General Data Protection Regulation and Information according to para. 13 and 14 GDPR
Person responsible for data protection:
Gesundheits- u Schönheitszentrum Christine Tomasin
Data Processing Purposes:
If you contact us by form on the website or by e-mail, the data you provide will be stored by us for six months for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent. If you fill out the contact form, HEROLD Business Data GmbH, as an order processor, processes the data on the basis of the General Terms and Conditions (in particular the regulations for order data processing contained therein). HEROLD Business Data GmbH makes use of a subcontractor (SurveyMonkey Europe UC, 2 Shelbourne Buildings, 2nd Floore, Shelbourne Road, Ballsbridge, Dublin 4, Ireland) who has access to the data contained in the contact form and who stores the data in the USA. Any provision of data to the subcontractor is based on an adequacy decision of the European Commission (self-certification Privacy Shield).
Purposes of analysis
In addition, data is collected and used for analysis purposes. This data processing is not personal (see below for information on cookies).
If this website offers a webshop, the following data will be collected for the purpose of simplifying the purchasing process and for later contract processing: Title, name, address, telephone number, e-mail address, company name, VAT number, order date, order number, payment method, shipping method, product scope, costs. In addition, session cookies can be used to simplify the shopping process. The data processed in the session cookie do not contain any personal reference.
The data provided by you is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures. Without this data we cannot conclude the contract with you. No data will be transferred to third parties, with the exception of the transfer of credit card data to the processing bank institutes/payment service providers for the purpose of debiting the purchase price, to the transport company/shipping company commissioned by us to deliver the goods and to our tax consultant to meet our tax obligations.
After termination of the purchase process, the data entered by the user will be stored for at least four weeks and then deleted. In the event of a contract being concluded, all data from the contractual relationship will be stored for the duration of the contractual relationship and beyond, as long as legal claims can be derived from this, and then deleted, unless there are further storage obligations (e.g. tax law).
When registering, the user's e-mail address and a password are stored. If a purchase is subsequently made, the e-mail address is linked to the data determined during the purchase process. The data provided by you is necessary for the setup of the user account. The data processing takes place for the duration of the existence of the user account. If the user account is deleted, the e-mail address and password as well as the link to the data of the purchase process will be deleted.
When visiting this website, log files are also stored which contain the IP address and other data for accessing the website (e.g. date, time, user agent, referrer). Data processing is limited in time (a maximum of seven days) and is only carried out to protect against DDOS attacks or other interventions in the functionality of the website and any underlying database systems.
When a product rating is submitted, the following data is determined and published: user name, comment, number of stars awarded. The data is collected for the purpose of publishing the data for a specific product. The data provided by you are necessary for the publication of the evaluation. The data processing takes place for the duration of the publication. Deletions are possible by sending an e-mail to firstname.lastname@example.org.
This website uses so-called cookies. These are small text files that are stored on your terminal device with the help of the browser. They do not cause any damage to.
On this page so-called session cookies are used. These are generated when you call up the website and are automatically deleted again. They are used for recognition if you call up the same website again within a short period of time in order to take into account already made presettings again. No personal data will be stored or processed in the process.
Cookies have the purpose to make the website offer user-friendly. Some cookies remain stored on your terminal until you delete them. They thus enable the website operator to recognise your browser the next time you visit. If you do not wish this, you can set your browser so that it informs you when cookies are set and you only allow this in individual cases. If you deactivate cookies, however, the functionality of the website may be limited.
Web analysis service Google (Google Analytics)
This website uses functions of the web analysis service Google Analytics. Provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. We use the "Enable IP Anonymization" feature on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to processing/storage. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and measure the campaign performance of online advertising for analysis and optimisation purposes.
You can prevent Google from collecting the data generated by the cookie and related to your use of the website as well as Google from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Instructions on how you can also prevent Google from storing data can be found at the following link: https://developers.google.com/analytics/devguides/...
The relationship with the web analytics provider is based on order data processing when using Google Analytics. The transfer of data to the processor is based on an adequacy decision of the European Commission (self-certification Privacy Shield). The data are deleted regularly (currently every 26 months).
Use of Google Adwords Conversion Tracking
The relationship with the web analytics provider is based on order data processing when using Google Adwords Conversion Tracking. The transfer of data to the processor is based on an adequacy decision of the European Commission (self-certification Privacy Shield). Google is also required to delete the data regularly (currently every 39 months).
If Facebook Social Plugins are used on this website, they are operated by Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). You can recognize the embeddings by the Facebook logo or by the terms "like", "like", "share" in the colors Facebooks (blue and white). Information about all Facebook plugins can be found in the following link: https://developers.facebook.com/docs/plugins/
The plugins are not activated until you click on the corresponding buttons. If they are grayed out, the plugins are inactive. You have the possibility to activate the plugins each time you visit the site.
The plugins establish a direct connection between your browser and the Facebook servers. This only takes place after the plugin has been activated. The website operator has no influence whatsoever on the nature and extent of the data that the plugin transmits to the Facebook Inc. servers. You can find more information here: https://www.facebook.com/help/186325668085084
The plugin informs Facebook Inc. that you have visited this website as a user. There is a possibility that your IP address may be stored. If you are logged into your Facebook account during your visit to this website, the above information will be linked to this account.
Legal basis for data processing:
On the website, data is processed exclusively on the basis of the legal provisions (GDPR, Austrian Telecommunications Act 2003).
Data processing (webshop, product reviews, booking tool and user account) is based on Art. 6 para. 1 lit. b) (contract fulfilment purposes) GDPR.
If analysis tools are used, the data shall be used on the basis of Art. 6 para. 1 lit f) (legitimate interest) GDPR. The legitimate interest in the use of data is the improvement of the website and the measurement of the success of online advertising.
The use of IT data security measures is also based on Art. 6 (1) (f) (legitimate interest) GDPR. The legitimate interest in the use of data is to secure one's own IT systems.
The use of social media plug-ins only takes place with consent. The legal basis is therefore Art. 6 para. 1 lit a) GDPR. Consent must be given again each time a website is called up.
You are basically entitled to the rights to information, correction, deletion, restriction of processing, data transferability, revocation and opposition. If you believe that the processing of your data violates the data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority. In Austria this is the data protection authority.