Privacy Policy
We are pleased to welcome you to www.cice.de and thank you for your interest in our cosmetic line. We would like to inform you about our data privacy policy, the purpose, the type and the extent of the personal data collected and processed by us, and your rights.
When processing personal data, we comply with the General Data Protection Regulation (GDPR).
Controller
in the sense of the GDPR is the
cossana GmbH
Sternstr. 7
20357 Hamburg
Germany
Phone: +49/ 40/ 8060 6924 0
Fax: +49/ 40/ 8060 6924 9
E-mail: info@cossana.com
Encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible). An encrypted connection may be recognized by the character string "https://" and the lock symbol in the browser line.
Personal Data
Personal data is any information through which a person may be identified. These include one`s name, address, e-mail address, telephone number or IP address.
Server Log Files
Even if you only visit our site and undertake no further action, data are temporarily stored in a log file for technical reasons, but no personal reference can be drawn.
The following data is stored in the log file of our site:
- IP address (public IP address of the "website visitor")
- country of origin / browser language / browser version
- Data volume (web space / traffic / e-mail)
Time of request
These data are used for technical reasons to maintain the functionality of our site and to provide necessary information to law enforcement authorities in the event of a cyber-attack. Furthermore, they are used for statistical purposes and to continuously optimize data protection and data security, which also represents our legitimate interests. The legal basis for this storage is Art. 6 para. 1 lit. f GDPR.
The log files in which the data are stored are overwritten on a daily basis and existing data are thus deleted. How often this process leads to an overwriting of the data depends on many factors -, which, among other things, depend on the frequency of incoming orders and therefore cannot be defined more precisely.
Since there data are technically required to access the site, it is not possible to object to their usage.
Cookies
Our website uses cookies. Cookies are small text files that are sent to your browser from a website you visit and are stored temporarily and/or permanently by the user. In general, they serve to make a visit to a website effective, user-friendly and secure. There are cookies for many purposes.
Cookies make it possible to recognize the users of our website. On our website, technically required session cookies called "JTLSHOP" or "JTLCRON" are set as standard. This is to make it easier for you as a user to use the site, e.g. you do not have to re-enter your access data each time because they are auto-filled by a stored cookie.
In this case, the legal basis for processing by means of technically required cookies is provided by Art. 6 para. 1 lit. f GDPR.
You can adjust the settings in your browser to prevent cookies from being set. Cookies that have already been set can also be deleted via the browser at any time. However, we would like to point out that not all functions of our website may be usable without cookies.
We also use Google Analytics, which uses cookies. Please see the following section.
Google Analytics
We use Google Analytics to statistically evaluate the visits to our website. The analysis of user behavior may be used to optimize the user`s online experience and the feasibility of our online shop represents our legitimate interests. The legal basis for the use of Google Analytics is stated in § 15 para. 3 TMG and Art. 6 para. 1 lit. f GDPR.
Google Analytics is a web analysis service of Google Inc. "("Google"), which uses cookies. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google uses this information on our behalf to evaluate your use of our website, to compile reports on website activities and to provide us with further services relating to website and internet use.
Pseudonymized user profiles can be created from the processed data. We use Google Analytics only with IP anonymization enabled. This means that Google will shorten the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser is not merged with other Google data.
The data sent by us and linked with cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 26 months. Data whose retention period has reached its end are automatically deleted once a month. For more information on terms of use and data protection, please visit https://www.google.de/analytics/terms/gb.html or https://policies.google.com/?hl=en.
You may refuse the use of cookies by selecting the appropriate settings on your browser. You can also prevent Google from collecting the data generated by the cookie relating to your use of our website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent.
As an alternative to the browser add-on or for browsers on mobile devices, please click this link Disable Google Analytics to prevent future detection by Google Analytics on this website. An opt-out cookie is stored on your device. If you delete your cookies, you must click this link again. The opt-out cookie only works in the browser and only for this domain.
Google Analytics uses the following function cookies:
utma 2 years
Serves to distinguish between users and meetings. The cookie is created when the Javascript library is executed and no __utma cookies are present. The cookie is updated each time data is sent to Google Analytics.
__utmt 10 minutes
Used to reduce the request rate.
utmb 30 minutes Used to detect new sessions/visits
The cookie is created when the Javascript library is executed and no __utmb cookies are present. The cookie is updated each time data is sent to Google Analytics.
__utmc end of browser session
Not used in ga.js. Set for compatibility with urchin.js. In the past, this cookie was used in conjunction with the __utmb cookie to determine whether the user was in a new session or on a new visit.
__utmz 6 months
Saves the traffic source or campaign that explains how the user reached the website. The cookie is created when you run the Javascript library and updated each time data is sent to Google Analytics.
We use an Instagram feed plugin to display social media content on our website. Instagram's services are operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Each time you visit our Instagram web site, the Internet browser on your information technology system is automatically prompted to download a display of Instagram images and videos. As part of this technical process, Instagram is informed which specific subpage of our website you are visiting. These requests make your IP address visible to Instagram, which Instagram may use in accordance with its privacy policy: https://help.instagram.com/519522125107875
If you are logged into Instagram at the same time, Instagram will recognize which specific page you are visiting each time you access our website and for the duration of your stay on our website. This information is collected by the Instagram component and assigned by Instagram to your Instagram account.
Instagram will receive information through the Instagram Component that you have visited our specific web page whenever you are logged into Instagram at the same time you access our web site. If you do not want this information to be sent to Instagram, you can prevent it from being sent by logging out of your Instagram account prior to accessing our website.
For more information and Instagram's applicable privacy policy, please visit https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
Newsletter
It is possible to subscribe to our newsletter on our website. In the newsletter we inform you at regular intervals about our products, special offers and our company.
Only a valid e-mail address is needed for sending the newsletter. The indication of further, separately marked data is voluntary and will only be used for a personalization of the newsletter.
Saving the e-mail address
Once you register, a confirmation e-mail will be sent using the double opt-in procedure, i.e. we will send you an e-mail with a confirmation link with which you can confirm that you would like to receive the newsletter in future. If you do so, we will store your e-mail address and, if applicable, your name up until the time you unsubscribe, should you decide to do so.
With the double opt-in procedure we can check whether the owner of the e-mail address has authorized the receipt of the newsletter. By clicking on the confirmation link, you consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR.
Saving the log-in data
When you register, we also save the date of registration and your IP address. The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. The collection of this data represents our legitimate interests is necessary to provide proof of registration in the event of misuse of the e-mail address, and hence, serves as legal protection for us.
If you purchase our products on our website and provide us with your e-mail address, we may subsequently use it to send you a newsletter. In such a case, the newsletter will only send direct advertising for similar goods offered by our company. Your data will be used exclusively for sending the newsletter. The legal basis for this is § 7 para. 3 UWG.
In each newsletter there is a link which can be used to cancel your subscription to the newsletter at any time and thus revoke your consent to receiving the newsletter. One may also unsubscribe from the newsletter on our website or inform us by phone or e-mail. This data will also be completely deleted upon revocation.
Mailchimp
We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. This allows us to contact subscribers directly. In addition, we analyse your usage behaviour in order to optimise our offer.
For this purpose, we pass on the following personal data to Mailchimp: e-mail address, first name if applicable and last name if applicable.
Mailchimp is the recipient of your personal data and acts as an order processor for us as far as the dispatch of our newsletter is concerned. The processing of the data provided in this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot send out a newsletter to you.
In addition, Mailchimp collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g. which emails / web pages were opened). Mailchimp needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of misuse. This corresponds to the legitimate interest of Mailchimp (according to Art. 6 para. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). Mailchimp also evaluates performance data, such as email delivery statistics and other communication data. This information is used to create usage and performance statistics for the services.
Mailchimp also collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no control over this process.
You can find more information about objection and removal options vis-à-vis Mailchimp at: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts.
The legal basis for these processing operations is your consent pursuant to Art. 6 (1) lit. a DSGVO. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the specified contact options. The declaration of revocation does not affect the lawfulness of the processing carried out to date.
Your data will be processed as long as you have given your consent. Apart from that, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary.
Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://mailchimp.com/legal/data-processing-addendum/
Enrollment
While it is also possible to place an order without registration you are advised to set up a user account on our website.
If you register for the conclusion of a contract, the ordering process becomes much more streamined for with your next order, as you do not have to enter all data necessary for the completion of the order again. Registration is for your convenience only.
The data collected can be seen in the registration form. For example, the name, billing address, e-mail address and telephone number are transmitted to us and stored exclusively for internal use. In the case of an order, this data is also passed on to third parties, e.g. parcel service providers, who also only use the data internally in order to fulfil our order to send your chosen product/s to you. You can change your data in the user account at any time or delete it completely.
When registering on our site, not only the personal data listed above but also the IP address and the date and time of registration are stored. This is the only way to prevent misuse of our services and may help to solve crimes - even in this case these data are only passed on to third parties.
The legal basis for storage in the case of pure registration without ordering your consent given with the registration pursuant to Art. 6 para. 1 lit. a GDPR; if the registration serves the fulfilment of a contract to which you are a contracting party or the implementation of pre-contractual measures, the legal basis is also Art. 6 para. 1 lit. b GDPR.
You have the possibility to delete your account or to update the given data at any time. The data provided will be deleted as soon as they are no longer necessary to fulfill the purpose for which they were collected. This is the case for data collected during the registration process if the registration on our website is cancelled or changed. In the event that the registration has been carried out in order to fulfil a contract or to carry out pre-contractual measures, the data will be deleted as soon as it is no longer necessary for the performance of the contract. Even after conclusion of the contract, it may still be necessary to store the personal data of the contractual partner in order to fulfil contractual or legal obligations.
External payment service providers
We use external payment service providers (PayPal and Amazon Pay) whose platforms users and we can use to make payment transactions. As part of the fulfilment of contracts, we use payment service providers on the basis of Art. 6 para. 1 lit. b. DSGVO. In addition, we use external payment service providers on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. b. DSGVO in order to offer our users effective and secure payment options. Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and assertion of revocation, information and other rights affected.
The following external payment options are available to you:
PayPal: PayPal makes it possible to make online payments to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. Payments are processed via so-called PayPal accounts. These are virtual private or business accounts. If you select PayPal as the payment method, the data required for the payment process, including name, address, company, e-mail address and telephone number, will be automatically transmitted to PayPal. These data transmitted to PayPal may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness. PayPal may also pass on your data to third parties if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of a third party. You have the possibility to revoke your consent to the handling of personal data at any time. Please note, however, that such a revocation does not affect those personal data that are processed for the contractually agreed payment processing. You can view PayPal's data protection provisions at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
Email contact
If you contact us via the e-mail address provided on the website, your name and e-mail address will be stored for the purpose of responding to your enquiry. In addition, the IP address and the date and time of your e-mail are stored.
We store the personal data provided by you to answer your enquiry, which also represents our legitimate interests in the processing of personal data. The legal basis for the processing of data is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is provided by Art. 6 para. 1 lit. b GDPR.
If you contact us via the e-mail address provided on the website, your e-mail address may subsequently be used by us to send you a newsletter. In such a case, the newsletter will only send direct advertising for similar goods offered by our company. Your data will be used exclusively for sending the newsletter. The legal basis for this is § 7 para. 3 UWG. In each newsletter there is a link which can be used to cancel your subscription to our newsletter at any time and thus revoke your consent to receive the newsletter. One may also unsubscribe from the newsletter on our website or to inform us by phone or e-mail. This data will also be completely deleted upon revocation.
In addition to responding to the request, the processing of personal data serves necessary technical reasons such as the transmission of the e-mail. These data will not be passed on to third parties.
The data will be deleted as soon as your questions have been clarified and the data are therefore no longer required provided there are no legal retention periods to prevent deletion. The data shall also be deleted in the event of opposition.
You can object to the processing of your personal data at any time. For your objection, please also use this e-mail address: info@cice.de.
Right of objection
You have the right to object at any time to the processing of your personal data, which is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR).
We will then cease to process personal data unless we can proveide compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You have the right to object at any time to the processing of your personal data for direct marketing or advertising.
In which case your personal data will no longer be processed for these purposes.
To exercise your right of objection and all other rights to which you are entitled, which are explained in greater detail below, please contact us by e-mail: info@cice.de
Right of access by data subject according Art. 15 GDPR
As a data subject within the scope of the GDPR, you can request confirmation from us at any time as to whether we are processing your personal data. If such processing is taking place, you have the right to request information about the purpose of processing, the categories of personal data we process, the recipients or categories of recipients to whom we have disclosed or will disclose your data, the planned storage period, the origin of the data, information about the existence of a right to correct or delete your data and about the right of objection, the existence of a right of appeal to the supervisory authority and information about whether the data are disclosed to a third country and, if so, information about guarantees for the protection of personal rights in connection with this disclosure.
Right to rectification according to Art. 16 GDPR and right to erasure ("right to be forgotten") according to Art. 17 GDPR
You can request the immediate rectification or completion of your data at any time.
If one of the following reasons applies, you can also request the erasure of your personal data:
1. personal data is no longer necessary in realtion to the purposes for which they were collected or otherwise processed.
2. you withdraw your consent, on which the processing was based according to Art. 6 para. 1 lit. a GDPR , and there is no other legal ground for the processing.
3. you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for processing or you object to the processing pursuant to art. 21 para. 2 GDPR.
4. the personal data have be unlawfully processed.
5. the personal data have to be erased for compliance with a legal obligation Union law or German law, to which the controller is subject.
6. your personal data have been collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
Right to restriction of processing according to Art. 18 GDPR
If one of the following conditions is met, you can request us to restrict processing at any time and we will implement it immediately:
- You contest the accuracy of your personal data. Processing will be limited until we can verify the accuracy of the personal data.
- Processing is unlawful- however, you oppose the erasure of the personal data and request the restriction of their use instead.
- We no longer need your personal data, but you still need your data to assert, exercise or defend legal claims.
- You have objected to processing pursuant to Art. 21 para. 1 pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to information, Art. 19 GDPR
If you have exercised your right to correct, delete or limit the processing of your data, we are obliged to inform all recipients to whom your personal data have been disclosed thereof, unless this proves impossible or involves a disproportionate effort. If you wish, we will inform you about these recipients.
Right to data transferability according to Art. 20 GDPR
You have the right to request your personal data at any time in a machine-readable, standard format as well as the right to pass them on to third parties, provided that the processing is based on the consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out using automated procedures. However, this shall not apply where processing is carried out for the performance of a task which is in the public interest or for exercise by an official authority.
According to art. 20 para. 1 GDPR you also have the right to request that we transfer your data directly to a third party, as far as this is technically possible and rights of another person are not infringed upon.
Right to revoke consent under data protection law
You can also revoke your consent to the processing of your data at any time.
Right of appeal to the supervisory authority
If you believe that the processing of your personal data violates the GDPR, you have the right to appeal to a supervisory authority of your choice, for instance, our competent supervisory authority:
The Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6 (Block C)
20095 Hamburg
Germany
Phone: +49/ 040/ 4 28 54 - 40 40
E-Fax: +49/ 040/ 4 279 - 11811
E-mail: mailbox@datenschutz.hamburg.de
https://www.datenschutz-hamburg.de/
If you have any questions, suggestions, requests or complaints regarding these statements, or if you no longer wish to receive advertising e-mails from cicé, please contact us at any time:
cossana GmbH
Sternstr. 7
20357 Hamburg
Germany
Phone: +49/ 40/ 80 60 69 69 240
Fax: +49 / 40/ 80 60 69 249
E-mail: info@cice.de