We would hereby like to inform you of the ways and scope in which your personal data is processed by BCG Baden-Baden Cosmetics Group GmbH and your rights in accordance with data protection legislation.
1. Who Is Responsible for Data Processing and How Do I Contact the Data Protection Officer?
The party responsible for data processing is:
BCG Baden-Baden Cosmetics Group GmbH
Data protection officer
Im Rosengarten 7
76532 Baden-Baden, Germany
Represented by: Managing Directors Hermann Crux and I-Ting Wu
You can contact our data protection officers via the contact data above or via email at firstname.lastname@example.org
What Are the Purposes of and Legal Basis for Processing Data?
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (new FDPA) as well as all other relevant laws only insofar as this is required to provide information on this website as well as our services on this website.
If you are using the website simply for information purposes, that is to say, if you are not logging in or registering to use the website or providing us with any other information, we will not collect any personal data, with the exception of the data that your browser transmits in order to enable you to visit the website. These are:
- IP address
- Date and time of query
- Time zone difference in relation to Greenwich Mean Time (GMT)
- Content of request (specific page)
- Access status/HTTP status code
- Transferred data quantity in each case
- Website issuing the request
- Operating system and its interface
- Language and version of the browser software.
To ensure that the website functions, this information is saved in log files. Furthermore, this data is used for the purposes of ensuring that our information-technology systems are secure and optimizing our website.
Art. 6 (1) f) of the GDPR forms the legal basis for temporarily saving data and log files. If processing operations for personal data are based on acquiring the consent of the person affected, Art. 6 (1) a) of the GDPR serves as the legal basis.
Art. 6 (1) b) of the GDPR forms the legal basis for processing personal data in order to fulfill contracts in the case that one of the contracting parties is the person concerned. The same applies to implementing pre-contractual measures that necessitate processing operations. If our company is subject to a legal obligation for which it is necessary to process personal data, Art. 6 (1) c) of the GDPR serves as the legal basis. Art. 6 (1) d) of the GDPR is the legal basis in cases where vital interests of the persons concerned or another natural person necessitate the processing of personal data. If personal data is processed in order to protect the legitimate interests of our company or a third party, the interests, basic rights and fundamental freedoms of the person concerned are of secondary importance. Art. 6 (1) f) of the GDPR is the legal basis for processing data in this instance. Personal data can be passed onto our IT service providers for the purposes of making this website available.
3. Data Security
We maintain up to date technical procedures to ensure data security, in particular in relation to the protection of your personal data against risks during data transfer and against third parties acquiring knowledge of these data. These procedures are continuously updated to reflect the current state of the art.
Transient cookies are automatically deleted once you close the browser. This includes in particular session cookies. These store a session ID with which various queries from your browser can be assigned to the same session. This enables your computer to be identified on a return visit to the website. The session cookies are deleted once you log out or close the browser.
Persistent cookies are automatically deleted after a specific period of time, which may vary from cookie to cookie. You may delete the cookies at any time in the security settings of your browser.
You may configure your browser settings as required and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out that if you do so, you may not be able to use all of the functions of this website.
The flash cookies used are not collected by your browser but by your flash plug-in. They store the necessary data independently of the browser you use and have no automatic expiry date. If you do not wish the flash cookies to be processed, you will have to install an add-on, e.g. “Clear Flash Cookies” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/clear-flash-cookies/) or Ado-be Flash Killer Cookie for Google Chrome.
Analysis cookies. We use analysis cookies to improve the content and quality of our website. Analysis cookies enable us to understand how our website is being used, which allows us to optimize our services on an ongoing basis.
Essential cookies enable basic functions and are necessary for the proper functioning of the website.
|Provider||Owner of this website|
|Purpose||Saves the settings of the visitors selected in the Borlabs Cookie cookie box.|
|Cookie Expiry||1 Year|
|Purpose||Tests the cookie behavior.|
|Cookie Expiry||end of the session|
|Provider||Owner of this website|
|Purpose||Saves the current language.|
|Cookie Name||_icl_*, wpml_*, wp-wpml_*|
|Cookie Expiry||1 Day|
Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website.
|Purpose||Google cookie for website analysis. Generates statistical data on how the visitor uses the website.|
|Cookie Expiry||2 Years|
Marketing-Cookies werden von Drittanbietern oder Publishern verwendet, um personalisierte Werbung anzuzeigen. Sie tun dies, indem sie Besucher über Websites hinweg verfolgen.
The content of video platforms and social media platforms is blocked by default. If cookies are accepted by external media, access to this content no longer requires manual consent.
|Purpose||Used to unlock Instagram content.|
|Cookie Expiry||end of the session|
It will be possible for you as a user to register on our website. For this purpose it is necessary to enter your personal data. The data entered in an input mask is transferred to our company and stored. The data will not be passed on to third parties at any time. Within the framework of the registration process, or at the time of registration, the following will be stored:
1. adress of the user
2. time of registration (date and time)
4. surname and forename
5. e-mail address
If the user has consented to the processing of the data, the legal basis is Art. 6 para. 1 lit. a DSGVO. If registration is required for the performance of a contract to which the user is a party, or if registration data is required as part of pre-contractual measures, Art. 6 para. 1 lit. b DSGVO forms the legal basis for data processing.
Registration may be necessary for three reasons: Either registration by you as a user is necessary for the provision of certain content and services on our website, for the fulfilment of a contract or for the implementation of pre-contractual measures.
As soon as the data is no longer required for the achievement of the original purpose for which it was collected, it is deleted. Data collected during the registration process will be deleted if the registration on the website is cancelled or modified. Data stored during registration for the execution of a contract or for the execution of pre-contractual measures will be deleted if they are no longer necessary for the execution of the contract.
In order to comply with legal or contractual obligations, it may be necessary to store personal data of the contractual partner even after the conclusion of a contract.
The premature deletion of data required for the fulfilment of a contract or for the implementation of pre-contractual measures is only possible if there are no contractual or legal obligations for further storage.
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP ad-dress) will generally be transmitted to and stored by Google on servers in the United States. If IP anonymization is activated on this website, Google will truncate your IP address within the Member States of the European Union or in other treaty States of the European Economic Area prior to transmitting it to the US. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. Google will use this information on behalf of the website provider for the purpose of evaluating your use of the web-site, compiling reports on website activity and providing the website provider with other services relating to website activity and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google. You may prevent the collection for Google of the data (incl. your IP address) generated by cookies and related to your use of the website, and the processing of such data, by downloading and installing the browser plug-in that can be accessed at: tools.google.com/dlpage/gaoptout. or by using Google Analytics OptOut on the basis of a cookie. This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in truncated form, thereby preventing them from being traced to a specific person. If the data acquired about you can be attributed to a personal connection, this contact will be dismissed immediately and the personal data will be deleted without delay. We use Google Analytics so that we can analyze the usage of our website and improve it on a continuous basis. Using the statistics obtained, we can improve our services and make these more interesting for you as a user. In exceptional cases in which personal data is transferred to the USA, Google has signed up to the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is Art. 6 (1) (1) f) of the GDPR. The legal basis for processing the personal data of users is Art. 6 (1) f) of the GDPR. Processing the person-al data of users enables us to analyze the browsing behavior of our users. By analyzing the data acquired, we are able to compile information about the use of the individual components that make up our website, which helps us to improve our site and how user-friendly it is on a continuous basis. Our legitimate interest in processing data lies in these objectives in accordance with Art. 6 (1) f) of the GDPR. Anonymizing the IP address means that the user’s interest with regard to the protection of personal data is sufficiently taken into account. The data is deleted as soon as it is no longer required for our recording purposes. Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: www.google.com/analytics/terms/de.html, overview of data protection: www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy statement: www.google.de/intl/de/policies/privacy.
Use of Social Media Plug-Ins
We currently use the following social media plug-ins: Facebook, Instagram. As part of using these plug-ins, we adopt the ‘two-click’ solution. This means that when you visit our site, no personal data is passed onto the provider of these plug-ins. You can identify the provider of the plug-in via the marking on the box above the initial letters of the company name or the logo. We give you the option to communicate directly with the plug-in provider via the button. Only when you click on the marked field and thereby activate it does the plug-in provider receive the information that you have called up the respective web page of our website. In addition, the data referred to under No. 2 of this statement is transferred. In the case of Facebook and Instagram, the IP address is anonymized immediately after it is obtained in Germany according to the information provided by the respective providers. When the plug-in is activated, personal data is transferred from you to the respective plug-in provider and then saved by the respective provider (in the USA in the case of US providers). As the plug-in provider obtains data primarily via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box. We do not have any influence on the data obtained or the data processing procedures and neither are we aware of the full extent of the data obtained, the purposes of processing the data and the periods for which the data is stored. We also do not have any information on the plug-in providers’ procedures for deleting the data obtained. The plug-in provider saves this data as a usage profile and uses this for the purposes of advertising, con-ducting market research and/or designing its website in line with users’ needs. This data (including the data of users who are not logged in) is analyzed in particular for the purposes of displaying appropriate advertisements and informing other users of the social network of your activities on our website. You have the right to object to the creation of this user profile; you need to contact the respective plug-in provider to exercise this right. Through plug-ins, we give you the option of interacting with social networks and other users, so that we can improve our website and make it more interesting for you as a user. The legal basis for using plug-ins is Art. 6 (1) (1) f) of the GDPR. Data is passed on irrespective of whether you have an account with the plug-in provider and are logged into this account. If you are logged into the plug-in provider’s site, the personal data we have obtained from you is directly allocated to your existing account with the plug-in provider. If you press the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and publicly shares it with your contacts. We recommend that you log out regularly after using a social network and especially before activating the button as doing so means that you can avoid data being allocated to your profile by the plug-in provider. You can find more information on the purpose and scope of data collection and data processing by the plug-in providers in the providers’ privacy statements provided below. These statements will also provide you with further information on your rights regarding this matter and how you can adjust your settings to protect your privacy. The addresses of the respective plug-in providers and URLs to their data protection information: a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; more information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other applications as well as www.facebook.com/about/privacy/your-info everyoneinfo. b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/. c) Instagram LLC, 1601 Willow Rd Menlo Park CA 94025 USA. You can find more information on data collection at: help.instagram.com/155833707900388/ d) YouTube LLC 901 Cherry Ave. San Brund, CA 94066 USA; you can find more information at: policies.google.com/privacy
Facebook Custom Audiences
The website also uses the remarketing function “Custom Audiences” of Facebook Inc. (“Facebook”). This enables users of the website to be presented with interest-related advertisements (“Facebook Ads”) when they visit the social network Facebook or other websites that also use the process. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website more interesting for you.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have called up the corresponding website of our Internet presence or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features.
Deactivation of the “Facebook Custom Audiences” function is possible for logged in users at https://www.facebook.com/settings/?tab=ads#_möglich.
The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f DS-GVO.
Information about the third party provider: Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: https://www.facebook.com/about/privacy.
- Facebook and Data Protection
BIO:VÉGANE GmbH uses the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland for the information service offered here.
Please note that you use this Facebook page and its functions at your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information offered via this page on our website at www.biovegane.com.
When you visit our Facebook page, Facebook records, among other things, your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information on this at the following link: http://de-de.facebook.com/help/pages/insights.
The data collected about you in this context will be processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook describes in general terms what information Facebook receives and how this information is used in its data use guidelines. There you will also find information about how to contact Facebook and about the settings for advertisements. The data use guidelines are available at the following link: http://de-de.facebook.com/about/privacy, the complete Facebook data guidelines can be found here: https://de-de.facebook.com/full_data_use_policy
In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us.
When accessing a Facebook Page, the IP address assigned to your device is transmitted to Facebook. According to information from Facebook, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (e.g. as part of the “login notification” function); if necessary, Facebook is thus able to assign IP addresses to individual users.
If you are currently logged in to Facebook as a user, a cookie containing your Facebook ID is stored on your device. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Using Facebook buttons integrated into websites, Facebook is able to record your visits to these websites and assign them to your Facebook profile. This data can be used to offer content or advertising tailored to you
If you want to avoid this, you should log out of Facebook or disable the “stay logged in” function, delete the cookies on your device, close and restart your browser. This will delete Facebook information that can be used to identify you immediately. This allows you to use our Facebook page without revealing your Facebook identification. When you access interactive features of the site (Like, Comment, Share, Messages, etc.), a Facebook login screen appears. Once you have logged in, you will again be recognizable to Facebook as a specific user. For information on how to manage or delete existing information about you, please visit the following Facebook support pages: https://de-de.facebook.com/about/privacy# As the provider of the information service, we do not collect and process any other data from your use of our service. You will find the current version of this data protection declaration under “Data protection” on our Facebook page. If you have any questions regarding our information service, you can contact us at email@example.com. Further information about Facebook and other social networks and how you can protect your data can also be found on youngdata.de.
Use of social media
- a) Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other applications and http://www.facebook.com/about/privacy/your-info.
- b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.
We operate our social media sites to achieve the broadest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Where applicable, the analysis processes initiated by the social networks are based on different legal bases, which must be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a DSGVO). The data collected directly by us will be deleted from our systems as soon as the purpose for their storage no longer applies, you request us to delete them or revoke your consent to their storage. Stored cookies remain on your end device until you delete them. Legal provisions, in particular retention periods, remain unaffected.
If you visit one of our appearances in the social media (e.g. Facebook), such a visit triggers processing of your personal data. In this case, we are responsible for these data processing operations together with the operator of the respective social network in accordance with Art. 26 DSGVO. Your rights (right to information according to Art. 15 DSGVO, right to correction according to Art. 16 DSGVO, right to deletion according to Art. 17 DSGVO, right to limitation of processing according to Art. 18 DSGVO, right to data transferability according to Art. 20 DSGVO and right to complain according to Art. 77 DSGVO ) can be asserted in principle both against us and against the operator of the respective social network (e.g. Facebook).
Please note that despite the joint responsibility according to Art. 26 DSGVO with the operators of social networks do not have full influence on the data processing of the individual social networks. The corporate policy of the respective provider has a decisive influence on our possibilities.
Which Data Protection Rights Can I Enforce as a Concerned Party?
If professional provisions are not in conflict, you have the right:
- To withdraw any consent given to us at any point in time in accordance with Art. 7 (3) of the GDPR. This results in us no longer being permitted to continue data processing operations based on this consent in the future.
- To request information on your personal data processed by us at any time in accordance with Art. 15 of the GDPR. In particular, you can request information on the purposes of processing the data, the category of personal data, as well as the source of the data, the categories of recipients to whom your data was or is disclosed, the purpose and intended storage period, the existence of a right to rectify incorrect data, erase data and restrict processing operations or object to data being processed, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, as well as the existence of an automated decision-making function, including profiling and, where applicable, significant information regarding the profiling details;
- To request that incorrect or incomplete personal data saved by us is rectified or completed without delay in accordance with Art. 16 of the GDPR;
- To request that personal data saved by us be erased in accordance with Art. 17 of the GDPR, pro-vided that processing this data is not required for the purposes of exercising freedom of expression and information, fulfilling a legal obligation or for reasons relating to public interest or to establish, exercise or defend legal claims;
- To request that the processing of your personal data is restricted in accordance with Art. 18 of the GDPR, insofar as you dispute the accuracy of the data, the processing operation is illegal but you refuse the erasure of the data and we no longer require the data, you need this data to establish, exercise or defend legal claims however or you have filed an objection to the processing of your personal data in accordance with Art. 21 of the GDPR;
- To receive your personal data with which you provided us in a standard, structured format that can be processed by a computer in accordance with Art. 20 of the GDPR or to have this data transferred to another responsible party and
- To raise a complaint regarding data processing with a supervisory authority in accordance with Art. 77 of the GDPR. As a general rule, you can contact the supervisory authority in the area in which you normally live; alternatively, you can contact the supervisory authority of your workplace or our legal office. Please direct any requests for information, or queries or objections to the processing of your data via email to firstname.lastname@example.org to the address listed in our Legal Notice.
We do not collect the personal data of minors. In the event that such data are collected unwittingly, they will be deleted without delay.
Can I Object to My Personal Data Being Processed?
You have the right to object to your personal data being processed for the purposes of direct advertising without having to specify your reasons for doing so. If we process your data to protect legitimate interests, you can object to your data being processed for this purpose for reasons relating to your particular situation. In this case, we no longer process your personal data, unless we can establish compelling and legitimate reasons for processing the data that outweigh your interests, rights and freedoms or if the data is processed for the purposes of establishing, exercising or defending legal claims. In order to make the website available to users and ensure that the website operates correctly, it is necessary to record data and save this data in log files. As a result of this, users do not have the option of objecting to data being processed in this manner. If log files are saved, they are deleted after seven days at the latest and the respective data is not processed further.
14. Do I have the Option to Raise a Complaint?
If you believe that we are processing your personal data in an illegal manner or that we are violating data protection legislation for other reasons, you can raise a complaint with the supervisory authority responsible for us:
State officer for data protection
70025 Stuttgart, Germany