1. Name and contact details of the data controller
(1) Thank you for visiting our website and for your interest in our company and our products. The protection and confidential treatment of your personal data is an important concern for us. Your personal data is processed exclusively in accordance with the statutory provisions of data protection law, in particular the EU General Data Protection Regulation (GDPR).
Accordingly, we have compiled important information regarding the treatment of your data to provide you with information about the processing of your personal data and about your rights as a data subject.
(2) The data controller as per Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is
Köhlershohner Straße 60
53578 Windhagen, Germany
Tel: +49 2224-818-0
You can contact our Data Protection Officer at email@example.com or via our postal address, adding "the Data Protection Officer".
(3) When you contact us via e-mail or via a contact form, we will store the data that you provide (your e-mail address, name and telephone number, if applicable) in order to respond to your questions. We will delete the data collected in this context when is no longer needed to be stored, or restrict the processing if statutory retention obligations exist which do not allow deletion until a later date.
(4) If we use service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes and obtain the necessary consent. We will also state the defined criteria for the storage duration.
2. Collection and processing of personal data
2.1 Personal data
Personal data is information that relates to an identified or identifiable individual. This primarily includes information that enables conclusions to be drawn about your identity, for example your name, your telephone number, your address or e-mail address. Statistical data that we collect when you visit our website, for example, and that cannot be linked to you personally is not regarded as personal data.
In principle, you can use our online offer without providing personal data. However, using certain services may require the provision of personal data, such as registration or participating in a competition. Mandatory information is marked with an *. If you do not wish to provide us with the required data, then unfortunately you will not be able to use the corresponding services.
2.2 Processing of personal information
We will store your information on specially protected servers within the European Union. These servers are protected against loss, destruction, access, modification or distribution of your data by unauthorised persons by means of technical and organisational measures. Only a small number of authorised persons may access your data. These persons are responsible for the technical, commercial or editorial support of the servers. Despite regular checks, complete protection against all risks is not possible.
Your personal data is transmitted via the Internet in encrypted form. We utilise SSL encryption (Secure Socket Layer) for the data transmission.
2.3 Disclosure of personal data to third parties
We will only use your personal information to provide the services that you have requested. Insofar as we use external service providers to provide services, they may also only access the data exclusively for the purpose of service provision. We take technical and organisational measures to ensure compliance with the data protection law and also require the same from our external service providers.
Furthermore, we do not pass on the data to third parties without your express consent, in particular not for advertising purposes. Your personal data will only be passed on if you have consented to the data being passed on or if we are entitled or obliged to do so due to statutory regulations and/or official or court orders. In particular, this may involve the provision of information for the purposes of criminal prosecution, the prevention of danger or the enforcement of intellectual property rights.
2.4 Legal basis for the data processing
Insofar as we obtain consent for the processing of your personal data, Art. 6 (1) a) GDPR serves as the legal basis for the data processing. Insofar as we process your personal data in order to fulfil a contract or due to a contractual relationship with you, Art. 6 (1) b) GDPR serves as the legal basis for the data processing. Insofar as we process your personal data in order to fulfil a legal obligation, Art. 6 (1) c) GDPR serves as the legal basis for the data processing. Furthermore, Art. 6 (1) f) GDPR can serve as the legal basis for the data processing if the processing of your personal data is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not require the protection of personal data.
2.5 Data deletion and storage period
We always delete or block your personal data when the purpose for storing this data is no longer applicable. However, storage beyond may take place if required by laws to which we are subject. This may include statutory storage and documentation obligations, for example. In such a case, we will delete or block your personal data after the end of the corresponding legal requirements. We will store the data is stored for as long as it is required for the fulfilment of the contract. In addition, we will store this data in order to fulfil post-contractual obligations and as a consequence of retention periods under commercial and tax law for the legally prescribed period. This retention period is generally 6 months but may be up to 10 years, if necessary.
3. Use of our online offers
3.1 Device and access data and creation of log files
When you access our website, www.melume-cosmetics.eu, the browser used on your terminal device automatically sends information to the server of our website. This information is stored temporarily in a log file. The following information is collected without any action on your part and stored until it is deleted automatically:
IP address of the requesting computer or device,
Date and time of access,
Name and URL of the retrieved file,
Website from which the access takes place (referrer URL),
the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
We utilise cookies for the use of our online offer. These are small files that are automatically created by your browser and stored on your terminal device (laptop, tablet, smartphone, etc.) when you visit our site. They do not cause any damage to your terminal device and do not contain any viruses, Trojans or other malware. The cookie stores information that is generated specifically in connection with terminal device used. However, this does not mean that we gain direct knowledge of your identity. On one hand, utilising cookies serves to make the use of our offer more convenient for you.
The data processed by cookies is necessary for the aforementioned purposes in order to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) s. 1 f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser in such a way that cookies are not stored on your computer or a message is always displayed before a new cookie is created. Complete deactivation of cookies may mean that you are unable to use all of the functions of our website.
3.3 Analysis applications used:
Google Tag Manager:
We use the service provider maxcluster GmbH, Lise-Meitner-Str. 1b, 33104 Paderborn, Germany for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on the servers of maxcluster GmbH.
If maxcluster GmbH processes data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.
Maxcluster GmbH can have the data processed in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO).
Further information on maxcluster GmbH's data protection can be found on the following website: https://maxcluster.de/en/datenschutz.
We offer alternative ways for you to contact us in order to submit service requests via phone or e-mail. The following data may be collected and processed as part of the contact forms
- E-mail address
- IP addresses.
Insofar as the data used in the contact forms is used to provide contractual services to data subjects, the legal basis for the processing is Art. 6 (1) b) GDPR. Furthermore, Art. 6 (1) a) GDPR serves as the legal basis if you have consented to the data processing. The data processing that takes place via the cookies is based on Art. (6) 1 f) GDPR – a legitimate interest. Our legitimate interest consists of the fact that we must ensure the function and security of our website.
6. Order processing
We only use your personal information when placing orders within our company and affiliated companies as well as with the company commissioned to process orders. We set up password-protected direct access to the stored data (customer account) for every customer who registers accordingly. Here, you can view data about your completed, open and recently shipped orders and correct or change the data you have stored. The legal basis for the data processing is Art. 6 (1) b) GDPR.
6.1 Storage and data transfer for orders
To process orders, we cooperate with various companies that are responsible for payment processing and logistics. We ensure that our partners also comply with the data protection regulations. Accordingly, we pass on your address data (name, and address, e-mail address and telephone number) to the respective transport company that delivers the ordered products to you. The legal basis for this is Art. 6 (1) b) GDPR. The processing of your personal data is necessary for the performance of the contract with you.
6.2 Payment processing for orders
The legal basis for the payment processing is Art. 6 (1) b) GDPR. The processing of your personal data is necessary for the performance of the contract with you, whereby you may freely select the method of payment.
7. Communication with us
You can contact us via various channels such as via our e-mail addresses listed on the website. We will also be happy keep you informed via e-mail with our regular newsletter.
When you subscribe to our newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe. You will receive regular information via e-mail regarding current topics as well as e-mails due to special events such as campaigns. The e-mails may be personalised and individualised on the basis of our information about you.
Unless you have granted us your consent in writing, we use the double opt-in procedure when you register for our newsletter. This means that we will only send you a newsletter via e-mail if you have explicitly confirmed beforehand that you want us to activate the newsletter delivery. We will then send you a notification e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link included in this e-mail.
The legal basis for the processing of your data is your consent according to Art. 6 (1) a) GDPR, if you have explicitly registered for the newsletter. Within the context of the legal guidelines, you may also receive our newsletter from us without your explicit consent due to the fact that you have ordered goods or services from us, we have received your e-mail address in this context and you have not objected to receiving information by e-mail. In this case, the legal basis is our legitimate interest in transmitting direct advertising in accordance with Art. 6 (1) f) GDPR.
If you no longer wish to receive newsletters from us, you can revoke your consent at any time effective for the future or object to receiving any further newsletters without incurring any costs other than the transmission costs as per the basic rates. Simply use the unsubscribe link included in every newsletter or send a message to us or to our Data Protection Officer.
Newsletter distribution via Klaviyo
Our e-mail newsletters are distributed via the technical service provider Klaviyo, 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/) ("Klaviyo"), to whom we pass on the data that you provided when you registered for the newsletter. This data is passed on in accordance with Art. 6 (1) f) GDPR and serves our legitimate interest in using a newsletter system that is effective for advertising, secure and user-friendly. Please note that your data is usually transferred to a Klaviyo server in the USA and stored there.
Klaviyo uses this information to send the newsletter on our behalf. Klaviyo does not use the data of our newsletter recipients to write to them its own behalf or to pass this on to third parties. Klaviyo is also certified under the US-European data protection agreement "Privacy Shied" and is, therefore, committed to compliance with EU data protection law.
7.2 Social media
Our online offer contains links to the social networks Facebook, Instagram and Pinterest as well as links to YouTube. You can recognise the links by the respective logo of the providers.
Personal information is not transmitted to the respective providers before the corresponding links are accessed. Your access to the linked page is simultaneously the basis for the data processing by the respective providers.
8. Your rights
We highly value explaining the processing of your personal data as transparently as possible and also informing you about the rights to which you are entitled. If you would like to obtain further information or to exercise the rights to which you are entitled, you can contact us at any time so that we can address with your issue.
You have extensive rights with regard to the processing of your personal data. Firstly, you have a comprehensive right to information and can demand the rectification and/or deletion or blocking of your personal data. You can also request restriction of processing and have the right to object. You also have a right to data portability with regard to the personal data you make available us.
To exercise your rights as described here, you may contact us at any time using the contact information provided under "Contact person and person responsible". As a data subject you have the following rights subject to the respective legal conditions:
Right to withdrawal (Article 7 GDPR)
In accordance with Article 7 (2) GDPR, you have the right to withdraw your consent at any time. As a consequence, we will no longer continue to process the data based on this consent for the future. The withdrawal of consent does not affect the legality of the processing carried out in accordance with the consent prior to the withdrawal. Insofar as we process your data on the basis of legitimate interests in accordance with Art. 6 (1) s. 1 f) GDPR, you have the right to object to the processing of your data in accordance with Art. 21 GDPR, insofar as reasons therefore exist as a result of your particular situation or the objection pertains to direct advertising. In the latter case, you have a general right to object, which we will also implement without requiring reasons. If you wish to exercise your right of withdrawal or objection, sending an informal message to the contact details provided above is adequate.
Right to information (Article 15 GDPR, Section 34 BDSG)
In accordance with Art. 15 GDPR, you can request information about your data which we process. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about the details thereof.
Right to rectification (Article 16 GDPR, Section 34 BDSG)
In accordance with Art. 16 GDPR, you can request the immediate rectification of incorrect data or the completion of your data which we store. If you wish to rectify the data that you provided when registering, please do so via setting in your user account.
Right to erasure (Article 17 GDPR, Section 35 BDSG)
In accordance with Art. 17 GDPR, you may request the erasure of your data which we store, unless the processing is necessary to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims. You can delete your user account yourself via your settings.
You can request that we delete your data in the following cases:
Your personal data is no longer needed for the purposes for which it was collected
Your consent was the exclusive legal basis for the processing and you have revoked your consent
You have objected to the processing for advertising purposes ("advertising objection")
You have objected to processing based on legitimate interest due to personal reasons and we were unable to demonstrate that prevailing reasons for processing exist
Your personal data has been processed unlawfully; or
Your personal data must be deleted to comply with legal obligations.
Right to restriction of processing (Article 18 GDPR)
In accordance with Art. 18 GDPR, you may request the restriction of processing of your data to the extent that you dispute the correctness of the data or the processing is unlawful.
This applies, in particular, when
you dispute the correctness of your personal data and then until such times as we have had the opportunity to verify its correctness
the processing was not lawful and you request restriction of processing instead of deletion (see previous section)
we no longer require your data for the purposes of processing however you need the data to assert, exercise or defend your legal claims
you have objected due to personal reasons and then until such times as it has been determined whether your interests take precedence
If a right to the restriction of processing exists, we will flag the data concerned to ensure that it is only processed within the strict limits that apply to such restricted data (namely, in particular, for the defence of legal claims or with your consent).
Right to data portability (Article 20 GDPR)
In accordance with Art. 20 GDPR, you may obtain your data that you have made available us in a structured, common and machine-readable format or request that it be transferred to another data controller ("data portability").
Right to object to direct marketing
You can also object to the processing of your personal data for advertising purposes at any time ("advertising objection"). Please be aware that due to organisational reasons there may be an overlap between your revocation and the use of your data within the context of an existing campaign.
Right to object due to personal reasons
You have the right to object to data processing by us due to reasons relating to your particular situation, insofar as this is due to the legal basis of legitimate interest. We will then cease processing your data unless we can demonstrate – in accordance with the legal requirements – compelling legitimate reasons to continue processing which take precedence over your rights or the processing is for the assertion, exercise or defence of legal claims.
Right to complain to a supervisory authority
You also have the right to complain to the responsible data protection supervisory authority. This is:
The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate
Hintere Bleiche 34
55116 Mainz, Germany
Tel: +49 61 31/208 22 26