing this data by clicking on this link and selecting the setting “Do not personalize advertising shown by Amazon for this Internet browser”: https://www.amazon.de/adprefs .

Alternatively, you can make the appropriate settings at http://www.youronlinechoices.com/de . An opt-out cookie will then be set in your browser, which will prevent the future collection of your data by the Amazon pixel when you visit our website. This objection will remain valid as long as you do not delete the opt-out cookie.

1. e) Microsoft Inc. (Bing Ads)

We also use conversion tracking from Microsoft . The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). When you use it, Microsoft Bing Ads will place a cookie on your computer if you came to our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, been redirected to our website and reached a previously determined landing page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is disclosed. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this purpose - for example by using a browser setting that generally deactivates the automatic setting of cookies. Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement .

5. Use of social media plugins

We use so-called plug-ins (buttons) from various social networks on our website so that you can use the interactive options of the social networks you use on our website. These plug-ins provide various functions, the subject and scope of which is not determined by us but by the operators of the social networks.

Please note that we are not providers of the social networks and have no influence on the data processing or content of the respective service providers. The legal basis for the use of the plugins is, If personal data is processed when linking via social media plugins, this is in our legitimate interest in enabling you to interact directly with social networks of which you are a member via the design of our website and in our legitimate interest in providing interaction options for the purpose of advertising, , Art. 6 Para. 1 f EU GDPR.

We use the following social media plugins. We would like to inform you about how they work:

1. a) Facebook

Our website contains plug-ins from the social network “Facebook”, 1601 South California Avenue, Palo Alto, CA 94304, USA. You can recognise the Facebook plug-in by the Facebook logo or “Like button” on our page. You can find an overview of Facebook plug-ins here .

If you activate the plugin, a direct connection is established between your browser and the Facebook server via the plugin. Facebook therefore receives the information that you have visited our website using your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link to the content of our pages in your Facebook profile.

We would like to point out that we have no knowledge of the content of the data transmitted or how it is used by Facebook and that we are not responsible for data processing by Facebook. You can find more information on this in Facebook's privacy policy .

1. b) Instagram

Our website uses plugins from Instagram, which is operated by Instagram LLC , 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. You can find an overview of the Instagram plugins and what they look like here .

If you activate the plugin, a direct connection will be established between your browser and the Instagram server via the plugin. Instagram will then receive the information that you have visited our website using your IP address. In this case, this information (including your IP address) will be transmitted directly from your browser to an Instagram server in the USA and stored there.

If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example by pressing the "Instagram" button, this information is also sent directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by Instagram and that we are not responsible for data processing by Instagram. You can find further information on this in Instagram's privacy policy .

1. c) Pinterest

On our website we use plugins from the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest"). When you activate the plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies.

Further information on the purpose, scope and further processing and use of data by Pinterest as well as your rights and options for protecting your privacy can be found in Pinterest's privacy policy .

6.     Social networks

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. When you access the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process user data if they communicate with us within social networks and platforms, e.g. by writing posts on our online presence or sending us messages.

When users leave comments or other contributions on our social media presences, their IP addresses are stored for 7 days based on our legitimate interests within the meaning of Art. 6 Paragraph 1 Letter f. GDPR. This is done for our security in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves can be held liable for the comment or contribution and are therefore interested in the identity of the author.

7.     Data security

When you visit our website, we use the common SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted using encryption by the closed display of the key or lock symbol in the lower status bar of your browser.

8.     Duration of data storage

In accordance with the principles of data avoidance and economy, we will not process your information for longer than is necessary for the purpose for which it was collected or as provided for by law. As soon as the purpose of data processing no longer applies and/or statutory storage periods have expired, the data stored by you will be deleted.

9.     Rights of the data subject

To the extent that you are affected by the processing of personal data, you have the following rights:

1. a) Right to information, Art. 15 GDPR

According to Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

1. b) Rectification and completion, Art. 16 GDPR

According to Art. 16 GDPR, you have the right to immediately request the correction of inaccurate or completion of your personal data stored by us.

1. c) Deletion, Art. 17 GDPR

According to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

1. d) Restriction of processing, Art. 18 GDPR

According to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you require it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.

1. e) Provision of stored data, Art. 20 GDPR

According to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller.

1. f) Revocation of consent granted, Art. 7 Para. 3 GDPR

According to Art. 7 Para. 3 GDPR, you have the right to revoke your consent at any time. This means that we may no longer continue the data processing based on this consent in the future.

1. g) Right to lodge a complaint, Art. 77 GDPR

According to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or of our company headquarters.

10.     Right to object

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to exercise your right of withdrawal or objection, simply send an email to hello@ovallskincare.de

11.     Changes to our privacy policy

We reserve the right to adapt our data protection declaration to ensure that it always complies with the applicable legal requirements, particularly in the event of changes to our services. The data protection declaration in the current version published on our website always applies to your visit to our website.

12.   Questions to the Data Protection Officer

If you have any questions about our privacy policy, please contact us directly at hello@ovallskincare.de or by post to the Grafenberger Allee 68, 40237 Düsseldorf, Germany .