privacy policy
The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
Aesthetic Skincare
Wenzelgasse 18
53111 Bonn
Email: info@aesthetic-skincare.com
General information on data processing
legal basis for the processing of personal data
In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not stated precisely in the data protection notice, the following applies:
The legal basis for obtaining consent is Art. 6 (1) (a) in conjunction with Art. 7 GDPR. The legal basis for processing to fulfill our services and carry out contractual measures as well as to answer inquiries is Art. 6 (1) (b) GDPR. The legal basis for processing to fulfill our legal obligations is Art. 6 (1) (c) GDPR. If the processing of your data is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR serves as the legal basis.
data deletion and storage period
We adhere to the principles of data minimization in accordance with Art. 5 (1) (c) GDPR and storage limitation in accordance with Art. 5 (1) (e) GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the retention periods stipulated by law. Once the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.
Note on data transfer to third countries
Our website also includes tools from companies based in third countries. If these tools are active, your personal data can be transmitted to the servers of the respective companies. The level of data protection in third countries does not generally correspond to EU data protection law. This means that there is a risk that your data will be passed on to authorities in these countries. We have no influence on these processing activities.
External Links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to one of the websites outside our responsibility, please note that these websites have their own data protection information. We accept no responsibility or liability for these third-party websites and their data protection information. Therefore, before using these websites, check whether you agree with the data protection statements there.
You can recognize external links either because they are displayed in a slightly different color from the rest of the text or because they are underlined. Your cursor shows you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. The operator of the other website receives in particular your IP address, the time at which you clicked the link, the page on which you clicked the link, and other information that you can find in the data protection information of the respective provider.
Please also note that individual links may lead to data being transferred outside the European Economic Area. This could give foreign authorities access to your data. You may not have any legal recourse against this data access. If you do not want your personal data to be transferred to the link destination or even to be exposed to unwanted access by foreign authorities, please do not click on any links.
rights of the data subject
As a data subject within the meaning of the GDPR, you have the opportunity to assert various rights. The data subject rights arising from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).
Right of withdrawal:
Some data processing can only take place with your express consent. You have the option to revoke your consent at any time. However, the legality of the data processing up to the time of revocation is not affected by this.
Right of objection:
If the processing is based on Art. 6 Paragraph 1 Letter e or f GDPR, you as the data subject can object to the processing of personal data concerning you at any time for reasons arising from your particular situation. You also have this right in the case of profiling based on these provisions within the meaning of Art. 4 Paragraph 4 GDPR. Unless we can prove a legitimate interest in the processing which outweighs your interests, rights and freedoms or processing serves to assert, exercise or defend legal claims, we will refrain from processing your data after you have objected.
If the processing of personal data is for direct marketing purposes, you also have the right to object at any time. The same applies to profiling that is related to direct marketing. Here, too, we will no longer process personal data as soon as you object.
Right to lodge a complaint with a supervisory authority:
If you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
Right to data portability:
If your data is processed automatically based on consent or fulfillment of a contract, you have the right to receive this data in a structured, common and machine-readable format. In addition, you have the right to request that the data be transferred and made available to another controller, provided this is technically feasible.
Right to information, correction and deletion:
You have the right to receive information about your personal data processed, including the purpose of the data processing, the categories, the recipients and the duration of storage. If you have any questions about this topic or other topics relating to personal data, you can of course contact us using the contact options provided in the imprint.
Right to restriction of processing:
You can request the restriction of the processing of your personal data at any time. To do so, you must meet one of the following requirements:
- You contest the accuracy of the personal data. You have the right to request restriction of processing for the duration of the verification of accuracy.
- If processing is unlawful, you can request restriction of the use of the data as an alternative to deletion.
- If we no longer need your personal data for the purposes of processing, but you require the data to assert, exercise or defend legal claims, you can request restriction of processing as an alternative to deletion.
- If you object to the processing in accordance with Art. 21 Para. 1 GDPR, a balance will be struck between your interests and ours. Until this balance has been struck, you have the right to request that the processing be restricted.
A restriction of processing means that the personal data, apart from storage, may only be processed with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
provision of the website (web host)
Our website is hosted by:
Shopify International Ltd.
2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32
Ireland
The server location is Canada.
When you visit our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company.
These are:
- IP address of the website visitor's device
- Device used
- hostname of the accessing computer
- visitor's operating system
- browser type and version
- Name of the retrieved file
- time of the server request
- amount of data
- Information whether the data retrieval was successful
This data will not be merged with other data sources.
Instead of running this website on our own server, we can also run it on the server of an external service provider (hosting company), which we have named above in this case. The personal data collected by this website is then stored on the servers of the hosting company. In addition to the data mentioned above, the web host also stores contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website for us.
The legal basis for the processing of this data is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the technically error-free presentation and optimization of this website. If the website is accessed in order to enter into contract negotiations with us or to conclude a contract, this serves as an additional legal basis (Art. 6 Para. 1 lit. b GDPR). In the event that we have commissioned a hosting company, a contract for order processing exists with this service provider.
Use of Local Storage Items, Session Storage Items and Cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that allows data to be stored within the browser on your device. This data usually contains user preferences, such as the "day" or "night mode" of a website, and is retained until you manually delete the data. Session storage is very similar to local storage, whereas the storage period only lasts during the current session, i.e. until the current tab is closed. The session storage items are then deleted from your device. Cookies are information that a web server (server that provides web content) stores on your device in order to be able to identify this device. They are either temporarily deleted for the duration of a session (session cookies) and after you have finished visiting a website, or permanently stored on your device (permanent cookies) until you delete them yourself or they are automatically deleted by your web browser.
These objects can also be stored on your device by third-party companies when you enter our site (third-party requests). This enables us as the operator and you as a visitor to this website to use certain services from third parties that are installed on this website. Examples of this include the processing of payment services or the display of videos.
These mechanisms have a wide range of possible uses. They can improve the functionality of a website, control shopping cart functions, increase the security and convenience of website use, and carry out analyses of visitor flows and behavior. Depending on the individual functions, these are classified under data protection law. If they are necessary for the operation of the website and intended to provide certain functions (shopping cart function) or are used to optimize the website (e.g. cookies to measure visitor behavior), then they are used on the basis of Art. 6 Para. 1 lit. f GDPR. As website operators, we have a legitimate interest in storing local storage items, session storage items, and cookies to ensure that our services are technically error-free and optimized. In all other cases, local storage items, session storage items, and cookies are only stored with your express consent (Art. 6 Para. 1 lit. a GDPR).
If local storage items, session storage or cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection notice. Your required consent will be requested and can be revoked at any time.
use of external services
External services are used on our website. External services are third-party services that are used on our website. This can be done for various reasons, for example for embedding videos or for website security. When using these services, personal data is also passed on to the respective providers of these external services. If we have no legitimate interest in using these services, we will obtain your consent as a visitor to our website before using them, which can be revoked at any time (Art. 6 Para. 1 lit. a GDPR).
Analytics
We process personal data of website visitors to analyse user behaviour. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This enables us to increase the user-friendliness of our website. The analysis tools used could, for example, be used to create user profiles for the display of targeted or interest-based advertising messages, recognise our website visitors the next time they visit our website, measure their click/scroll behaviour and downloads, create heat maps, recognise page views, measure the length of visit or bounce rates, and track the origin of website visitors (city, country, which page the visitor came from). The analysis tools can be used to improve our market research and marketing activities.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 Para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The legality of the processing carried out up to the time of revocation remains unaffected.
Shopify Analytics
We use the Shopify Analytics service on our website. The service provider is Shopify International Ltd., 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
Using the service may result in data being transferred to a third country (Canada). The European Commission has confirmed an adequate level of data protection for the country by means of an adequacy decision.
Further information can be found in the provider’s privacy policy at the following URL: https://www.shopify.com/legal/privacy?shpxid=1c1444d0-C70E-43BB-AD1E-BB3774A7C8C0 .
rating platform
We use rating platforms to display collected ratings on our website and thereby build trust with users. The collected ratings are published on our website. When the website is accessed, a connection is established to the respective provider and data of the website visitor is transferred. Personal data that is processed in this process includes, for example, the IP address.
The legal basis for this processing is our legitimate interest in displaying product ratings and customer reviews (Art. 6 Para. 1 lit. f GDPR).
Judge.me
We use the Judge.me service on our website. The provider of the service is Judge.me Ltd, Buckworths, 1-3 Worship Street, London EC2A 2AB, Great Britain.
Using the service may result in data being transferred to a third country (Great Britain). The European Commission has confirmed an adequate level of data protection for the country by means of an adequacy decision.
Further information can be found in the provider’s privacy policy at the following URL: https://judge.me/privacy .
Content Delivery Network (CDN)
We use a content delivery network (CDN) to optimize the performance and availability of our website. For this purpose, the service provider that provides this network processes your IP address and the information about when you visited our website. You can find all further information on data processing by this service provider in their privacy policy.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest in using a content delivery network is to be able to display our website as quickly, securely and reliably as possible.
unpkg
We use the unpkg service on our website. The provider of the service is unpkg, 1999 Harrison Street Suite 1150, Oakland, California, 94612, United States, USA.
Using the service may result in data being transferred to a third country (USA).
interface software
Business processes are cheaper, faster and more error-free when they are automated with the help of software via interfaces. This means they can be integrated efficiently into company processes via your own website or social networks. We use interface software on our website to link different applications together and to transfer personal data securely from one application to another.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 Para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The legality of the processing carried out up to the time of revocation remains unaffected.
Google APIs
We use the Google APIs service on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Using the service may result in data being transferred to a third country (USA). The provider is certified according to the EU-US Data Privacy Framework and therefore offers an appropriate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy .
web fonts
This site uses so-called web fonts for the uniform display of fonts. These are provided by an external provider and loaded by the browser when the website is accessed. The provider of the web font is informed that our website was accessed from your IP address because your browser establishes a direct connection to the provider of the web font.
The legal basis for this processing is our legitimate interest in a visually appealing website (Art. 6 para. 1 lit. f GDPR).
Google Fonts
We use the Google Fonts service on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Using the service may result in data being transferred to a third country (USA). The provider is certified according to the EU-US Data Privacy Framework and therefore offers an appropriate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy .
web security
We use tools on our website to protect against unauthorized access, spam or other attacks. This increases the security of our website.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest is to ensure the security of our website and to protect ourselves from unauthorized access, spam and other attacks.
Google Recaptcha
We use the Google Recaptcha service on our website. The service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Using the service may result in data being transferred to a third country (USA). The provider is certified according to the EU-US Data Privacy Framework and therefore offers an appropriate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy .
webshop
We offer you our products and/or services via our web shop. As part of the product and/or service sale, we collect, process and use your personal data (e.g. your name, your contact details, but also access times, device information or your IP address) to handle the purchase and payment process.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest lies in the error-free presentation and optimization of our web shop.
Shopify
We use the Shopify service on our website. The service provider is Shopify International Ltd., 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
Using the service may result in data being transferred to a third country (Canada). The European Commission has confirmed an adequate level of data protection for the country by means of an adequacy decision.
Further information can be found in the provider’s privacy policy at the following URL: https://www.shopify.com/legal/privacy?shpxid=1c1444d0-C70E-43BB-AD1E-BB3774A7C8C0 .
payment service providers
We integrate payment services from a company specializing in these services on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) will be transmitted to our payment service provider and processed by them for the purpose of processing the payment. The contractual and data protection provisions of the provider we have selected apply to these transactions.
The respective contract and data protection provisions of the respective providers apply to this processing. The use of payment service providers is based on Art. 6 Para. 1 lit. b GDPR (contract processing) and in the interest of a payment process that is as smooth, convenient and secure as possible (Art. 6 Para. 1 lit. f GDPR).
PayPal
We use the PayPal service on our website. The service provider is PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449, Luxembourg.
Using the service may result in data being transferred to a third country (USA). Data transfer to the USA is based on the EU Commission's standard contractual clauses.
Further information can be found in the provider’s privacy policy at the following URL: https://www.paypal.com/myaccount/privacy/privacyhub .
contact form
On our website, you have the option of contacting us via a contact form. In order to contact us via this form, we require your contact details in particular.
The legal basis for this is processing for the purpose of fulfilling the contract or pre-contractual measures in accordance with Art. 6 (1) (b) GDPR. In addition, there may be a legitimate interest in maintaining business relationships or answering your inquiry for other reasons.
The legal basis for the processing of your data would be Art. 6 (1) lit. f GDPR.
The data will be deleted once we have conclusively answered your request and there are no other retention obligations that prevent this.
Contact by phone or email
In accordance with legal requirements, we have provided a telephone number and email address on our website. The data transmitted in this way is automatically stored by us in order to process corresponding inquiries or to be able to contact the person making the inquiry. We will not pass this data on to third parties without consent.
If you contact us by telephone or via our email address for pre-contractual or contractual purposes, the processing of personal data is based on the legal basis of Art. 6 (1) (b) GDPR. For all other contacts from you, the processing of personal data by us is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR.
presence on Instagram
Social networks process their users' personal data on a large scale. When you visit our profiles, your IP address and other information about the devices you use are processed, which makes it possible to assign IP addresses to individual users. We have no influence on this data processing. We would like to point out that you use our profiles on the social networks and their functions at your own risk. Details on data processing can be found in the operator's privacy policy.
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Detailed information about how personal data is handled can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875 .
The purpose of our profiles on social media platforms is to expand our online presence and thereby increase our awareness. Therefore, the legal basis is legitimate interest in accordance with Art. 6 (1) (f) GDPR. Furthermore, with regard to the processing activities by the social networks, reference must be made to their own legal bases (e.g. consent in accordance with Art. 6 (1) (a) GDPR), which you can find in the respective data protection declaration.
In principle, we and the social media platform are jointly responsible for the data processing operations triggered when you visit our profile. You can therefore assert your rights as a data subject in accordance with Art. 15ff GDPR against the social media platform and against us. However, we would like to point out that we have no influence on the data processing by the social media platform.
presence on YouTube
Our website uses plugins from the YouTube site operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a
A connection is established to the YouTube servers. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
Further information on how user data is handled can be found in YouTube’s privacy policy
registration on the website
Visitors have the option of registering on our website. This requires the provision of personal data. Registration makes it possible to offer services or content that require special information about you. This personal data is processed and stored exclusively for the use of the corresponding service or offer. The purpose of the processing is the fulfillment of pre-contractual services, the fulfillment of the contract or customer care.
This data is generally stored for the period in which you are registered on our website. It may be stored for a longer period if this is required by law.
The processing described above in this subsection is based on the legal basis of consent (Art. 6 para. 1 lit. a GDPR). The data subject has consented to the processing of their personal data with their voluntary, explicit and prior consent. We proceed in the same way if data subjects withdraw their consent.
If registration on the website is necessary to process contract-related content, we rely on the legal basis for the performance of a contract in accordance with Art. 6 (1) (b) GDPR.
newsletter distribution to existing customers
If you order goods or services from us and provide your email address, we may subsequently use this email address to send newsletters, provided we inform you of this in advance. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. You can cancel the sending of this newsletter at any time. There is a corresponding link in every newsletter for this purpose. The legal basis for sending the newsletter in this case is Art. 6 Para. 1 lit. f GDPR in conjunction with Section 7 Para. 3 UWG.
After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist to prevent future mailings to you. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not time-limited. You can object to storage if your interests outweigh our legitimate interest. If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.
Currentness and changes to this privacy policy
This privacy policy is currently valid and is dated June 2024.