Privacy Policy of the A4 COSMETICS Shop

(Last update: May 2019)

We are pleased about your interest in our shop under the URL https://www.a4healthandbeauty.... (hereinafter referred to as "Shop"). Below we inform you about the processing of your personal data when operating our Shop.

1. Responsibility

    The “controller” under data protection law is ESM GmbH & Co. KG (referred to below as „A4COSMETICS“ or „us“), Cuvilliesstraße 14, 81679 Munich, Germany email address: [email protected].

    2. Contact details of the data protection officer

      Our Data Protection Officer can be contacted at: [email protected]

      3.Access to our Shop

        You can visit our Shop without providing personal data. We store your access data temporarily in so-called "web server log files". These cover the following data:

        • IP address
        • Date and time of the retrieval of the shop
        • Name and URL of the requested file
        • The transferred data volume
        • The notification whether the access was successful
        • Browser type/version
        • URL of the website visited before,
        • Name of your internet access provider

        The collection of those data is required to enable your device to access our Shop and use its functions. Unfortunately, the Shop cannot be used without the provision of your IP address.

        Such data collection takes place prior to entering into a contract and for the purposes of our legitimate interests to show you the content of this Shop.

        4. Cookies

          4.1 Use of Cookies for convenience

          When using our Shop, cookies will be generated to ensure that your visit is an enjoyable one and to enable the use of specific functions. “Cookies” are small text files which are transmitted from our web server to the browser of your terminal device and will be stored there. We have a legitimate interest in carrying out the processing for the purpose of improving our Shop and analyzing its use.

          The cookies contain the following data:

          The following table describes which cookies we use and why they are requested:

          Name of cookie

          Description of the cookie

          requiredsession Cookies

          PHPSESSID

          form_key

          pypf

          These cookies are required for a trouble-free visit of the Shop, as they provide the current browser session via several page views and tabs.

          Cookie-settings

          user_allowed_save_cookie

          This cookie stores your setting as to whether cookies may be used by the Shop or not. Please note that this cookie and the session cookies are mandatory for technical reasons.

          Necessary permanent Cookie

          login

          mage-*
          private-content-version
          autocomplete-*
          section_data_ids

          aka_mvt_id
          aka_mvt_buttons

          _dc_gtm_UA-57662995-1

          The login cookie stores the login data of your customer account in encrypted form as soon as you have checked the option "Stay logged in" when logging in. The mage cookies are necessary for keeping the shop system to provide the site, the shopping cart and the purchase. The same applies to autocomplete and section_data_ids. The aka_ cookies are set by PayPal and secure the payment process. Further information on the use of cookies by PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE

          Blog section commentar & share function Cookies

          mus
          ouid
          uid
          uvc
          xtc

          datr
          fr
          IDE

          When you use the blog a share feature is activated enabling you to share content on social networks. The cookies identify the sharing user and protect others against spam. For avoiding double sending of comments additional cookies are installed when you use the comment function in the blog.

          Statistic permanent Cookies

          _ga
          _gat
          _gid

          1P_JAR
          CONSENT
          NID

          These cookies are provided by the feature Google Analytics (see below under Section 4.2).

          These cookies store information about the user behaviour. The cookies collect anonymous data about the number of visitors to the Shop, where the visitors came from and which pages of the Shop have been accessed.

          When you disable the Google Analytics feature on this page, the cookie _dc_gtm_UA-* will be set.

          Users who logged in:

          If you provide us with your consent by clicking "Stay logged in. I can withdraw this consent at any time with future effect. The lawfulness of the cookies used up to the receipt of the revocation will not be affected thereby.” we are able to install a permanent Cookie, which recognizes you when you access our Shop and automatically associates you with your customer account.

          4.2 Use of Cookies for advertising, market analysis and adapted services (Google Analytics and Social Plugins)

          • Google Analytics

          We use the web analysis service Google Analytics of Google Ireland Limited, Ireland ("Google"). To this end, Google also uses cookies which are stored on your device and facilitate an analysis of your use of the Shop. Google will use that information on our behalf to compile reports on your use of the Shop and to provide other services to us relating to website activities and Internet usage. Google and its affiliated companies operate servers worldwide on which personal data can be stored. Pursuant to Google’s data privacy policy, Google ensures an adequate data protection level when transferring data to third countries.

          The parent company Google LLC, USA has certified itself for the EU-U.S. Privacy Shield Framework to ensure an adequate data protection level (Art. 45 para. 3 GDPR). Google acts as a processor for this service and hence we entered into a data processing agreement with Google stipulated by the latter.

          To warrant an anonymised collection of IP addresses, the source code of Google Analytics was expanded by the code, “_anonymizeIP”. Thereby, the IP addresses will only be processed in a shortened form to exclude a personal reference.

          The IP address transmitted by your browser in connection with Google Analytics will not be aggregated with other data of Google.

          You can prevent the collection of the data relating to your use of the Shop (including the IP address) and their processing by Google not only through your browser settings, but also by downloading and installing the browser plug-in which is available at the following link:

          http://tools.google.com/dlpage/gaoptout?hl=de.

          Alternatively, you can prevent the collection and use of your data by clicking the following link:

          Disable Google Analytics

          By clicking the link, on opt-out cookie will be set, which prevents the collection of your data by Google.

          Please do not delete the opt-out cookie so long as you wish to keep up your objection.

          Further information regarding the terms of use and data privacy of Google is available at the following links:

          https://www.google.com/analytics/terms/gb.html

          https://marketingplatform.goog... Analytics enables us to request advertising reports about visitors to our website. These reports contain anonymous statistical data on the age, gender and interests of visitors to our website. For more information about this service, please go to https://support.google.com/analytics/answer/3450482?hl=en&utm_id=ad

          Data will in particular be collected by users of a Gmail account as this service is also provided by Google. You can change your advertising settings for this under https://adssettings.google.com/authenticated to prevent the collection of activities and information for individual marketing.

          • Social Plug-Ins

          Please be aware that we use social plugins on our Shop, such as Facebook and Instagram (operator: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), Twitter (operator: Twitter International Company, One Cumberland Place Fenian Street Dublin 2 D02 AX07 Ireland), and Google (operator: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland) integrated. You can identify the logos by their brand.

          For protecting your data, we have implemented the so-called 2-click solution: When visiting our shop, none of your personal data is initially passed on to Facebook, Twitter, Instagram or Google (hereinafter jointly referred to as "plug-in provider"). Only if you click on the plug-in of the respective plug-in provider personal data will be transmitted to this provider.

          By activating the plug-in, the plug-in provider receives the information that your browser has accessed our Shop, even if you do not have an account with the plug-in provider or are not logged in at this time. This information (including your IP address) is transmitted by your browser directly to a server of the plug-in provider and stored there. Such data may be stored in third countries. However, the plug-in providers ensure an adequate data protection level as foreseen by the GDPR. The parent companies of the plug-in providers are mainly resident within the US. They have certified themselves for the EU-U.S. Privacy Shield Framework.

          If you are logged in for a specific social media, the plug-in provider can assign your visit of our Shop to your account. If you click on a plug-in or make a comment, this information will be transmitted to a server of the plug-in provider and stored there. The information is also published on the pages of the plug-in provider and shared with your friends.

          If you do not want this to happen, you must log out of the respective plug-in provider before visiting our Shop.

          The plug-in providers may use the collected data for advertising purposes, market research and optimizing their sites. For this purpose, the plug-in provider creates profiles or your interests, usage and relationships, e.g. to evaluate your use of our Shop with regard to the advertisements displayed to you by the plug-in provider, to inform other users of the platforms of the plug-in providers about your activities on our shop and to provide further services associated with the use of the platform of the respective plug-in provider. If you do not agree with the creation of profiles you can object to such processing. However, to exercise this right of objection, you need to contact the plug-in provider directly.

          We do not have any control over the collecting of data as well as other data processing procedures, nor are we aware of the full scope of data collection, the purposes and storage periods. For further information including but not limited to your rights and setting options for protecting your data please read the plug-in providers’ data privacy policies by clicking on the following links

          https://www.facebook.com/privacy/explanation

          https://twitter.com/en/privacy

          https://help.instagram.com/155833707900388

          http://www.google.com/intl/de/+/policy/+1button.html .


          • Google AdWords

          This Shop uses Google's online advertising program "Google AdWords", including but not limited to conversion tracking. A conversion can consist of, for example, a purchase, a registration, a page access or a request. Google has developed a tool to measure these conversions and ultimately the effectiveness of AdWords ads. The conversion tracking cookie is set on your device when you click on an ad placed by Google. These cookies expire after 30 days and do not serve to identify you. If you go to specific pages of this Shop and the cookie has not expired yet, we and Google may recognize that you clicked on the ad and have been forwarded to that page. For each Google AdWords customer there will be a different cookie. As a result, cookies cannot be tracked through AdWords customer websites. The information collected from the Conversion cookie is used for generating conversion statistics for AdWords customers who have opted for Conversion Tracking. Customers of AdWords will get to know the total number of users who clicked on their ad and were directed to a page with a conversion tracking tag. However, they will not receive information that personally identifies users. If you do not wish to participate in tracking, you can easily disable the Google Conversion Tracking cookie from your Internet browser under User Preferences. You can also prevent the use of these cookies in your Google advertising settings.

          • Facebook Pixel

          We further use a "visitor action pixel" of Facebook Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland ("Facebook "). It allows us to track the actions of users after they have seen or clicked on a Facebook ad. Hence, we can track the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this means are anonymous to us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook. Facebook may link this information to your Facebook account and may also use it for its own promotional purposes, in accordance with Facebook's privacy policy https://en-gb.facebook.com/privacy/explanation. You can enable Facebook and its affiliates to display ads within or outside of Facebook. For these purposes, an additional cookie may be stored on your device.

          • Google Fonts

          Further, A4Cosmetics uses the Google Fonts tool for displaying different fonts. This tool is also offered by Google. For this service, the IP address of the requesting device will be forwarded to the copyright holder delivering the font. The processing serves the legitimate interest of A4Cosmetics to display the website content with the desired font. The IP address is deleted immediately after the font is retrieved.

          • Blog-Function

          This Shop also provides of a blog feature, on which we report on various topics and products.

          On the blog, you can comment on the individual topics. We will ask for your name to be displayed, your e-mail address and your comment. We publish your comment with your prior consent. Only the name you listed will be published. Please be aware that these contents can be accessed worldwide via the Internet. We therefore recommend that you use a pseudonym to protect your data. You can revoke your consent at any time with future effect. The lawfulness of your published posts sent up to the receipt of the revocation will not be affected thereby.


          • Use of AddThis Plugins (e.g. „Share“-Button)

          On our Shop you can find so-called Social Plugins ("Plugins") of the bookmarking service AddThis, which is operated by Oracle America, Inc., 500 Oracle Parkway, Redwood Shores, CA 94065, USA ("AddThis"). The plugins are usually marked with an AddThis logo, for example in the form of a white plus sign on an orange background. An overview how the AddThis plugins look like can be found here.

          If you access a website of our Shop with this plugin, your browser will be connected to the servers of AddThis. The content of the plugin is transmitted directly to your browser by AddThis and integrated into the page of our Shop. Due to this integration, AddThis receives the information that your browser has accessed the corresponding page of our Shop and stores a cookie for identifying your browser on your device. This information (including your IP address) is forwarded from your browser to an AddThis server in the USA and stored there. AddThis has certified itself for the EU-U.S. Privacy Shield Framework to ensure an adequate data protection level (Art. 45 para. 3 GDPR, see https://www.privacyshield.gov/participant?id=a2zt00000000181AAA). With such data AddThis will create anonymous user profiles to provide visitors of websites with AddThis plugins with personalized and interest-related advertising. Please read the data privacy policy of AddThis to learn more about the purpose and scope of the data collection, the data processing and use of the data by AddThis:

          https://www.oracle.com/legal/privacy/addthis-privacy-policy.html

          If you do not want AddThis to collect your data in the future, you can install an opt-out cookie, which you can download here:

          http://www.addthis.com/privacy/opt-out

          You can also prevent the AddThis plugins from loading by implementing add-ons for your browser, e.g. with the script blocker NoScript.

          5. Customer Account

          On our Shop, you can set up a customer account.

          When creating a customer account, you will be asked to enter your first name, last name, e-mail address and a password. E-mail address and password serve as your access data, which we cross-check with the inputs you provide when logging into your customer account. We use your surname and first name to identify you as our contractual partner. Hence, the purposes of this data processing are pre-contractual measures and fulfillment of the contract.

          We use your access data (e-mail address and password), which you enter in order to access your customer account, to verify the information you provided when setting up your customer account. This also promotes the purpose of fulfilling the contract. To complete the registration process, we will provide you with an e-mail with a link. Your registration will not be completed before you click on the link. If you do not click on the link for more than 14 days, your registration data will be deleted unless you are registered as a guest with an order in our system.

          Setting up a customer account is voluntary. You can place orders as a guest at any time, even without a customer account. In this case, however, you cannot log into our customer account area and you will need to re-enter your personal data if you make an additional order at a later time.

          After having set up a customer account, you can access and edit your personal data and your address book. If you enter names and addresses of third parties (e.g. in the address book or as shipping address), we assume that you are authorized to do so, and you gained the prior consent of the affected individuals.

          You can terminate your customer account at any time with short notice. We reserve the right to terminate your account with one month's notice to the end of the month if you did not log into your account for five years or more.

          6. Ordering goods

            • Order process

          The data (including but not limited to name and address) provided in your order are required for pre-contractual purposes and for the fulfilment of the contract. Without such data no contract can be entered into. We will ask you for your phone number based on our legitimate interest to contact you by telephone in case of questions regarding your orders. If you do not provide us with your telephone number, we will not be able to ask you any questions about orders. The data provided by you (name, address, telephone number and e-mail address) will be stored electronically and used to carry out your order, which means processing your payment processing and delivering your goods. We use the e-mail address you provide to confirm receipt and acceptance of your order and verify that the e-mail address you provided actually belongs to you. By this means, we take pre-contractual measures. If you do not provide us with your email address, we will not be able to inform you of the status of the order and verify that the email address is yours.

          • Payment Methods

          Currently, you can choose between the following payment methods:

          • PAYONE (Kauf auf Rechnung).
          • Credit card.
          • PayPal and
          • SOFORT Ueberweisung.

          When choosing the payment option "credit card" your credit card data, when choosing the payment option "invoice" invoice amount, order number and date of birth will be collected and processed by BS PAYONE GmbH, Lyoner Str. 9, 60528 Frankfurt on the Main, Germany (hereinafter referred to as "BS PAYONE").

          SOFORT GmbH, a company belonging to the Klarna Group, resident at Theresienhoehe 12, 80339 Munich, Germany offers the payment method “SOFORT Ueberweisung” to You. To proceed Your payment, SOFORT GmbH collects the following personal data: name, IBAN, reference, amount and date.

          If you would like to use PayPal for your payment, the amount to be paid will be transferred to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"), after which your log-in data will be collected by PayPal. The data processing takes place according to your own contractual user relationship with Paypal. Except for the information on your successful payment we do not receive any of your payment data.

          The billing service is offered by BS PAYONE. BS PAYONE is a payment service provider who initiates your payment for the goods you ordered. With the goods or by e-mail you will receive an invoice from BS PAYONE. BS PAYONE will then forward this payment to A4Cosmetics.

          We process your data based on the payment method and with the payment provider you selected to initiate the payment of goods to process the payment and our economic interest in outsourcing processes that are not part of our main business. If you do not want to provide the information requested for that payment option, that payment option will not be available and you will need to choose an alternative payment option.

          Further details on data protection can be found on the following websites:

          • BS PAYONE:

          https://bsp-live.s3.eu-central-1.amazonaws.com/file/0001/01/2094562d8f51307118e946fbafabf32be912d1cd.pdf

          • SOFORT Ueberweisung:

          https://www.klarna.com/sofort/privacy-policy/


          7. Sending newsletters

          On our Shop, you can subscribe for our e-mail newsletter.

          When subscribing for our newsletter you make the following agreement:

          "I agree that ESM GmbH & Co. KG, Munich, regularly (maximum 2 times per month) informs me by e-mail about current offers and interesting facts about A4 Cosmetics. I can withdraw this consent at any time with effect for the future. The lawfulness of the newsletters sent up to the receipt of the revocation will not be affected thereby."

          You can unsubscribe from the newsletter by using the unsubscribe option provided in the newsletter or simply by notifying us, e.g. by sending an e-mail to [email protected] . You cannot use this service without providing your e-mail address for the newsletter.


          8. Using the contact form and our customer support number

          By this Link https://www.a4healthandbeauty.de/kontakt/ you can ask us questions about products or other topics. You will need to provide us with your name, email address and message. You can also use our service hotline. The purpose for providing your data varies based on your request and your status as an interested party or customer. It can be fulfilling an agreement or providing pre-contractual measures. We cannot answer your request without the requested information. If you do not provide voluntary details, this will be without any consequences. If you forward us voluntary details we will use it to contact you.

          9. Statutory and contractual duties to provide data

          The provision of your data as described in this data privacy policy is neither contractually required nor prescribed by law.

          10. Disclosure of your data

          We will only disclose your data to third parties if we are entitled or obliged to do so by applicable law.

          We are authorized to do so if you give us consent or third parties who process data on our behalf: If we do not carry out our business activities (e.g. operation of the Shop, product adaptation, customer service, production and dispatch of advertising material, data analysis and, if applicable, data clearing, payment processing) ourselves, but have them carried out by other companies, and these activities are connected with the processing of your data, we have previously contractually bound these companies to use the data only for the purposes permitted by law. We are authorised to monitor these companies in that respect. Data will also be shared with Google Ireland through the Google Maps service on a shared responsibility basis.

          When you order goods in our Shop we forward your data required for delivery (name, address) to the respective shipping company. If delivery shall take place to a country of the EU except for Germany more than one shipping company can be involved. Additionally, we forward your payment data to the responsible bank for payment in order to process payments unless you selected a payment service provider for this purpose.

          In the event of a default in payment name, address and date of birth will be forwarded to collection service providers and processed on our behalf for debt recovery. This shall speed accelerate the collection of debts as our legitimate interest.

          In particular cases, we may be bound by law to pass your personal data along to authorities or courts. This data processing is therefore based on a legal obligation.


          11. Storage period and deletion of data

          The data that you provide when setting up a customer account will be stored until you terminate your customer account or you do not log into your customer account for a period of 5 years and we therefore terminated your customer account. This shall include but not be limited to order data.

          Your blog comments (including the displayed name and email address) will be stored by A4Cosmetics until you withdraw your consent or the content will be deleted by A4Cosmetics.

          Apart from that, we store your order data for up to 10 years pursuant to the legal retention periods. To the extent that your data needs to serve as evidence in a legal dispute, those data will be stored for the duration of the legal dispute or the statutory limitation periods, respectively. While the limitation period can be up to 30 years (see Art. 195 pp of the German Civil Code), the regular limitation period is three years.

          The data that you provide when using our contact form or service number will be deleted as soon as we can assume that your request has been completely clarified and that this data has not been collected for contractual purposes at the same time. Communication on warranty rights is stored for the duration of the warranty period or the end of the respective limitation period. Data collected and used on the basis of your consent will be deleted after receipt of your withdrawal.

          12. Your rights (rejection, revocation, information, correction, restriction of processing, deletion, transferability, complaint)

          • Objection
          • You have the right at any times to object the processing of your personal data which is processed in connection with this shop. Therefore you can use the contact data of section 1 and 2. If you reject, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

            • Revocation

            In addition, you have the right to revoke any consent given with effect for the future. The lawfulness of the processing activities based on your consent will, however, not be affected up to the exercise of the right of revocation.

            • Other rights

            You have the right, free of charge, to be provided with information regarding your personal data stored by us, to correct inaccurate data, and to have data being restricted in processing or deleted. You also have the right to be provided with your data in a structured, commonly used and machine-readable format and to have your data transmitted by us to another person. Finally, you have the right to lodge a complaint with a supervisory authority.

            With the exception of your right to lodge a complaint with a supervisory authority, you may address your relevant request to the contact details specified in sections 1 and 2 above.


            13. Data security

            Your personal data will be transmitted via the Internet in encrypted form. We secure the Website and the other systems by technical and organisational measures, in particular, the encryption technology, SSL (Secure Socket Layer), against any loss, destruction, access, alteration or dissemination of your data by unauthorised persons.You can access your customer account only by entering your personal password. Please treat any access data strictly confidential and close your browser window if you terminated the communication with us, in particular if you use the device with others.

            Taking into account the state of technology, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the likelihood and severity of an infringement of the rights and freedoms of natural persons, the A4COSMETICS has implemented appropriate technical and organisational measures within the meaning of Article 32 GDPR.

            The following measures will, inter alia, be taken to protect your data and to protect them against any loss, destruction, access, alteration or dissemination by unauthorised persons:

            • ensuring the confidentiality, integrity, availability and resilience of the processing systems and services;
            • ensuring the speedy restoration of the availability of personal data in the event of a physical or technical incident;
            • the implementation of procedures for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures for ensuring the security of the processing.
            • Please note that, while we endeavour to create a secure and reliable Shop for users, the absolute confidentiality of messages or materials transmitted to, or from, the Shop cannot be guaranteed.