1) Information about the collection of personal data and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we will inform you about how your personal data is handled when you use our website. Personal data is all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Felicitas Bachmann, Klosterallee 100, 20144 Hamburg, Germany, Tel.: 0404800803, Fax: 0404800620, email: fbachmann@salon-hamburg.de. The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (eg orders or inquiries to the person responsible), this website uses an SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.
2) Data collection when you visit our website
If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if necessary: in anonymized form)
The processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
3) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable your browser to be recognized the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing takes place in accordance with Article 6 (1) (b) GDPR either for the execution of the contract, in accordance with Article 6 (1) (a) GDPR in the event that consent has been given or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com
Firefox: https://support.mozilla.org
Chrome: https://support.google.com
Safari: https://support.apple.com
Opera: https://help.opera.com
Please note that if cookies are not accepted, the functionality of our website may be restricted.
4) Contact
5) Online appointment scheduling
Dedicated function for making appointments online
We process your personal data as part of the online appointment arrangement provided. You can see which data we collect for online appointment booking from the respective input form or the appointment query for appointment booking. If certain data is necessary in order to be able to make an online appointment, we will indicate this accordingly in the input form or in the appointment request. If we provide you with a free text field in the input form, you can describe your request in more detail there. You can then control for yourself which additional data you would like to enter. The data you provide will be stored and used exclusively for the purpose of making an appointment. When processing personal data, which are necessary to fulfill a contract with you (this also applies to processing operations that are necessary to carry out pre-contractual measures), Art. 6 Para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing will be carried out on the basis of Art. 6 Para. 1 lit. a GDPR. A given consent can be revoked at any time by sending a message to the person responsible named at the beginning of this declaration.
6) Data processing when opening a customer account and for contract processing
In accordance with Article 6 (1) (b) GDPR, personal data will continue to be collected and processed if you provide it to us to execute a contract or open a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We store and use the data you provide to process the contract. After the contract has been completed or your customer account has been deleted, your data will be blocked with regard to retention periods under tax and commercial law and deleted after these periods have expired,
7) Use of customer data for direct advertising
7.1 Registration for our email newsletter
If you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you consent to receiving newsletters. We will then send you a confirmation email asking you to click on a link to confirm that you wish to receive the newsletter in the future.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6 (1) (a) GDPR. When registering for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later point in time. The data collected by us when registering for the newsletter is used exclusively for advertising purposes by way of the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the person responsible mentioned at the beginning. After you have unsubscribed, your e-mail address will be deleted immediately from our newsletter distribution list,
7.2 Sending the e-mail newsletter to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers by email for goods or services similar to those you have already purchased from our range. In accordance with Section 7 Paragraph 3 UWG, we do not need to obtain your separate consent for this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Article 6 (1) (f) GDPR. If you have initially objected to the use of your email address for this purpose, we will not send emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with future effect by notifying the person responsible named at the beginning. For this you will only incur transmission costs according to the basic tariffs. Once your objection has been received, the use of your email address for advertising purposes will be stopped immediately.
7.3 Newsletter dispatch via MailChimp
Our e-mail newsletter is dispatched via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA ( http ://www.mailchimp.com
MailChimp uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on. With the help of the web beacons, Mailchimp automatically creates general, non-personal statistics about the reaction behavior to newsletter campaigns. On the basis of our legitimate interest in the statistical evaluation of the newsletter campaigns to optimize advertising communication and better alignment with recipient interests, the web beacons in accordance with Art. 6 Para. 1 lit f DSGVO but also data of the respective newsletter recipient is collected and used (email address, time of access, IP address, browser type and operating system). This data allows an individual conclusion to be drawn about the newsletter recipient and is processed by Mailchimp to automatically create statistics that show whether a specific recipient has opened a newsletter message.
If you would like to deactivate data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
MailChimp can also use this data in accordance with Article 6 (1) (f) GDPR itself due to its own legitimate interest in the needs-based design and optimization of the service and for market research purposes, for example to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them ourselves or to pass them on to third parties.
To protect your data in the USA, we have concluded a data processing agreement with MailChimp based on the standard contractual clauses of the European Commission in order to enable the transmission of your personal data to MailChimp. If you are interested, this data processing contract can be viewed at the following Internet address: https://mailchimp.com
You can view the data protection provisions of MailChimp here:
https://mailchimp.com
8) Data processing for order processing
8.1 Insofar as it is necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned bank in accordance with Article 6 Paragraph 1 lit. b GDPR.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data you provide when ordering (name, address, e-mail address) in order to inform you within the framework of our legal information obligations in accordance with Art. 6 Para 1 lit. c GDPR via a suitable communication channel (e.g. by post or e-mail) about upcoming updates in the period stipulated by law. Your contact details will be used strictly earmarked for notifications about updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the information in question.
In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
8.2 Use of payment service providers (payment services)
- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, we pass on your payment data to PayPal (Europe) Sarl et Cie, SCA, as part of the payment processing. 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check in relation to the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, They are based on a scientifically recognized mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values. Further data protection information, including information on the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
9) Web Analytics Services
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses so-called "cookies", which are text files that are stored on your end device and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the abbreviated IP address) is usually transmitted to a Google server and stored there. This can also result in transmission to the servers of Google LLC. come in the US.
This website uses Google (Universal) Analytics exclusively with the "_anonymizeIp()" extension, which ensures anonymization of the IP address by shortening it and excludes direct personal reference. As a result of the extension, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google LLC server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage.
Using a special function, the so-called "demographic characteristics", Google Analytics also enables the creation of statistics with statements about the age, gender and interests of the site visitors on the basis of an evaluation of interest-related advertising and using third-party information. This allows the definition and differentiation of user groups of the website for the purpose of target group-optimized alignment of marketing measures. However, records collected using “demographic characteristics” cannot be assigned to a specific person. Details on the processing initiated by Google
Analytics and how Google handles data from websites can be found here : https://policies.google.com/technologies/partner-sites
All of the processing described above, in particular the setting of Google Analytics cookies for reading information on the end device used, will only be carried out if you have given us your express consent in accordance with Article 6 (1) (a) GDPR. Without this consent, Google Analytics will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website. We have concluded an order processing agreement with Google for the use of Google Analytics, which obliges Google to protect the data of our site visitors and not to pass it on to third parties.
For the transfer of data from the EU to the USA, Google relies on so-called standard data protection clauses from the European Commission, which are intended to ensure compliance with the European data protection level in the USA. Further information on Google (Universal) Analytics can be
found here: https://policies.google.com/privacy
10) Tools and miscellaneous
10.1 Google Customer Reviews (formerly Google Certified Reseller Program)
We work with Google through the Google Customer Reviews program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This program gives us the opportunity to collect customer reviews from users of our website. After making a purchase on our website, you will be asked whether you would like to take part in a Google email survey. If you give your consent in accordance with Article 6 Paragraph 1 Letter a GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate your purchasing experience on our website. The review you submit will then be aggregated with our other reviews and displayed on our Google Customer Reviews logo and on our Merchant Center dashboard. Your rating will also be used for Google seller ratings. As part of the use of Google customer reviews, personal data may also be transmitted to the servers of Google LLC. come to the USA.
You can revoke your consent at any time by sending a message to the person responsible for data processing or to Google.
Further information about Google's data protection in connection with the Google customer reviews program can be found at the following link: https://support.google.com
You can read more information about Google Seller Ratings data protection at this link: https://support.google.com
10.2 Applications for job advertisements via email
We advertise current vacant positions in a separate section on our website, for which interested parties can apply by email to the contact address provided.
Inclusion in the application process requires that applicants provide us with all personal data required for a well-founded and informed assessment and selection together with the application by e-mail.
The required information includes general personal information (name, address, a telephone or electronic contact option) as well as performance-specific evidence of the qualifications required for a position. It may also be necessary to provide health-related information, which must be taken into account in the interest of social protection in the person of the applicant in terms of labor and social law.
Which components an application must contain in individual cases in order to be considered and in which form these components must be sent by email can be found in the respective job advertisement.
After receipt of the application sent using the email contact address provided, the applicant data will be stored by us and evaluated exclusively for the purpose of processing the application. For questions that arise during processing, we use either the email address provided by the applicant with their application or a telephone number provided, at our discretion.
The legal basis for this processing, including contacting us for queries, is generally Article 6 Paragraph 1 Letter b GDPR (for processing in Germany in conjunction with Section 26 Paragraph 1 BDSG), in the sense of which going through the application process is considered to be the initiation of an employment contract.
If special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g. health data such as information about severely disabled status) are requested from applicants as part of the application process, processing takes place in accordance with Art. 9 Para. 2 lit. b. GDPR, so that we can exercise the rights under labor law and social security and social protection law and fulfill our obligations in this regard.
Cumulatively or alternatively, the processing of special categories of data may also be based on Article 9 Paragraph 1 Letter h of the GDPR if it is for the purposes of preventive health care or occupational medicine, for assessing the applicant's ability to work, for medical diagnostics, care or Treatment is carried out in the health or social sector or for the management of systems and services in the health or social sector.
If an applicant is not selected in the course of the evaluation described above or if an applicant withdraws their application prematurely, the data transmitted by email and all electronic correspondence, including the original application email, will be deleted after a corresponding notification at the latest after 6 months. This deadline is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, in being able to meet our obligations to provide evidence under the regulations on equal treatment of applicants.
In the event of a successful application, the data provided will be further processed on the basis of Article 6 Paragraph 1 Letter b GDPR (for processing in Germany in conjunction with Section 26 Paragraph 1 BDSG) for the purposes of carrying out the employment relationship.
10.3 - Google Maps
On our website we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Maps is a web service for displaying interactive (land) maps to visually display geographical information. By using this service, our location will be displayed to you and any journey will be made easier.
As soon as you call up those sub-pages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google's servers and stored there. This can also result in transmission to the servers of Google LLC. come to the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and evaluation are carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on Google's legitimate interest in displaying personalized advertising, market research and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website cannot then be used. Market research and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and therefore the map display on this website cannot then be used. Market research and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and therefore the map display on this website cannot then be used. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and therefore the map display on this website cannot then be used. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and therefore the map display on this website cannot then be used.
You can view Google's terms of use at https://www.google.de
Detailed information on data protection in connection with the use of Google Maps can be found on the Google website (“Google Privacy Policy”): https://www.google.de
Insofar as this is legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR to process your data as described above. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the above-described option to make an objection.
11) Rights of the person concerned
11.1 The applicable data protection law grants you the following data subject rights (rights to information and intervention rights) vis-à-vis the person responsible with regard to the processing of your personal data, whereby reference is made to the legal basis given for the respective exercise requirements:
- Right to information according to Art. 15 GDPR;
- Right to rectification in accordance with Art. 16 GDPR;
- Right to deletion in accordance with Art. 17 GDPR;
- Right to restriction of processing in accordance with Art. 18 GDPR;
- Right to information according to Art. 19 GDPR;
- Right to data portability according to Art. 20 GDPR;
- Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR;
- Right to complain in accordance with Art. 77 GDPR.
11.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS IN OUR PREVIOUS LEGITIMATE INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPREHENSIVE REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING IS FOR THE CERTIFICATION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. YOU MAY OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED FOR DIRECT MARKETING PURPOSES.
12) Duration of storage of personal data
The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing and - if relevant - additionally based on the respective legal retention period (e.g. commercial and tax law retention periods).
If personal data is processed on the basis of an express consent in accordance with Article 6 Paragraph 1 lit. a GDPR, this data will be stored until the data subject revokes his consent.
If there are statutory retention periods for data that are processed within the framework of legal or transaction-like obligations on the basis of Article 6 Para. 1 lit and/or we have no legitimate interest in further storage.
When personal data is processed on the basis of Article 6 (1) (f) GDPR, this data is stored until the data subject exercises his or her right to object under Article 21 (1) GDPR, unless we can provide compelling reasons worthy of protection for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Article 6 Paragraph 1 lit. f GDPR, this data is stored until the data subject exercises his right of objection under Article 21 Paragraph 2 GDPR.
Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.