Privacy Policy

We are pleased to welcome you to www.cice.de and thank you for your interest in our cosmetic line. We would like to inform you about our data privacy policy, the purpose, the type and the extent of the personal data collected and processed by us, and your rights.

When processing personal data, we comply with the General Data Protection Regulation (GDPR). 

Controller

in the sense of the GDPR is the

cossana GmbH
Sternstr. 7
20357 Hamburg
Germany

Phone: +49/ 40/ 8060 6924 0
Fax: +49/ 40/ 8060 6924 9
E-mail: info@cossana.com

Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible). An encrypted connection may be recognized by the character string "https://" and the lock symbol in the browser line.

Personal Data

Personal data is any information through which a person may be identified. These include one`s name, address, e-mail address, telephone number or IP address.

Server Log Files

Even if you only visit our site and undertake no further action, data are temporarily stored in a log file for technical reasons, but no personal reference can be drawn.

The following data is stored in the log file of our site:

  • IP address (public IP address of the "website visitor")
  • country of origin / browser language / browser version
  • Data volume (web space / traffic / e-mail)

Time of request

These data are used for technical reasons to maintain the functionality of our site and to provide necessary information to law enforcement authorities in the event of a cyber-attack. Furthermore, they are used for statistical purposes and to continuously optimize data protection and data security, which also represents our legitimate interests. The legal basis for this storage is Art. 6 para. 1 lit. f GDPR.

The log files in which the data are stored are overwritten on a daily basis and existing data are thus deleted. How often this process leads to an overwriting of the data depends on many factors -, which, among other things, depend on the frequency of incoming orders and therefore cannot be defined more precisely.

Since there data are technically required to access the site, it is not possible to object to their usage.

Cookies

Our website uses cookies. Cookies are small text files that are sent to your browser from a website you visit and are stored temporarily and/or permanently by the user. In general, they serve to make a visit to a website effective, user-friendly and secure. There are cookies for many purposes.

Cookies make it possible to recognize the users of our website. On our website, technically required session cookies called "JTLSHOP" or "JTLCRON" are set as standard. This is to make it easier for you as a user to use the site, e.g. you do not have to re-enter your access data each time because they are auto-filled by a stored cookie.

In this case, the legal basis for processing by means of technically required cookies is provided by Art. 6 para. 1 lit. f GDPR.

You can adjust the settings in your browser to prevent cookies from being set. Cookies that have already been set can also be deleted via the browser at any time. However, we would like to point out that not all functions of our website may be usable without cookies.

We also use Google Analytics, which uses cookies. Please see the following section.

Google Analytics

We use Google Analytics to statistically evaluate the visits to our website. The analysis of user behavior may be used to optimize the user`s online experience and the feasibility of our online shop represents our legitimate interests. The legal basis for the use of Google Analytics is stated in § 15 para. 3 TMG and Art. 6 para. 1 lit. f GDPR.

Google Analytics is a web analysis service of Google Inc. "("Google"), which uses cookies. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google uses this information on our behalf to evaluate your use of our website, to compile reports on website activities and to provide us with further services relating to website and internet use.

Pseudonymized user profiles can be created from the processed data. We use Google Analytics only with IP anonymization enabled. This means that Google will shorten the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser is not merged with other Google data.

The data sent by us and linked with cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 26 months. Data whose retention period has reached its end are automatically deleted once a month. For more information on terms of use and data protection, please visit https://www.google.de/analytics/terms/gb.html or https://policies.google.com/?hl=en.

You may refuse the use of cookies by selecting the appropriate settings on your browser. You can also prevent Google from collecting the data generated by the cookie relating to your use of our website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent.

As an alternative to the browser add-on or for browsers on mobile devices, please click this link Disable Google Analytics to prevent future detection by Google Analytics on this website. An opt-out cookie is stored on your device. If you delete your cookies, you must click this link again. The opt-out cookie only works in the browser and only for this domain.

Google Analytics uses the following function cookies:

utma 2 years
Serves to distinguish between users and meetings. The cookie is created when the Javascript library is executed and no __utma cookies are present. The cookie is updated each time data is sent to Google Analytics.

__utmt 10 minutes
Used to reduce the request rate.

utmb 30 minutes Used to detect new sessions/visits
The cookie is created when the Javascript library is executed and no __utmb cookies are present. The cookie is updated each time data is sent to Google Analytics.

__utmc end of browser session
Not used in ga.js. Set for compatibility with urchin.js. In the past, this cookie was used in conjunction with the __utmb cookie to determine whether the user was in a new session or on a new visit.

__utmz 6 months
Saves the traffic source or campaign that explains how the user reached the website. The cookie is created when you run the Javascript library and updated each time data is sent to Google Analytics.

Google Web Fonts

We also use external fonts, Google Web Fonts, also a service of Google Inc. ("Google"). These web fonts are integrated in our website, usually a Google server in the USA. This transfers to the server which of our Internet pages you have visited, and your IP address is also stored by Google. We use this service for the uniform and appealing presentation of our online offer. This represents our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.

Newsletter

It is possible to subscribe to our newsletter on our website. In the newsletter we inform you at regular intervals about our products, special offers and our company.

Only a valid e-mail address is needed for sending the newsletter. The indication of further, separately marked data is voluntary and will only be used for a personalization of the newsletter.

Saving the e-mail address
Once you register, a confirmation e-mail will be sent using the double opt-in procedure, i.e. we will send you an e-mail with a confirmation link with which you can confirm that you would like to receive the newsletter in future. If you do so, we will store your e-mail address and, if applicable, your name up until the time you unsubscribe, should you decide to do so.

With the double opt-in procedure we can check whether the owner of the e-mail address has authorized the receipt of the newsletter. By clicking on the confirmation link, you consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR.

Saving the log-in data
When you register, we also save the date of registration and your IP address. The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. The collection of this data represents our legitimate interests is necessary to provide proof of registration in the event of misuse of the e-mail address, and hence, serves as legal protection for us.

If you purchase our products on our website and provide us with your e-mail address, we may subsequently use it to send you a newsletter. In such a case, the newsletter will only send direct advertising for similar goods offered by our company. Your data will be used exclusively for sending the newsletter. The legal basis for this is § 7 para. 3 UWG.

In each newsletter there is a link which can be used to cancel your subscription to the newsletter at any time and thus revoke your consent to receiving the newsletter. One may also unsubscribe from the newsletter on our website or inform us by phone or e-mail. This data will also be completely deleted upon revocation.

For the newsletter dispatch we use the service CleverReach of CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. We have a contract with CleverReach for the processing of personal data in accordance with Art. 28 GDPR.

We send CleverReach the e-mail address and the information voluntarily provided for the purpose of sending the newsletter. CleverReach offers the possibility to evaluate, whether and when the newsletter was opened and which links were clicked on in the newsletter. We use this data to optimize our online marketing measures. However, we do not pass this data on to third parties. CleverReach also does not acquire any right to pass on your data. For more information about CleverReach's privacy practices, please visit https://www.cleverreach.com/en/privacy-policy/.

Enrollment

While it is also possible to place an order without registration you are advised to set up a user account on our website.

If you register for the conclusion of a contract, the ordering process becomes much more streamined for with your next order, as you do not have to enter all data necessary for the completion of the order again. Registration is for your convenience only.

The data collected can be seen in the registration form. For example, the name, billing address, e-mail address and telephone number are transmitted to us and stored exclusively for internal use. In the case of an order, this data is also passed on to third parties, e.g. parcel service providers, who also only use the data internally in order to fulfil our order to send your chosen product/s to you. You can change your data in the user account at any time or delete it completely.

When registering on our site, not only the personal data listed above but also the IP address and the date and time of registration are stored. This is the only way to prevent misuse of our services and may help to solve crimes - even in this case these data are only passed on to third parties.

The legal basis for storage in the case of pure registration without ordering your consent given with the registration pursuant to Art. 6 para. 1 lit. a GDPR; if the registration serves the fulfilment of a contract to which you are a contracting party or the implementation of pre-contractual measures, the legal basis is also Art. 6 para. 1 lit. b GDPR.

You have the possibility to delete your account or to update the given data at any time. The data provided will be deleted as soon as they are no longer necessary to fulfill the purpose for which they were collected. This is the case for data collected during the registration process if the registration on our website is cancelled or changed. In the event that the registration has been carried out in order to fulfil a contract or to carry out pre-contractual measures, the data will be deleted as soon as it is no longer necessary for the performance of the contract. Even after conclusion of the contract, it may still be necessary to store the personal data of the contractual partner in order to fulfil contractual or legal obligations.

Email contact

If you contact us via the e-mail address provided on the website, your name and e-mail address will be stored for the purpose of responding to your enquiry. In addition, the IP address and the date and time of your e-mail are stored.

We store the personal data provided by you to answer your enquiry, which also represents our legitimate interests in the processing of personal data. The legal basis for the processing of data is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is provided by Art. 6 para. 1 lit. b GDPR.

If you contact us via the e-mail address provided on the website, your e-mail address may subsequently be used by us to send you a newsletter. In such a case, the newsletter will only send direct advertising for similar goods offered by our company. Your data will be used exclusively for sending the newsletter. The legal basis for this is § 7 para. 3 UWG. In each newsletter there is a link which can be used to cancel your subscription to our newsletter at any time and thus revoke your consent to receive the newsletter. One may also unsubscribe from the newsletter on our website or to inform us by phone or e-mail. This data will also be completely deleted upon revocation.

In addition to responding to the request, the processing of personal data serves necessary technical reasons such as the transmission of the e-mail. These data will not be passed on to third parties.

The data will be deleted as soon as your questions have been clarified and the data are therefore no longer required provided there are no legal retention periods to prevent deletion. The data shall also be deleted in the event of opposition.

You can object to the processing of your personal data at any time. For your objection, please also use this e-mail address: info@cice.de.


Right of objection

You have the right to object at any time to the processing of your personal data, which is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR).

We will then cease to process personal data unless we can proveide compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You have the right to object at any time to the processing of your personal data for direct marketing or advertising.

In which case your personal data will no longer be processed for these purposes.

To exercise your right of objection and all other rights to which you are entitled, which are explained in greater detail below, please contact us by e-mail: info@cice.de


Right of access by data subject according Art. 15 GDPR

As a data subject within the scope of the GDPR, you can request confirmation from us at any time as to whether we are processing your personal data. If such processing is taking place, you have the right to request information about the purpose of processing, the categories of personal data we process, the recipients or categories of recipients to whom we have disclosed or will disclose your data, the planned storage period, the origin of the data, information about the existence of a right to correct or delete your data and about the right of objection, the existence of a right of appeal to the supervisory authority and information about whether the data are disclosed to a third country and, if so, information about guarantees for the protection of personal rights in connection with this disclosure.

Right to rectification according to Art. 16 GDPR and right to erasure ("right to be forgotten") according to Art. 17 GDPR

You can request the immediate rectification or completion of your data at any time.

If one of the following reasons applies, you can also request the erasure of your personal data:

1. personal data is no longer necessary in realtion to the purposes for which they were collected or otherwise processed.

2. you withdraw your consent, on which the processing was based according to Art. 6 para. 1 lit. a GDPR , and there is no other legal ground for the processing. 

3. you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for processing or you object to the processing pursuant to art. 21 para. 2 GDPR.

4. the personal data have be unlawfully processed.

5. the personal data have to be erased for compliance with a legal obligation Union law or German law, to which the controller is subject.

6. your personal data have been collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

Right to restriction of processing according to Art. 18 GDPR

If one of the following conditions is met, you can request us to restrict processing at any time and we will implement it immediately:

  • You contest the accuracy of your personal data. Processing will be limited until we can verify the accuracy of the personal data.
  • Processing is unlawful- however, you oppose the erasure of the personal data and request the restriction of their use instead.
  • We no longer need your personal data, but you still need your data to assert, exercise or defend legal claims.
  • You have objected to processing pursuant to Art. 21 para. 1 pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to information, Art. 19 GDPR

If you have exercised your right to correct, delete or limit the processing of your data, we are obliged to inform all recipients to whom your personal data have been disclosed thereof, unless this proves impossible or involves a disproportionate effort. If you wish, we will inform you about these recipients.

Right to data transferability according to Art. 20 GDPR

You have the right to request your personal data at any time in a machine-readable, standard format as well as the right to pass them on to third parties, provided that the processing is based on the consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out using automated procedures. However, this shall not apply where processing is carried out for the performance of a task which is in the public interest or for exercise by an official authority.

According to art. 20 para. 1 GDPR you also have the right to request that we transfer your data directly to a third party, as far as this is technically possible and rights of another person are not infringed upon.

Right to revoke consent under data protection law

You can also revoke your consent to the processing of your data at any time.

Right of appeal to the supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the right to appeal to a supervisory authority of your choice, for instance, our competent supervisory authority:

The Hamburg Commissioner for Data Protection and Freedom of Information

Klosterwall 6 (Block C)
20095 Hamburg
Germany

Phone: +49/ 040/ 4 28 54 - 40 40
E-Fax: +49/ 040/ 4 279 - 11811

E-mail: mailbox@datenschutz.hamburg.de
https://www.datenschutz-hamburg.de/

If you have any questions, suggestions, requests or complaints regarding these statements, or if you no longer wish to receive advertising e-mails from cicé, please contact us at any time:

cossana GmbH
Sternstr. 7
20357 Hamburg
Germany

Phone: +49/ 40/ 80 60 69 69 240
Fax: +49 / 40/ 80 60 69 249

E-mail: info@cice.de