Data protection

1. Name and contact details of the person responsible for processing and the company data protection officer

The following information on data protection applies to data processing by:

Responsible: SNS Commerce GmbH, Am Gestade 3 / 1E, 1010 Vienna / Austria

Managing Directors: Lukas Schütz / Michael Serafin

Company registration number: FN 477826 k

Commercial register court: Vienna Commercial Court

UID: ATU72609518

E-Mail: help@mn-cosmetics.com

Phone: +49 (0) 1515 7840403

A company data protection officer is not required.

 

2. Collection and storage of personal data as well as type and purpose of use

The legal basis for processing operations for which we obtain consent for a specific processing purpose is always Article 6 Paragraph 1 Sentence 1 Letter a GDPR. To the extent that the processing of personal data is necessary to fulfill a contract (sending of goods, provision of services) to which you are a party, the processing is based on Art. 6 Para. 1 Sentence 1 Letter b GDPR. The above legal basis also applies in the event that pre-contractual measures are carried out (e.g. inquiries about our products and services).

If our company is subject to a legal (legal) obligation which requires the processing of personal data and which is based on Union law or the law of the member state to which we are subject, the processing is based on Article 6 Paragraph 1 Sentence 1 c GDPR. Furthermore, the processing can be based on Article 6 Paragraph 1 Sentence 1 Letter d GDPR if vital interests are affected (danger to life and limb and/or disasters). In addition, the legal basis for the processing of personal data can be Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. In this case, we will inform you separately about our legitimate interest in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.

a) Visit our website

When you access our website, your browser automatically sends information to our website server, which is temporarily stored in a so-called log file. This involves the following information:

IP address of the requesting computer,

Date and time of access,

Name and URL of the retrieved file,

Website from which access is made (referrer URL),

browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The data is stored until it is automatically deleted after seven days. We process this data for the following purposes:

Ensuring a smooth connection to the website,

Ensuring comfortable use of our website,

Evaluation of system security and stability as well

for further administrative purposes.

The data processing we carry out is based on Article 6 Paragraph 1 Sentence 1 Letter f GDPR as the legal basis. The purposes of data collection listed above justify our legitimate interest. We do not draw any conclusions about you personally from the data collected.

In addition, we use cookies and analysis services on our website, which are explained in more detail in sections 4 and 5 of this data protection declaration.

b) Newsletter service

According to Art. 6 Paragraph 1 Sentence 1 Letter a GDPR, express consent is required if you would like to receive our newsletter. To send the newsletter regularly, we use the email address you provided for this purpose. You do not need to provide any further information to receive the newsletter.

You can unsubscribe from our newsletter service at any time. At the end of each newsletter there is a link that you can use to unsubscribe. However, you do not have to use this, you can simply send us an email to help@mn-cosmetics.com.

c) Contact form

There is a contact form on our website that you can use for any kind of questions. This type of data processing takes place with your voluntary consent in accordance with Art. 6 Paragraph 1 Sentence 1 Letter a GDPR. So that we know the sender of the request and can respond to it, a valid email address is required. All other information is voluntary.

All personal data collected by us through the use of the contact form will be automatically deleted as soon as your request has been processed.

d) Business processing

If you conclude a distance selling contract with us, for example by purchasing via our online shop, data processing will take place in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR.
Credit checks are only carried out after an express weighing of interests. Passing on data for credit checks is only permitted without consent if there is a legitimate interest, e.g. if the entrepreneur makes an advance payment (purchase on account). If there is no legitimate interest, the customer's consent is required.

Only then does a legitimate interest in a credit check apply in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The data you provide when concluding the contract or when registering, in particular your name, address and email address, is necessary for the fulfillment and processing of the contract. The contract cannot be carried out without them. You are expressly informed of this in accordance with Article 13 Paragraph 2 Letter e of the GDPR. The data will also be passed on to third parties (section 4) if this is absolutely necessary (e.g. shipping service providers).

As a registered influencer, the information you provide during registration will be stored in our influencer database. You will be contacted by us for the purpose of cooperation. This will be done via email or as a message via your social media platform. We use your postal address for the purpose of sending goods.

The registration data will be stored for as long as the account exists. If this is deleted, the account data will also be deleted.

 

3. Storage of Data

Your data relating to the conclusion of the contract will be stored until the end of the limitation period. The storage of your data is based on Art. 6 Paragraph 1 Sentence 1 Letter b GDPR. The duration of storage of your data also depends on our commercial and tax retention obligations. In this case, the storage of your data is based on Art. 6 Paragraph 1 Sentence 2 Letter c GDPR. If these are no longer required for the purposes mentioned above, they will be deleted immediately.

 

4. Transfer of Data

Your personal data will generally not be passed on to third parties. Redirection only occurs in the following cases:

You have given your express consent in accordance with Art. 6 Paragraph 1 Sentence 1 Letter a GDPR for forwarding to third parties;

According to Art. 6 Paragraph 1 Sentence 1 Letter f of the GDPR, the transfer is necessary to protect our legitimate interests or those of a third party, in particular to assert, exercise or defend legal claims, and you do not have an overriding legitimate interest in not disclosing your data ;

There is a legal obligation pursuant to Article 6 Paragraph 1 Sentence 1 Letter c GDPR;

The data will be forwarded in accordance with Art. 6 Paragraph 1 Sentence 1 Letter b GDPR for the processing of contractual relationships with you. In this case, your personal data will be passed on to third parties exclusively to the service partners involved in the contract processing, such as the logistics company commissioned with the delivery, the credit institution commissioned with payment matters or the service company responsible for merchandise management and accounting, provided this is necessary for the fulfillment of the contract and Processing is absolutely necessary. In cases of passing on to third parties, the scope of the data passed on is limited to the minimum required for the execution of the contract.

 

5. Cookies

Our website uses cookies. Cookies are text files that are stored and stored on a computer system via an Internet browser. They enable websites and servers to recognize and identify your browser. We do not have direct knowledge of your identity.

By using cookies, we can provide you as a user of our website with special services that would not be possible without the use of cookies. The use of temporary cookies makes it easier to use the website because, for example, you do not have to re-enter your access data or refill the shopping cart in an online shop every time you visit the website. Using so-called session cookies, we can see which individual pages of our website you have already visited. These are automatically deleted after you leave our website. We also use cookies for statistical purposes. They record the use of our website and so we can optimize our offering for you (see Section 6). These cookies are automatically deleted after a defined period of time.

The data processed by cookies is necessary for the purposes mentioned and serves to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Sentence 1 Letter f GDPR.

As a data subject, you can counteract the setting of cookies through our website at any time by adjusting your internet browser accordingly and thus permanently object to the setting of cookies. Cookies that have already been set can be deleted at any time using an internet browser or other software programs. We would like to point out that deactivating the setting of cookies may mean that you cannot use all of the functions of our website.

 

6. Analysis tools andTracking Tools

The legal basis for the use of the following tools is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. Only with these measures can a needs-based design and continuous optimization of our website be ensured. We can also create statistics on the use of our website and continually optimize our offering. These interests are to be viewed as legitimate within the meaning of the aforementioned provision.

The purposes of data processing and the type of data can be found in the tracking tool described below.

We use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"), to design our website to meet your needs and to continuously optimize it. The tool creates pseudonymized usage profiles and uses cookies for this purpose (see section 4), which generate the following information:

Browser type/version

operating system used

Referrer URL (the previously visited page)

Host name of the accessing computer (IP address)

Time of server request

These are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the activities of the website and to provide other services related to the use of the website and the Internet for the purposes of market research and the needs-based design of these Internet pages. If applicable. This information will also be transferred to third parties if this is required by law or if third parties process this data on behalf of you.

By default, Analytics uses full IP addresses of website users to create general geographic reports. When the use of IP masks is enabled, Analytics removes the last octet of the user's IP address before it is used and stored.

Google will not link your IP address with other data.

As explained in section 4, the installation of cookies can be prevented by setting the browser software accordingly, however this may affect the use of the website. The data collection by this tool can also be prevented by a browser add-on, which you can find under the following link: https://tools.google.com/dlpage/gaoptout?hl=de .

On mobile devices you can simply click on the link and thus prevent it from being recorded by Google Analytics. This sets an opt-out cookie on your device for our website. This lasts until you delete it.

Further information on data protection in connection with Google Analytics can be found in the “Help” information, which you can find under the following link:https://support.google.com/analytics/answer/ 6004245?hl=de.

We have concluded the necessary order data processing agreement with Google. The contract determines the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects and the obligations and rights that we are subject to under the GDPR. The contract ensures that Google is bound to us to comply with these obligations. The processing of your data by Google takes place exclusively on our instructions. We have ensured that Google offers sufficient guarantees that appropriate technical and organizational measures are implemented so that the processing is carried out in accordance with the requirements of the GDPR and ensures the protection of the rights of the data subjects. The processor will not use any other processor without our prior separate or general written consent.

 

7. Social Media Plug-ins

Based on Art. 6 Paragraph 1 Sentence 1 Letter f GDPR, we use social media plug-ins from the social networks Facebook, Instagram, YouTube, Pinterest and Twitter to increase our awareness on our website. This advertising purpose is to be classified as a legitimate interest within the meaning of the GDPR. The respective providers of the plug-ins are responsible for data protection-compliant operation. We try to protect visitors to our website as best as possible by integrating the plug-ins using the so-called two-click method.

a) Facebook

Our website uses social media plug-ins from Facebook Inc, Menlo Park, California, USA (hereinafter “Facebook”) in the form of the “LIKE” or “SHARE” buttons.

If you access a page on our website that contains such a plug-in, your browser establishes a direct connection with the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the website by it.

By integrating the plug-ins, Facebook receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plug-ins, for example by clicking the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook can use this information for the purposes of advertising, market research and needs-based design of the Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. B. to evaluate your use of our website with regard to the advertisements shown to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

The purpose and scope of data collection and the further processing and use of the data by Facebook as well as your rights and setting options to protect your privacy can be found in Facebook's privacy policy , which you can find under the following link: https://www.facebook.com/about/privacy/ .

b) Instagram

Our website also uses so-called social plug-ins (“plug-ins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”.

When you access a page on our website that contains such a plug-in, your browser establishes a direct connection to Instagram's servers. The content of the plug-in is transmitted directly to your browser by Instagram and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page on our website, even if you do not have an Instagram profile or are not currently logged in to Instagram.

This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plug-ins, for example by clicking the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there.

The information will also be published on your Instagram account and shown to your contacts there.

If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website.

Further information can be found in Instagram's privacy policy at:https://help.instagram.com/155833707900388.

c) YouTube

There is a link on our site to the internet platform www.youtube.com. YouTube LLC, with its headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA, is responsible for this website. (https://www.youtube.com/t/terms).

Information about the data provided to YouTube LLC:

As soon as you run the corresponding plug-in and visit the website www.youtube.com, YouTube LLC collects data from you. It is expressly pointed out that we only have the knowledge about data processing by YouTube as described below.

Basically, data is collected and transmitted every time you interact with www.youtube.com. First, the data that you provide to the platform operator is stored (particularly when registering for a user account).

Even without your own information, data is collected when you use the services: In particular, information is collected about the services you use and the type of use, for example when you watch a video on YouTube or visit a website on which our advertising services are used or when you view and interact with our advertising and content.

d) Pinterest

Our website also uses plug-ins from the “pinterest.com” service, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA (“Pinterest”). The plug-in can be recognized by the Pinterest logo. As with the other social media plug-ins, when you visit our site, a direct connection is established to Pinterest's servers and log data is transmitted to Pinterest's servers. These are located in the United States, among others. The log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, how you use Pinterest and cookies (see Section 6). Pinterest can assign your visit to our website to your Pinterest account if you are logged in to it. When you click on the Pinterest button, the corresponding information is forwarded directly to Pinterest by your browser.

Further information on the purpose, scope and further processing and use of data by Pinterest as well as your related rights and options for protecting your privacy can be found in Pinterest's data protection information: https://about.pinterest.com/de/privacy-policyWe have no further knowledge of data usage.

e) Twitter

Our website contains plug-ins from the short message network of Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (hereinafter "Twitter"). You can recognise the Twitter plug-ins (tweet button) by the Twitter logo on our site. You can find an overview of tweet buttons here: https://about.twitter.com/resources/buttons .

When you access a page on our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter thereby receives the information that you have visited our site with your IP address. If you click the Twitter “tweet button” while logged into your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to assign your visit to our pages to your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter.

If you do not want Twitter to be able to trace your visit to our pages, please log out of your Twitter user account.

For more information, please see Twitter ’s privacy policy at: https://twitter.com/privacy .

 

8. Rights of the Affected

The new General Data Protection Regulation has significantly expanded your rights. These are listed below and briefly explained, citing the legal basis.

Information, Art. 15 GDPR: You have the right to request information about your personal data processed by us. This includes, for example, information about processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, and the existence of a right to lodge a complaint , the origin of your data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information about its details;

Right to rectification, Art. 16 GDPR: You can immediately request the correction of incorrect or complete personal data stored by us;

Right to deletion (“right to be forgotten”), Art. 17 GDPR: You have the right to have your personal data stored by us deleted, unless the processing is carried out to exercise the right to freedom of expression and information, to fulfill a legal obligation is necessary for reasons of public interest or to assert, exercise or defend legal claims;

Right to restriction of processing, Art. 18 GDPR: You can request that the processing of your personal data be restricted. The prerequisite is that you dispute the accuracy of the data, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you pursuant to Art. 21 GDPR have lodged an objection (section 9) against the processing;

Right to data transfer, Art. 20 GDPR: You can request that you receive the personal data you have provided to us in a structured, common and machine-readable format or that it be transmitted to another person responsible;

Revocation of consent, Art. 7 Para. 3 GDPR: You can revoke your consent to us at any time. This means that we are no longer allowed to continue data processing based on this consent in the future. However, this does not affect the lawfulness of the processing based on consent until its revocation;

Right to complain, Art. 77 GDPR: You have the right to complain to a supervisory authority if you believe that the processing of your personal data violates data protection regulations. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our headquarters.

 

9. Right of objection

You also have the right to object in accordance with Art. 21 GDPR. This applies to your personal data that is processed on the basis of legitimate interests in accordance with Art . If the objection is directed against direct advertising, you have an unrestricted right to object, even without specifying a special situation.

You can assert your right to object and your other rights, for example, by sending an email to datenschutz@sns-corp.com.

 

10. Data Security

We use the common SSL (Secure Socket Layer) process for our website in conjunction with the highest level of encryption supported by your browser. This is usually 256 bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the bottom status bar of your browser.

It is important to us to protect your data. We therefore take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

 

11. Existence of automated decision making

There is no automatic decision-making or profiling.

 

12. Currentness and changes to this data protection declaration

It may also be necessary to adapt this data protection declaration to the further development of our website or to update it due to changed legal requirements. You can find the current data protection declaration for retrieval and printing purposes at the following link: https://mn-cosmetics.com/pages/datenschutz

 

Current status: 13. Feb 2023