data protection

data protection

The protection of your personal data is important to us. Of course, we guarantee their protection within the framework of the legal requirements and handle your personal data carefully. With this declaration we inform you about the types of personal data we collect, the purposes for which this data is collected, how it is processed and what rights you have in this regard.

  1.     Responsible body

The responsible body within the meaning of the data protection laws is

Ovall Skincare GmbH
 Gallmayerstr. 12
 81669 Munich
 Email: hell@ovallskincare.de

  1.     Collection and storage of personal data and the type and purpose of their use

We collect and store personal data in the following cases. We use these exclusively in the manner described below and for the stated purposes.

  1. a) Visiting our website

When you visit our websitewww.ovallskincare.de, the browser used on your end device automatically sends information to the server on our website, which is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

- the IP address of the requesting computer,
 - the date and time of access,
 - the name and URL of the retrieved file,
 - the website from which access is made (referrer URL),
 - the browser used and
 - if applicable, the operating system of your computer and the name of your internet access provider.

Log files are important sources of information to make the processes on a system traceable. They can be used, for example, for problem analysis or the reconstruction of lost data. We use the data stored with the log files in this context to:

- to ensure the connection establishment and the use of our website,
 - evaluate and permanently guarantee system security and stability,
 - to ensure the technical administration of the network infrastructure,
 - to optimize our website,
 - arrange for internal statistical surveys.

The legal basis for data processing is Article 6 Paragraph 1 Clause 1 Letter f GDPR. Our legitimate interest in data processing follows from the purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person. The IP address of the requesting computer is only evaluated in the event of attacks on the network infrastructure and for statistical purposes.

  1. b) Use of the contact form

You have the option of contacting us using a form provided on our website. It is necessary to provide your name, a valid e-mail address and the background to your contact. By providing your contact details, you consent to us using them to answer your request.

We process the data you have made available to us exclusively for the purpose of being able to process and answer your request.

The legal basis for data processing is our legitimate interest in processing your request, Article 6 Paragraph 1 Sentence 1 lit. Article 6 paragraph 1 sentence 1 lit. a GDPR.

We would like to point out that it is not necessary to use our contact form to contact us. We are also available to you via the other contact details provided on our website to answer your request. The personal data collected by us to process your contact will be automatically deleted after the request you have made has been dealt with.

  1. c) Registration online shop

If you want to order our products via our website, this requires that you register with our online shop. During registration, we collect the following personal data:

- First name Last Name,
 - E-mail address,
 - Password and
 - Date of creation of customer account.

This data is collected and processed

- for your registration in our online shop and your further access to it,
 - to identify you as our customer.

The processing of your personal data is necessary in order to manage your registration in our online shop, Article 6 (1) sentence 1 lit. b GDPR.

  1. d) Purchase through our online shop

If you order our products via our online shop, we collect the following personal data in addition to the data already stored during registration:

- possibly company,
 - address, additional address,
 - phone number,
 - date of first purchase,
- if applicable, packing station or post office (packing station number or post office number and post number)

This data is collected and processed

- to process and process the order you placed via our online shop,
 - for information about our product range, our new products and current promotions regarding our product range,
 - for invoicing,
 - to process any liability claims,
 - to enforce our contractual claims against you.

The processing of your personal data is necessary in order to manage your registration in our online shop and to fulfill your orders in accordance with the contract, Art. 6 (1) sentence 1 lit. b GDPR.

Insofar as we use the processed personal data to inform you about our product range, in particular our new products and/or special campaigns in connection with our product range, this is in our legitimate interest, Article 6 Paragraph 1 Sentence 1 lit. f GDPR .

  1. e) Registration for the newsletter

With our electronic newsletter, you will not only receive information about special offers, products, news and events from the Privise.io brand, but also regular surveys about our products and occasional information about retail sales and Privoo.io sweepstakes, where products from partner companies can also be presented.

You can register to receive our electronic newsletter via our website. When you register, we use the so-called double opt-in procedure, ie the registration is only completed when you confirm your wish to receive our electronic newsletter via a link that you receive with an e-mail that we send you on send your request. In this case, we collect the following personal data from you:

- Your email address,
 - your surname and first name,
 - the IP address provided by your internet service provider when confirming the link,
 - the date and time the link was confirmed.

The data mentioned is processed in order to

- to send you the newsletter,
 - to be able to address you personally in our newsletter,
 - the declaration of your consent to receive the electronic newsletter and
- to prove possible misuse of your e-mail address at a later date.

The legal basis for data processing is your consent to this, which you give when you register for our newsletter, Article 6 (1) sentence 1 lit. a GDPR.

Unsubscribe from the newsletter

To unsubscribe from the newsletter, simply send an email to hello@ovallskincare.de with the subject "Unsubscribe newsletter".

  1. f) Cookies and Analysis Services

Finally, we use cookies and analysis services when you visit our website. You will find more detailed explanations in this regard under Section 4 et seq. of this data protection declaration.

  1.     Disclosure of your data to third parties

Your personal data will not be transmitted to third parties for purposes other than those listed below:

We only pass on your personal data to third parties if:

- You have given your express consent to this in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR,
 - Disclosure is necessary in accordance with Article 6 Paragraph 1 Sentence 1 Letter f GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
 - in the event that there is a legal obligation for the transfer according to Art. 6 Para. 1 S. 1 lit. c DSGVO,
- this is permitted by law and required for the processing of contractual relationships with you in accordance with Article 6 (1) sentence 1 lit. b GDPR.

3.1.

Third party credit check

When using Klarna invoice/hire purchase, a credit check is carried out by the third-party provider Klarna .
 We have no influence on the data collection and final decision of the third-party provider.

  1.     Cookies and tracking pixels

Like many other websites, we also use so-called "cookies". Cookies are small text files that your web browser automatically saves on your computer's hard drive when you visit our website. As a result, we automatically receive certain data, such as the IP address and the browser you are using, and can analyze your usage behavior when you visit our website in an anonymous form. Cookies cannot damage your hard drive. In particular, they cannot be used to start programs and/or transmit viruses. We do not receive any personal data about you from the cookies. It is not possible for us to assign the information stored in the cookies to an identified or identifiable natural person.

We also use so-called tracking pixels on our website. Tracking pixels are small scripts that are automatically loaded when you visit our website and enable tracking of your user behavior. As a result, we automatically receive certain data, such as the IP address and the browser you are using, and can analyze your usage behavior when you visit our website in an anonymous form.

Cookies and tracking pixels help us in many ways to make your visit to our website easier, more pleasant and more meaningful. For example, by analyzing the usage behavior of visitors to our website, we are able to tailor our offer to your needs. In some cases, cookies are also used to simplify the ordering process. For the specific purposes that we pursue, we refer to the following explanations of the individual cookies and tracking pixels we use.

If personal data is processed by individual cookies, this is to implement the contract with you, Article 6 Paragraph 1 lit. b GDPR, or due to our legitimate interest in being able to offer you optimal functionality of our website and our website as efficiently and efficiently as possible to operate economically, Art. 6 Para. 1 S. 1 lit. f GDPR, required.

Of course you can also view our website without cookies. Most internet browsers are configured to automatically accept cookies. However, you can deactivate this function at any time or configure your browser in such a way that a message always appears when you receive a new cookie. You can delete cookies that have already been stored. However, we would like to point out that deactivating cookies may mean that you cannot use all the functions of our website.

The following programs that set cookies and tracking pixels are used on our website:

  1. a) Google Inc.

Various services of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter "Google") are used on our website, which we will explain to you below:

To optimize the offer on our website, we use Google Analytics , a web analysis service. Google Analytics uses cookies, which enable an analysis of your use of the website. The information generated by the cookie about your use of this website such as

- browser type/version,
 - operating system used,
 - referrer URL (the previously visited page),
 - host name of the accessing computer (IP address),
 - Time of server request.

are usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you will if applicable not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install.

In addition to or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our website by clicking on this link. An opt-out cookie will be installed on your device. This will prevent future detection by Google Analytics for this website and for this browser as long as the cookie remains installed in your browser.

We use Doubleclick by Google . Doubleclick by Google uses cookies to show you advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which ads were displayed in your browser and which ads were viewed. The cookies do not contain any personal information. The use of DoubleClick cookies enables Google and its partner websites to place ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for evaluation and stored there. Google complies with the data protection provisions of the US Safe Harbor Agreement and is registered with the US Department of Commerce's Safe Harbor program. Under no circumstances will Google combine your data with other data collected by Google.

By using our website, you agree to the processing of data about you by Google and the manner of data processing described above and the stated purpose. You can prevent the storage of cookies by setting your browser software accordingly. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available under the following link.

You can find more information about DoubleClick by Google and data protection here.

We use Google Inc.'s remarketing or "similar target groups" function . This function serves the purpose of analyzing visitor behavior and visitor interests.
 Google uses cookies to carry out the analysis of website usage, which forms the basis for the creation of interest-based advertisements. Visits to the website as well as anonymous data about the use of the website are recorded via the cookies. There is no storage of personal data of visitors to the website. If you then visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas.

Your data may also be transmitted to the USA. There is an adequacy decision by the European Commission for data transfers to the USA.
 The processing takes place on the basis of Art. 6 (1) lit. f GDPR from the legitimate interest of targeting visitors to the website with advertising by placing personalized, interest-based advertisements for visitors to the provider's website when they visit other websites Visit on the Google Display Network.

You can permanently disable the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: https://support.google.com/ads/answer/7395996?hl=de

Alternatively, you can deactivate the use of cookies by third-party providers by calling up the deactivation page of the Network Advertising Initiative at https://www.networkadvertising.org/choices/ and implementing the additional information provided there on opting out.

You can find more information about Google Remarketing and the associated data protection declaration at: https://www.google.com/privacy/ads/ .

We also use Google Conversion Tracking to statistically record the use of our website and to evaluate it for you in order to optimize our website . Google Adwords places a cookie (see section 5) on your computer if you have reached our website via a Google ad.

These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

Each Adwords customer receives a different cookie. This means that cookies cannot be tracked via the websites of Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are informed of the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

If you do not want to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the "www.googleadservices.com" domain are blocked.

Google's privacy policy on conversion tracking can be found here https://services.google.com/sitestats/de.html .

  1. b) Facebook Inc.

If you have consented to this when visiting our website, we use the Facebook pixel , the tracking pixel of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. With the help of this pixel, the behavior of users can be tracked after they have been redirected to our website by clicking on a Facebook ad. This allows us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, about which we will inform you according to our level of knowledge. Facebook can connect this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's data usage guidelines, which you can view here.

You also have the option of blocking Facebook and its partners from placing advertisements. You can edit the settings for Facebook's advertising under the following link: https://www.facebook.com/ads/website_custom_audiences/ .

  1. c) Adform Conversion Tracking

This website uses Adform conversion tracking . The conversion tracking cookie is set when a user has contact with an ad placed by Adform. These cookies do not contain any information that personally identifies users. Users who do not wish to participate in tracking can deactivate the Adform cookie via their Internet browser. For more information about Adform's privacy policy, visit https://site.adform.com/privacy-policy-opt-out/ . There is also the possibility to prevent tracking via an opt-out.

  1. d) Amazon Inc.

We use the functions of the two web analysis services Amazon Conversion Pixel and Amazon Remarketing Pixel on our website . The provider is Amazon.com, Inc., 410 Terry Ave. North Seattle, WA, USA. The Amazon Conversion Pixel and the Amazon Remarketing Pixel also use cookies, which are stored on your end device and which enable an analysis of your use of the website and personalized advertising.

Here, too, you can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out once again that in this case you may not be able to use all the functions of this website to their full extent.

You can also prevent the data generated by the cookie and related to your use of the website from being sent to Amazon and the processing of this data by Amazon by clicking on this link and selecting the setting “Advertisements shown by Amazon for this Internet browser not personalise”: https://www.amazon.de/adprefs .

Alternatively, you can make the appropriate settings at http://www.youronlinechoices.com/de . An opt-out cookie will then be set in your browser, which will prevent future collection of your data by the Amazon pixel when you visit our website. This objection applies as long as you do not delete the opt-out cookie.

  1. e) Microsoft Inc. (Bing Ads)

We also use conversion tracking from Microsoft . The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). When you use Microsoft Bing Ads, a cookie is placed on your computer if you have accessed our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, was redirected to our website and has reached a predetermined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then forwarded to the conversion page. No personal information on the identity of the user is communicated. If you do not want to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example via a browser setting that generally deactivates the automatic setting of cookies. Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement .

  1. Use of social media plugins

We use so-called plugins (buttons) from various social networks on our website so that you can also use the interactive options of the social networks you use on our website. These plugins provide different functions, the object and scope of which is not determined by us but by the operators of the social networks.

Please note that we are not providers of the social networks and have no influence on the data processing or content of the respective service providers. The legal basis for the use of the plugins is that if the link via social media plugins involves the processing of personal data, this is in our legitimate interest in enabling you to interact directly with social networks of which you are a member via the design of our website in our legitimate interest in providing interaction options for advertising purposes, Art. 6 Para. 1 f EU-GDPR.

We use the following social media plugins. We would like to inform you about how they work as follows:

  1. a) Facebook

Plugins from the social network "Facebook", 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated into our website. You can recognize the Facebook plugins by the Facebook logo or the “Like button” (“I like”) on our site. An overview of the Facebook plugins can be found here .

If you activate the plugin, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our website with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can refer to the content of our pages in your Facebook profile.

We would like to point out that we have no knowledge of the content of the transmitted data or how it is used by Facebook and that we are not responsible for Facebook's data processing. You can find more information on this in Facebook's privacy policy .

  1. b) Instagram

Instagram plugins operated by Instagram LLC , 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram") are used on our website. The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearance can be found here .

If you activate the plugin, a direct connection is established between your browser and the Instagram server via the plugin. Instagram receives the information that you have visited our website with your IP address. In this case, this information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there.

If you are logged in to Instagram, Instagram can immediately assign your visit to our website to your Instagram account. If you interact with the plugins, for example by pressing the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there.

We would like to point out that we have no knowledge of the content of the transmitted data or how it is used by Instagram and that we are not responsible for Instagram's data processing. For more information, see Instagram's privacy policy .

  1. c) Pinterest

On our site we use plugins from the Pinterest social network operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest"). If you activate the plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may include your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, how you use Pinterest and cookies.

Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights in this regard and options for protecting your privacy can be found in Pinterest's data protection information .

  1.     Social networks

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our data protection declaration, we process user data if they communicate with us within social networks and platforms, e.g. write posts on our online presence or send us messages.

If users leave comments or other contributions on our social media presence, their IP addresses are stored for 7 days on the basis of our legitimate interests within the meaning of Article 6 Paragraph 1 lit. f GDPR. This is for our security if someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.

  1.     data security

When you visit our website, we use the widespread SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.

  1.     Duration of data storage

In accordance with the principles of data avoidance and economy, your information will not be processed by us for longer than is necessary for the purpose for which it was collected or as provided for by law. As soon as the purpose of the data processing no longer applies and/or statutory storage periods have expired, the data stored by you will be deleted.

  1.     rights of the data subject

If you are affected by the processing of personal data, you have the following rights:

  1. a) Right to information, Art. 15 GDPR

In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details.

  1. b) Correction and completion, Art. 16 GDPR

In accordance with Art. 16 GDPR, you have the right to immediately request the correction of incorrect or incomplete personal data stored by us.

  1. c) Deletion, Art. 17 GDPR

In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defense of legal claims is required.

  1. d) Restriction of processing, Art. 18 GDPR

In accordance with Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data but you do to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

  1. e) Provision of stored data, Art. 20 GDPR

In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible.

  1. f) Revocation of granted consent, Art. 7 Para. 3 GDPR

In accordance with Art. 7 Para. 3 GDPR, you have the right to revoke the consent you have given us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future.

  1. g) Right of appeal, Art. 77 GDPR

According to Art. 77 GDPR you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

  1.     Right to object

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided there are reasons for this, which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a particular situation. If you would like to make use of your right of revocation or objection, an e-mail to hello@ovallskincare.de is sufficient

  1.     Change to our privacy policy

We reserve the right to adapt our data protection declaration to ensure that it always complies with the applicable legal requirements, especially when there are changes to our services. When you visit our website, the current version of the data protection declaration published on our website always applies.

  1.   Questions to the data protection officer

If you have any questions about our data protection, please contact hello@ovallskincare.de directly or by post to Ovall Skincare GmbH, Gallmayerstr. 12 in 81669 Munich.