Privacy policy
Mann & Schröder GmbH (hereinafter referred to as “Mann & Schröder Cosmetics”), Bahnhofstraße 14, 74936 Siegelsbach and Schröder Cosmetics GmbH & Co. KG (hereinafter referred to as “Schröder Cosmetics”), Mann & Schröder Str. 1, 74928 Hüffenhardt (hereinafter also referred to jointly as “we or our”) take the protection of your personal data very seriously and strictly adhere to all applicable laws and regulations on data protection, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG).
The following explanations provide you with an overview of how we ensure this protection and which data we process for which purpose.
1. Usage data
Every time this website is accessed and every time a file is retrieved, general data about this process is automatically stored in a log file. The storage serves exclusively system-related and statistical purposes (based on Art. 6 para. 1 letter f.) DSGVO), as well as in exceptional cases to report criminal offences (based on Art. 6 para. 1 letter f.) DSGVO, § 25 para. 2 No. 2 TTDSG). Our legitimate interest is to ensure the delivery of the website and to combat abuse and troubleshooting. The data is not passed on to third parties or evaluated in any other way, unless there is a legal obligation to do so (Art. 6 para. 1 letter c) DSGVO). In detail, the following data record is stored about each retrieval:
- name of the retrieved file
- date and time of the retrieval
- amount of data transferred
- message whether the retrieval was successful
- description of the type of web browser used
- operating system used
- the previously visited page
- provider
- your IP address
We pass on the collected data to the responsible internal departments or to external service providers who act for us as order processors (e.g. hoster, provider of the content management system) for processing in accordance with the processing required for the presentation of the website and the creation of the content.
The deletion of the log file takes place as soon as they are no longer needed for the purposes mentioned, at the latest after 7 days.
2. Personal data via the contact form, competitions and post comments.
Personal data will only be processed by us if we are permitted to do so by law, or if you have given us your consent.
In detail:
a. Contact form
When you contact us, we store your data on the basis of Art. 6 (1) (b) DSGVO, in the case of inquiries in connection with a contract, and Art. 6 (1) (f) DSGVO for the purpose of processing your inquiry and in the event that further correspondence should take place. When processing the data that arises in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal review or in accordance with the respective communication request.
For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. For the use of the contact form, the following data is mandatory:
- your first and last name,
- a valid e-mail address,
- your specific message.
The listed data will be processed by us for the following purposes:
- to be able to identify you and
- to be able to answer your question.
In addition, you can voluntarily provide your address for a postal contact.
The use of the form provided via the website is on a voluntary basis and is neither contractually nor legally required. You are not obliged to contact us via the form, but can also use the other contact options provided on our website. If you wish to use our form, you must fill in the fields marked as mandatory. If you do not fill in the required information of the form, you will either not be able to send the request or we will unfortunately not be able to process your request.
We pass on the collected data to the respective internal departments for processing. In addition, external IT service providers such as our hoster have access to the data entered via the form.
The personal data collected by us for the purpose of responding to your inquiry will be automatically deleted after the inquiry you have made has been dealt with, if the circumstances indicate that the matter in question has been conclusively clarified and there are no legal obligations to retain the data.
b. Competitions
For the participation, the execution and the dispatch of prize notifications as well as prizes, we require personal data from you. This includes for example
- your first and last name,
- your e-mail address,
- if applicable, your address,
- if applicable, your date of birth
- if applicable, your telephone number.
The legal basis for this is Art. 6 para. 1 lit. b) EU DSGVO, i.e. you provide us with the data on the basis of the contractual relationship (conditions of participation) between you and us. For details on the contractual relationship, please refer to the respective conditions of participation. The provision of your personal data is necessary for the conclusion of the contract. You are not obliged to provide the personal data. If you do not provide your data, you will not be able to participate in the competition.
If we organize competitions on social media platforms (e.g. Instagram), we would like to ask you to also observe the data protection provisions of the respective platform.
In some cases, we pass on your data to service providers
- for the shipment of raffle prizes to a shipping company and / or
- for the processing of sweepstakes to the website hoster.
For some sweepstakes, it is also necessary for the processing to transmit your data to our cooperation partners who support us in the implementation of sweepstakes, or to have them process your data so that they can contact the winner and/or deliver or provide the prizes. We inform you about our cooperation partners in the respective conditions of participation.
In addition, we also organize sweepstakes together with other organizers (partners). For the processing of your data in the context of jointly organized sweepstakes, there is a joint responsibility pursuant to Art. 26 DSGVO between and the respective partner. We and the partner have set out the principles for the joint processing of personal data and the respective data protection-relevant tasks and responsibilities in the context of the sweepstakes in a written agreement. In connection with jointly organized sweepstakes, your personal data collected by us will be shared with the partner or the partner will share the data collected by it with us in order to carry out the sweepstakes. We have agreed with the partner that both we and the partner are responsible for the fulfillment of the information obligations pursuant to Art. 13, 14 DSGVO, as well as the provision of information pursuant to Art. 26 (2) p. 2 DSGVO, and that we will provide you with this information as part of your participation in the sweepstakes. The obligation to exercise your data subject rights applies to both us and the respective partner, depending on to whom you assert your rights. Both we and the respective partner will not correct, delete or restrict the processing of your data on their own authority, but only by mutual agreement. If a competition is organized jointly with a partner, you will be informed of this separately in the conditions of participation.
If you do not wish your data to be transmitted for the purpose of processing the competition, you will not be able to participate.
The legal basis for the transmission of data is Art. 6 para. 1 lit. b) DSGVO.
In principle, your data will be deleted after completion of the competition.
We store the winners’ data until the expiry of the legal or possible contractual warranty and guarantee rights.
c. Post comment function on the website
For the post comment function on this site, in addition to your comment, information on the time of the creation of the comment, your e-mail address and the (user) name you have chosen will be stored.
- Storage of the IP address
Our comment function stores the IP addresses of users who post comments. Since we only partially check comments on our site before they are activated, we need this data to be able to take action against the author in the event of legal violations such as insults or propaganda.
- Storage period of the comments
The ratings and the associated data (e.g. IP address) are stored and remain on our website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. insulting comments).
- Legal basis
The comments are stored on the basis of your consent (Art. 6 para. 1 lit. a GDPR). The IP address is stored on the basis of Art. 6 (1) (f) GDPR, Section 25 (2) No. 2 TTDSG. Our legitimate interest is to clarify legal violations. You can withdraw your consent at any time. To do so, please send an email to one of the two joint controllers. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
3. Microsoft365
We use Microsoft365. As a result, we cannot rule out the possibility that your (sensitive) data may also be transferred outside the European Economic Area and thus outside the material scope of the GDPR or that your (sensitive) data may be accessed, e.g. as part of support by Microsoft or other cloud providers. This applies in particular to the transfer of your (sensitive) data to and access to your (sensitive) data from the USA. There is no unrestricted adequacy decision by the European Commission for the USA. A transfer of your (sensitive) data therefore takes place in accordance with Art. 46 para. 2 lit. c) GDPR generally on the basis of the standard contractual clauses of the European Commission. You can obtain a copy of the passages of the contracts concerning you from us.
4. Cookies – General information
4.1 Information and purposes
We use so-called cookies and similar technologies in some areas on this website (hereinafter generally referred to as “Tools”). Cookies are small text files that are placed on your computer to store certain information and can be stored by your browser. Through such file elements, your computer can be identified as a technical entity during your visit to this website with the same terminal device. During your visit to the website or the next time you visit our website with the same terminal device, the information stored in cookies is sent back either to our website (“first party cookie”) or to another website of a third-party provider to which the cookie belongs (“third party cookie”).
The stored and returned information allows the respective website to recognize that you have already accessed and visited it with the browser of your end device. Some cookies also enable us to recognize individual users by means of pseudonyms, e.g. an individual or random IDs, so that we can offer individual services. In addition, other technologies, such as local storage or device fingerprinting, may be used by which information from your terminal device used when visiting our website is read and used for recognition purposes.
This website uses the following types of tools
- Essential tools
To ensure that the requested service can be provided.
- Functional tools
Additional tools to measure the performance/attractiveness of our website and to provide other additional(personalized) functionalities.
- Statistical tools
Conducting basic analysis and evaluation of the use of our website.
- Marketing tools
Cross-site marketing profiling tools based on your user behavior.
The tools are set by our website or the external services to maintain the full functionality of our website, to improve the user experience and to optimize our web offering or to pursue the purpose stated in your consent.
For the tools we use, we will inform you in the respective sections of the privacy policy whether and how cookies are set and used in each case. You can also find further information on the cookie management platform used on this website.
4.2 Legal basis
The use of tools and any further storage and processing of personal data will only take place with your express consent or if this is absolutely necessary so that you can use the services offered and accessed by you accordingly.
Legal bases are Art. 6 para. 1 lit. f DSGVO (legitimate interest), § 25 para. 2 No. 2 TTDSG or Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO (consent), § 25 para. 1 TTDSG. Consent according to Art. 6 para. 1 lit. a DSGVO is also considered consent in the sense of § 25 para. 1 TTDSG for setting the cookie on or reading information from the user’s terminal device. Insofar as another legal basis is mentioned according to the DSGVO, the storage or setting of the cookie or the reading out of information is carried out on the basis of the exception according to § 25 para. 2 no. 2 TTDSG.
In the case of tools that are used on the basis of a legitimate interest, it generally applies that our legitimate interest is to ensure the functionality of our website and the services integrated on it (necessary tools). In addition, it may be that the tools increase user-friendliness and enable an optimized design of our web offering. Here, we have weighed your interests against our interests.
With the help of the tools, we can only identify, analyze and track you if you have consented to the use of the tool and your personal data pursuant to Art. 6 (1) lit. a DSGVO, Section 25 (1) TTDSG.
You will be informed which legal basis is relevant for the respective tools below in the respective sections on the tools used.
4.3 Deletion and objection
In addition to tools that are only used during a session and deleted after the website visit (“session cookies”), tools can also be used to store user settings and other information for a certain period of time (e.g. two years) (“permanent cookies”). Details on the deletion periods are listed with the respective tool. Most of the cookies used are so-called “session cookies”, which are deleted when you end your browser session.
However, you usually have the option of setting your browser to prevent cookies from being stored on your end device. Cookies that have already been set can be deleted at any time via browser settings. You can find instructions on how to do this in the help function of your browser.
A general objection to cookies used for online advertising can be declared for a large number of the services used on websites within the framework of developed self-regulation programs, e.g. via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ . We would like to point out that the setting made will be deleted when you delete your cookies
We point out that the exclusion of cookies may lead to functional limitations of the website.
4.4 Essential cookies
In some areas of this website, we use so-called technically essential cookies. Some functions of this website cannot be offered without the use of cookies. Essential cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
The use of essential cookies on our website is possible without your consent. For this reason, essential cookies cannot be individually disabled or enabled. However, you always have the option to generally disable cookies in your browser (see above). These cookies are automatically deleted after a time defined by us.
On this website, the following cookies are used, which are technically essential for the operation of the website:
Cookie name | Provider | Purpose | Storage duration | Type |
PHPSESSID |
We base the use of cookies on Art. 6 para. 1 letter f) DSGVO as well as § 25 para. 2 No. 2 TTDSG. The processing is carried out to enable the functioning of our website. It is therefore essential to protect our legitimate interests.
5. Essential services
5.1 Usercentrics (CMP Tool)
We use the consent management service of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (“Usercentrics”) on this website for the purpose of consent management.
Data processing purposes
The following list represents the purposes of data collection and processing:
- compliance with legal obligations to obtain consent for data processing and use of cookies or other technologies, as well as fulfillment of obligations to provide evidence
- consent storage
Technologies used
Local Storage
Collected data
When using the Service, the following data is collected:
- opt-in and opt-out data
- referrer URL
- user Agent
- user settings
- consent ID
- time of consent
- consent type
- template version
- banner language
Legal basis
The legal basis for the data processing is the fulfillment of legal obligations according to Art. 6 para. 1 s. 1 lit. c DSGVO as well as Art. 25 para. 2 no. 2.
Place of processing
European Union
Retention period
The consent data (consent and revocation of consent) is stored for three years. The data is then deleted immediately.
Data recipient
Usercentrics GmbH (processor)
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of the data recipient: datenschutz(at)usercentrics.com.
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://usercentrics.com/privacy-policy/
More information about the service
For more information on Usercentrics, please visit: https://usercentrics.com/ .
5.2 Google Tag Manager
We use the tag management system “Google Tag Manager” from Google Ireland Limited, Google Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”) on this website.
Via Google Tag Manager, tags can be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes of other tools are integrated via the Google Tag Manager. The Tag Manager makes it possible to control when a particular tag is triggered, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all deactivated tracking tags that are implemented with Google Tag Manager.
Data processing purposes
The following list represents the purposes of data collection and processing:
- tag management
Technologies used
- website tags
Collected data
When using the Service, the following data is collected:
- aggregated data about the tag triggering
- the Google Tag Manager does not store any personal data
Legal basis
The legal basis for the data processing is the legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO as well as Art. 25 para. 2 no. 2 TTDSG.
Place of processing
- European Union and third-party countries
- transmissions to and access from third-party countries are possible. As suitable guarantees for data transmission to the USA, so-called standard contractual clauses pursuant to Art. 46 Bas. 2 lit c DSGVO have been concluded with Google. For third-party countries/companies for which an adequacy decision exists, the adequacy decision pursuant to Art. 46 (1) DSGVO applies. Information on data transfer to third-party countries by Google can also be found under the following link: https://privacy.google.com/businesses/controllerterms/mccs/ .
Retention period
The data is deleted within 14 days after retrieval.
Data recipient
- Alphabet Inc. (subprocessor)
- Google LLC (subprocessor)
- Google Ireland Limited (subprocessor)
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/contact/general_privacy_form
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en
Cookie policy of the data recipient
Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en
6. Services for functional purposes
6.1 Google Maps
We use the integrated map service “Google Maps” from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”) on this website. To make it easier to find the nearest retailer, you have the option of entering your zip code or address.
Data processing purposes
The following list represents the purposes of data collection and processing:
- Show maps
Technologies used
- API
Collected data
Information about the use of our website is already collected when those subpages are called up in which the map from Google Maps is integrated.
When using the Service, the following data is collected:
- date and time of visit
- location information
- IP address
- URL
- usage data
- search terms
- geographic location
This collection of data takes place regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
Legal basis
The legal basis for data processing is your consent within the meaning of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the service by clicking here and disabling the “Google Maps” service within the “Functional” category.
If you do not agree with the future transmission of your data to the data recipient in the context of the use of the service, you also have the option of completely deactivating the service by switching off the JavaScript application in your browser.
Google Maps and thus also the map display on this website can then not be used in both cases.
Click here to revoke on all domains of the processing company: https://safety.google/privacy/privacy-controls/
Place of processing
- European Union and third-party countries
Retention period
The data will be deleted as soon as they are no longer needed for the processing purposes.
Data recipient
- Alphabet Inc. (subprocessor)
- Google LLC (subprocessor)
- Google Ireland Limited (processor)
Disclosure to third-party countries
The collected information is usually transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Google Ireland Limited on the standard data protection clauses approved by the EU Commission and therein also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual clause, can be found here: https://business.safety.google/adscontrollerterms/
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/troubleshooter/7575787?hl=en
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: http://www.google.com/intl/de/policies/privacy/
Cookie policy of the data recipient
Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en
6.2 Google Fonts
The service „Google Maps“ used by us on this website use so-called web fonts (hereinafter “Google Fonts”) for display, which are provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin 4, Ireland (hereinafter “Google”). When you call up our website, the browser loads the required web fonts into the browser cache in order to display texts and fonts correctly.
If your browser does not support web fonts, a standard font is used by your computer.
For the above purpose, the browser used must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address.
Data processing purposes
The following list represents the purposes of data collection and processing:
- provision of fonts for the service „Google Maps“
- improvement of the services
Technologies used
- API
Collected data
When using the Service, the following data is collected:
- IP address
- aggregated usage figures
- font request
- referrer URL
- CSS requests
- user Agent
- browser information
Legal basis
The legal basis for the data processing is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. If you consent to the use of the service “Google Maps”, this also includes consent to the Google Fonts.
Deactivate data processing
You can prevent future data collection and execution of the service by clicking here and disabling the service “Google Maps“ within the category “Functional”. Because Google Fonts is linked to the service, deactivation is only possible in this way.
Place of processing
- European Union
Retention period
The data will be deleted as soon as they are no longer needed for the processing purposes.
Data recipient
- Alphabet Inc. (subprocessor)
- Google LLC (suprocessor)
- Google Ireland Limited (processor)
Disclosure to third-party countries
The collected information is usually transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Google Ireland Limited on the standard data protection clauses approved by the EU Commission and therein also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual clause, can be found here: https://business.safety.google/adscontrollerterms/
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/contact/general_privacy_form
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en
Cookie policy of the data recipient
Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en
More information about the service
Weitere Informationen zu Google Web Fonts finden Sie unter https://developers.google.com/fonts/faq/
6.3 YouTube
We use embedded YouTube videos on this website, which are stored on https://www.youtube.com. They are displayed on our website using a so-called “framing technology” and can be played directly here. The provider of YouTube is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). As soon as you play a video, data is transferred to YouTube, a Google company.
Data processing purposes
The following list represents the purposes of data collection and processing:
- show videos
Technologies used
- cookies
YouTube is integrated via the extended privacy mode.
Collected data
When using the Service, the following data is collected:
- device information
- IP address
- referrer URL
- videos viewed
This transmission takes place regardless of whether you have a user account with YouTube or not.
If you are logged in to a Google user account, your data will be directly assigned to this account. If you do not wish this, you must log out of your user account before playing the video.
The data transmitted to YouTube is stored by YouTube in the form of user profiles and used for advertising and market research purposes and for the personalized design of their website. With the help of this evaluation, YouTube can generate demand-optimized advertising (even for users who are not logged in) and inform other YouTube users about your visit to our portal.
Legal basis
The legal basis for data processing is your consent within the meaning of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the service by clicking and disabling the “YouTube Video” service within the “Functional” category.
You can object to the above-mentioned creation of user profiles by contacting YouTube.
Click here to revoke on all domains of the processing company: https://safety.google/privacy/privacy-controls/
Place of processing
- European Union
Retention period
Data are deleted as soon as they are no longer needed for the processing purposes.
Data recipient
- Alphabet Inc. (subprocessor)
- Google LLC (subprocessor)
- Google Ireland Limited (joint processor)
Disclosure to third-party countries
The collected information is usually transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Google Ireland Limited on the standard data protection clauses approved by the EU Commission and therein also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual clause, can be found here: https://business.safety.google/adscontrollerterms/
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/contact/general_privacy_form
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en
Cookie policy of the data recipient
Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en
7. Services for statistical purposes
7.1 Google Analytics
We use “Google Analytics” on this website, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”).
Data processing purposes
On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
The following list represents the purposes of data collection and processing:
- Statistics in order to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you. In addition, we receive information about the functionality of our website (for example, to detect navigation problems).
Technologies used
- Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
- Pixel
- JavaScript
- device fingerprint
Collected data
When using the Service, the following data is collected:
- click path
- date and time of visit
- device information
- location information
- IP address
- We would like to point out that on this website Google Analytics has been extended by the code “gat. anonymizeIp();” to ensure anonymized collection of IP addresses (so-called IP masking).
- visited pages
- referrer URL
- browser information
- host name
- browser language
- browser type
- screen resolution
- device operating system
- interaction data
- user behavior
- visited URL
We also use the “demographic characteristics and interests” function of Google Analytics, which enables us to obtain reports on age, gender and interest categories. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers and cannot be assigned to any specific person.
We have adjusted the configuration of Google Analytics so that only the website analysis function is used, unless separate consent has been given for the advertising functions.
Legal basis
The legal basis for data processing is your consent within the meaning of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the service by clicking here and disabling the services ” Google Analytics” and “Google Analytics 4” within the category “Statistics”.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
You can deactivate the above-mentioned “demographic characteristics and interests” function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics.
Click here to revoke on all domains of the processing company: https://safety.google/privacy/privacy-controls/
Place of processing
- European Union and third-party countries
Retention period
The deletion of Analytics data and set cookies is set to 14 months for Google Analytics Universal and 2 months for Google Analytics 4 Property.
Data recipient
- Alphabet Inc.(subprocessor)
- Google LLC (subprocessor)
- Google Ireland Limited (processor)
When configuring Google Analytics, care was taken to ensure that Google receives this data as a processor and is therefore not allowed to use this data for its own purposes. The configuration of the “Google Analytics advertising functions” is independent of this and is described separately in the corresponding sections, insofar as these are also used on this website.
Disclosure to third-party countries
The information collected is generally transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Google Ireland Limited on the standard data protection clauses approved by the EU Commission, and in these clauses we have also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data, depending on the level of protection required. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual clause, can be found here: https://business.safety.google/adscontrollerterms/
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of the data recipient: https://support.google.com/policies/contact/general_privacy_form
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en
Cookie policy of the data recipient
Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?hl=en
8. Services for marketing purposes
8.1 Google Ads Remarketing
We use the “Google Ads Remarketing” service on this website. Google Ads Remarketing is a remarketing service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).
In doing so, we use the remarketing function within the Google Ads service. With the remarketing function, we can present you with advertisements based on your interests on other websites within the Google Ads network (on Google itself, so-called “Google Ads” or on other websites). For this purpose, your interaction is analyzed, e.g. which offers you are interested in, in order to be able to show you targeted advertising on other websites even after you have visited our website. For this purpose, Google stores a number in your browser that visit certain Google services or websites in the Google Ads network. Through this number, known as a “cookie”, the visits are recorded by you. This number is used to uniquely identify your web browser on a particular computer and not to identify you personally. Your personal data is not stored.
Data processing purposes
The following list represents the purposes of data collection and processing:
- remarketing
- advertising
- user action tracking
Technologies used
- cookies
Collected data
When using the Service, the following data is collected:
- visit duration
- IP address
- pages visited
- content the user is interested in
- website usage
- referrer URL
- advertising identifier
- date and time of visit
- device information
- browser information
Legal basis
The legal basis for the data processing is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the service by clicking here and disabling the ” Google Ads Remarketing” service within the “Marketing” category.
Click here to revoke on all domains of the processing company https://safety.google/privacy/privacy-controls/
Place of processing
- European Union and third-party countries
Retention period
The data will be deleted as soon as they are no longer needed for the processing purposes.
Data recipient
- Google Ireland Limited
- Google LLC
- Alphabet Inc
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy
Cookie policy of the data recipient
Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies
8.2 Facebook Pixel
We use the visitor action pixel “Facebook Pixel” from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland (hereinafter “Facebook”) on this website for the purpose of conversion measurement.
With the help of the Facebook Pixel, your behavior on our website can be tracked after you have been redirected to our website by clicking on a Facebook ad. This allows us to evaluate the effectiveness of our Facebook ads for statistical and market research purposes and to optimize our future advertising efforts.
The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about your identity. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the website operator.
Furthermore, the website uses the remarketing function “Custom Audiences” to be able to address you again within 6 months. This enables us to display interest-based advertisements (“Facebook Ads”) to you following your visit to our website in the context of your visit to the social network Facebook or other websites that also use this procedure. In this way, we pursue the interest of showing you advertising that is of interest to you in order to make our website more interesting for you. The use of our website by you takes place without us being able to draw conclusions about you as a person. It is therefore completely anonymous.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding web page of our website, or clicked on an ad from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will learn and store your IP address and other identifying features.
Data processing purposes
The following list represents the purposes of data collection and processing:
- analysis
- marketing
- retargeting
- advertising
- conversion tracking
- personalization
Technologies used
- cookies
- pixel
Collected data
When using the Service, the following data is collected:
- viewed advertisements
- viewed content
- device information
- geographic location
- HTTP header
- interactions with advertisements, services and products
- IP address
- clicked items
- marketing information
- Ppges visited
- pixel ID
- referrer URL
- usage data
- user behavior
- facebook cookie information
- facebook user ID
- usage/click behavior
- browser information
- device operating system
- device ID
- user Agent
- browser type
Legal basis
The legal basis for data processing is your consent within the meaning of Art. 6 Para. 1 lit. a DSGVO and Art. 25 Para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the service by clicking here and deactivating the service “Facebook Pixel” within the category “Marketing”.
If you wish to object to the use of Facebook website Custom Audiences, you can do so at https://www.facebook.com/ads/Webseite_custom_audiences/.
Deactivation of the “Facebook Custom Audiences” function is available for logged-in users at https://www.facebook.com/settings/?tab=ads#.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/
Place of processing
- European Union and third countries
Retention period
User interactions recorded on the websites are stored for no longer than two years. However, the data will be deleted as soon as they are no longer needed for the purposes of processing.
Data recipient
- Meta Platforms Ireland Ltd.
- Meta Platforms Inc.
We share responsibility with Facebook for the collection and transfer of data as part of this process. This applies for the following purposes:
- the creation of individualized or suitable advertisements, as well as for their optimization
- the delivery of commercial and transactional messages (e.g., via Messenger).
The following processing operations are therefore not included in the joint processing:
- processing that occurs after collection and transmission is the sole responsibility of Facebook
The creation of reports and analyses in aggregated and anonymized form is carried out as part of commissioned processing and is therefore our responsibility.
For joint responsibility, we have concluded a corresponding agreement with Facebook, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This sets out the respective responsibilities for fulfilling the obligation under the DSGVO with regard to shared responsibility.
The contact details of the responsible company, as well as Facebook’s data protection officer, are available here: https://www.facebook.com/about/privacy.
We have agreed with Facebook that Facebook can be used as a point of contact for the exercise of data subject rights (see section 1.3.). This is without prejudice to the competence of the data subject rights.
Disclosure to third-party countries
The collected information is usually transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Meta Platforms Ireland Ltd on the standard data protection clauses approved by the EU Commission and therein also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual clause, can be found here: https://www.facebook.com/legal/EU_data_transfer_addenDum
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of the data recipient: https://www.facebook.com/help/contact/540977946302970
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://www.facebook.com/privacy/explanation
8.3 Pinterest Tag
On this website, we use the conversion tracking technology “Pinterest Tag” of Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, United States of America (hereinafter “Pinterest”), which enables us to display relevant advertisements and offers on Pinterest to our website visitors who are already interested in our website and our content / offers and are Pinterest members.
For this purpose, a so-called conversion tracking pixel from Pinterest is integrated on our pages, via which Pinterest is informed when you visit our website that you have accessed our website and in which parts of our offer you were interested.
If, for example, you were interested in our products on our website, you may be shown an ad for our products on Pinterest.
Data processing purposes
The following list represents the purposes of data collection and processing:
- analysis
- conversion tracking
- targeting
- measuring the success of the marketing campaigns
Technologies used
- website tags
Collected data
When using the Service, the following data is collected:
- viewed ads
- click path
- clicked ads
- cookie information
- crash data
- date and time of visit
- device identifier
- device information
- device operating system
- geographic location
- IP address
- settings
- search terms
- third party information
- visited websites
- browser settings
Legal basis
The legal basis for the data processing is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the Service by clicking here and disabling the “Pinterest Tags” service within the “Marketing” category.
You can also disable the collection of data for the display of interest-based advertising on Pinterest at any time in your account settings on Pinterest at https://www.pinterest.de/settings (there, under “Customization”, disable the button “Use info from our partners to better tailor recommendations and ads on Pinterest”) or at https://help.pinterest.com/de/article/personalization-and-data#info-ad (there, disable the checkbox under “Customization”).
Place of processing
- European Union
- United States of America
Retention period
Data are deleted as soon as they are no longer needed for the processing purposes.
Data recipient
- Pinterest Inc.
Disclosure to third-party countries
The collected information is usually transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Pinterest Inc. on the standard data protection clauses approved by the EU Commission and therein also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual clause, can be found here: https://business.pinterest.com/de/pinterest-advertising-services-agreement/
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of the data recipient: privacy-support@pinterest.com
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policy.pinterest.com/en-gb/privacy-policy
9. Other services
9.1 Affiliate Programme und Affiliate-Links
We include so-called affiliate links or other references (which may include, for example, search masks, widgets or discount codes) to the offers and services of us or third-party providers on this website in connection with our online offer (collectively referred to as “affiliate links”). If you follow the Affiliate Links or subsequently take advantage of the offers, we may receive a commission or other benefits from the providers of the Affilliate Programs (collectively, “Commission”).
In order to be able to track whether you have taken advantage of the offers of an affiliate link used by us, it is necessary that the respective providers learn that users have followed an affiliate link used within our online offer. The assignment of the affiliate links to the respective business transactions or to other actions (e.g. purchases) serves the sole purpose of commission accounting and will be cancelled as soon as it is no longer necessary for the purpose.
For the purposes of the aforementioned assignment of the affiliate links, the affiliate links may be supplemented by certain values that are a component of the link or may be stored elsewhere, e.g. in a cookie. The values may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.
a. Amazon affiliate program
We participate in the Amazon EU affiliate program of Amazon EU SARL, Niederlassung Deutschland, Marcel-Breuer-Str. 12, 80807 Munich, Germany (Amazon). On our pages are integrated by Amazon advertisements and links to the site of Amazon.de, from which we can earn money through advertising reimbursement. Amazon uses cookies to track the origin of orders. This allows Amazon to recognize that you have clicked the partner link on our website.
The legal basis for this processing is your consent in accordance with Art. 6 para. 1 p. 1 lit. af) DSGVO and § 25 para. 1 TTDSG.The collected information is usually transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Amazon on the standard data protection clauses approved by the EU Commission and also agreed therein on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual clause, can be found here: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010&language=en_GB¤cy=EUR
For more information about Amazon’s use of data, please see Amazon’s privacy policy: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401 .
b. AWIN
We use the affiliate program of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter “AWIN”) on this website in the form of text links, image links, advertising banners or input masks. AWIN uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of the use of the website. AWIN also uses so-called web beacons. These are invisible graphics used to collect information. Through these web beacons, visitor traffic on these pages can be analyzed. The information generated by cookies and/or web beacons about the use of this website and delivery of advertising formats is transmitted to a server of AWIN and stored there. AWIN will use this information for the purpose of evaluating your use of the website in relation to the advertisements, compiling reports on website activity and advertising for website operators, among other things. Awin can process the remuneration (i.e. commission payments) through this evaluation and allocation. For this purpose, data such as a transaction ID, order number, order date, publisher, net merchandise value and the advertising medium used are transmitted.
The legal basis for this processing is your consent in accordance with Art. 6 para. 1 p. 1 lit. f) DSGVO and § 25 para. 1 TTDSG.
If you do not wish these cookies to be stored, you can also deactivate the acceptance of these cookies in your internet browser. You can delete the cookies on your hard drive at any time. Alternatively, you can also deactivate Awin cookies via this link: https://www.awin.com/de/rechtliches/optout.
9.2 Instagram Plug-in „Instagram Feed Pro“
We use functions of the Instagram service on this website with the help of a plug-in “Instagram Feed Pro” from Awesome Motive HQ, 2701 Okeechobee Blvd, West Palm Beach, FL. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA.
The Instagram Feed Pro plug-in loads the images and content of our Instagram account directly from Instagram and integrates them into our website. All other data is collected and cached on the server side. When you as a visitor to our website load the content, it is loaded for the Instagram feed from the cache of Instagram Feed Pro. According to current knowledge, no special cookies are set specifically by this plug-in in your browser in this case, which collect, process or use personal data. Nevertheless, we cannot completely rule out the possibility that personal data (e.g. IP addresses, browser data or similar) may be transmitted to the provider of the plug-in or Instagram.
You can find more information about Instagram’s data protection here: https://instagram.com/about/legal/privacy.
10. SSL or TLS encryption
We use SSL or TLS encryption on this website for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
11. Retention period
Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
12. Responsible Company
The
Mann & Schröder GmbH
Bahnhofstrasse 14
74936 Siegelsbach / Germany
Phone: +49 7264 7002-0
Fax: +49 7264 7002-777
E-mail: info(at)mann-schroeder.de
and the
Schröder Cosmetics GmbH & Co KG
Mann & Schröder Str. 1
74928 Hüffenhardt
Phone: +49 7264 7002-0
Fax: +49 7264 7002-777
E-mail: info(at)schroeder-cosmetics.de
are jointly responsible for the described processing of personal data within the meaning of Art. 4 (7) GDPR and Art. 26 GDPR.
The parties have jointly determined the purposes and means of data processing. They are therefore jointly responsible for the protection of your personal data within the process stages described below (Art. 26 GDPR).As part of their joint responsibility under data protection law, Party 1 and Party 2 have agreed which of them will fulfill which obligations under the GDPR. This applies in particular to the exercise of the rights of the data subjects and the fulfillment of the information obligations pursuant to Articles 13 and 14 GDPR. Even if there is joint responsibility, we fulfill the data protection obligations according to the respective responsibilities as follows: The data collection on a website is carried out by the company specified in the respective legal notice. The data will subsequently be processed by the company if you have given your consent or if this is necessary for contractual purposes or the implementation of pre-contractual measures or to safeguard the legitimate interests of the respective company. Each company shall make the information required under Art. 13 and 14 GDPR available to the data subjects free of charge in a precise, transparent, comprehensible and easily accessible form in clear and simple language. Each party shall provide the other party with all necessary information from its sphere of activity.
Certain processing operations may be carried out under the responsibility of other companies. This is indicated under the respective descriptions of the processing, if this is the case.
13. Our data protection officer
If you have any questions on the subject of data protection, please do not hesitate to contact our data protection officer:
Mr. Michael Egenberger
E-Mail: datenschutz(at)mann-schroeder.de
14. Data Subject Rights
The following data subject rights can be asserted both with Mann & Schröder Cosmetics (e.g. by e-mail to marketing(at)mann-schroeder.de) and with Schröder Cosmetics (e.g. by e-mail to marketing(at)schroeder-cosmetics.de). Data subjects will generally receive the information from the office where the rights were asserted.
(a) Right to information
You have the right to request confirmation from us as to whether personal data concerning you is being processed. If necessary, we will inform the other company immediately of any legal positions asserted by data subjects. You will provide each other with all information necessary to respond to requests for information.
(b) Correction/deletion/restriction of processing
Furthermore, you have the right to demand from us that
- inaccurate personal data concerning you be corrected without delay (right to rectification);
- personal data concerning you be deleted without delay (right to erasure); and
- the processing be restricted (right to restriction of processing).
(c) Right to data portability
You have the right to receive personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
(d) Right of withdrawal
You have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
(e) Right of objection
If the processing of personal data concerning you is necessary for the performance of a task carried out in the public interest (Art. 6(1)(e) DSGVO) or for the protection of our legitimate interests (Art. 6(1)(f) DSGVO), you have the right to object.
(f) Right of appeal
If you believe that the processing of personal data concerning you is in breach of the DSGVO, you have the right to lodge a complaint with a supervisory authority, without prejudice to other legal remedies.
15. Data recipient
Unless expressly stated in this paragraph or above in the description of the individual processing operations, your personal data will not be disclosed to third parties or other recipients.
For the provision (hosting) and for the content-related as well as technical operation of our website, we use the services of external service providers. The personal data collected on this website is stored on the hoster’s servers and can be viewed by our technical service provider. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via the website. The use of the external service providers is in the interest of a secure, fast and efficient provision of our website by a professional provider. The external service providers will only process your data to the extent necessary to fulfill their performance obligations to us and will follow our instructions regarding the data processed for these purposes. We have concluded a contract with each of the service providers used regarding commissioned processing in accordance with Art. 28 DSGVO.
We reserve the right, in the event of a legal obligation, to disclose information about you if the disclosure is required of us by lawfully acting authorities or law enforcement bodies. The legal basis is Art. 6 (1) c) DSGVO (legal obligation).
16. Change of the privacy policy
We reserve the right to adapt this data protection declaration in the event of any changes to the legal situation, the service offered on the website and the data processing. However, this only applies with regard to declarations on data processing. If your consent is required or components of the data protection declaration contain provisions of the contractual relationship with you, the changes will only be made with your consent.
You can regularly inform yourself about any changes in this data protection declaration.
Status: April 2024