Data Privacy Notice
1. Name and contact data of the parties responsible for data processing, and the corporate Data Protection Officer
The following information regarding data protection is valid for data handling carried out by:
Responsible party: SNS Commerce GmbH, Wollzeile 12/1/32, 1010 Vienna / Austria
General Managers: Lukas Schütz / Michael Serafin
Commercial register number: FN 477826 k
Commercial court of registry: Commercial Court of Vienna
VAT registration number: ATU72609518
Telephone: + 43 (0) 1512 / 18 62
A corporate Data Protection Officer is not required.
2. Collection and storage of personal data, and methods and purpose of use
The legal basis for processing operations for which we obtain consent for a specific processing purpose is always Art. 6 Sect. 1 p. 1 lit. a DSGVO. Insofar as the handling and processing of personal data is necessary for the fulfilment of a contract (shipping of goods, provision of services) in which you are a party, such processing is based on Art. 6 Sect. 1 p. 1 lit. b DSGVO. The aforementioned legal basis is valid also in the case of conducting pre-contractual activities (e.g. inquiring as to our products and services).
If our company is subject to a legal obligation through which the handling of personal data becomes necessary, and which has its basis in EU law or the laws of the member countries by which we are governed, such handling is based on Art. 6 Sect. 1 p. 1 lit. c DSGVO. Further, such handling can be based on Art. 6 Sect. 1 p. 1 lit. d DSGVO, if vital interests are involved (danger to life and limb and/or disasters). In addition, the legal basis for handling of personal data can be Art. 6 Sect. 1 p. 1 lit. f DSGVO. In this case we will communicate our legitimate interest according to Art. 6 Sect. 1 p. 1 lit. f DSGVO to you separately.
a) Using our website
Upon accessing our website, your browser automatically sends information to the server hosting our website, and this information is saved temporarily in a so-called logfile. This can include the following information:
• IP address of the computer making the request,
• Date and time of access,
• Name and URL of the file accessed,
• The website from which access to our site occurs (referrer URL),
• The browser and operating system used by your computer, as well as the name of your access provider.
Data is stored until it is automatically deleted after seven days. We handle and use this data for the following purposes:
• Guaranteeing a trouble-free connection to the website,
• Guaranteeing comfortable and convenient use of the website,
• Evaluating system security and stability,
• Other administrative purposes.
The legal basis for the data processing we undertake is Art. 6 Sect. 1 p. 1 lit. f DSGVO. The purposes of data collection listed above constitute our legitimate interest. We will make no inferences pertaining to you as an individual from the data we collect.
b) Newsletter service
Pursuant to Art. 6 Sect. 1 p. 1 lit. a DSGVO, express consent must be given in order to receive our newsletter. For regular transmission of the newsletter, we use the email address you provide for this purpose. You do not need to provide any further information to receive the newsletter.
You can unsubscribe from our newsletter service at any time. At the end of each newsletter is a link by which you can unsubscribe. However, you do not need to use this link; you can simply send us an email request to firstname.lastname@example.org.
c) Contact form
There is a contact form on our website which you can use for questions of any kind. This type of data processing is carried out with your consent, pursuant to Art. 6 Sect. 1 p. 1 lit. a DSGVO. In order to identify the sender and to reply to the query, a valid email address is required. All further information is given voluntarily.
All personal data collected by us through your use of the contact form is automatically deleted as soon as your question is resolved.
d) Business processing
When you enter into a distance contract with us, for instance by shopping in our online shop, data processing is carried out pursuant to Art. 6 Sect. 1 p. 1 lit. b DSGVO. In addition, we have a legitimate interest in a credit check, pursuant to Art. 6 Sect. 1 p. 1 lit. f DSGVO. The data you provide during registration or in the scope of the conclusion of the contract - particularly your name, address, and email address - are necessary for the fulfilment and settlement of the contract. The contract cannot be fulfilled without this data. You are expressly referred to Art. 13 Sect. 2 lit. e DSGVO. The data is also provided to third parties (clause 4) if absolutely necessary (e.g. to shipping providers).
As a registered influencer, your information provided during registration is saved in our influencer database. You will be contacted by us for the purpose of collaboration. This is done via email or as a message through your social media platform. We use your mailing address for the purpose of sending goods.
The registration data is saved for as long as your account exists. If your account is deleted, the account data is also deleted.
3. Storage of data
Your data regarding the conclusion of a contract is stored until the end of the limitation periods. In this respect, storage of your data is based on Art. 6 Sect. 1 p. 1 lit. b DSGVO. Also, the duration of storage of your data conforms to our retention requirements based on commercial and tax law. In this case, storage of your data is based on Art. 6 Sect. 1 p. 2 lit. c DSGVO. If the data is no longer necessary for the purposes listed above, it is deleted immediately.
4. Sharing of data
Your personal data will never be shared with third parties, with the exception of the following cases:
• You have expressly consented to sharing with third parties, pursuant to Art. 6 Sect. 1 p. 1 lit. a DSGVO;
• Sharing is necessary to safeguard our legitimate interests or those of a third party, particularly for the assertion, exercise, or defence of legal claims, pursuant to Art. 6 sect. 1 p. 1 lit. f DSGVO, and you have no overriding legitimate interest in your data not being shared;
• A legal obligation according to Art. 6 Sect. 1 p. 1 lit. c DSGVO exists;
• Data is transmitted for the processing of contractual relationships with you, as per Art. 6 Sect. 1 p. 1 lit. b DSGVO. In this case, sharing of your personal data with third parties is carried out exclusively with the service partner involved in processing the contract, such as the logistics company tasked with delivery, the credit institution handling payment matters, or the service company responsible for merchandise management and accounting, as far as this is absolutely necessary for contract processing and fulfilment. In the cases of sharing with third parties, the scope of data provided is limited to the minimum required for processing the contract.
The data processed through cookies is necessary for the listed purposes and serve to safeguard our legitimate interests as well as those of third parties, as per Art. 6 Sect. 1 p. 1 lit. f DSGVO.
6. Analysis tools and tracking tools
Legal basis for the use of the following tools is Art. 6 sect. 1 p. 1 lit. f DSGVO. These measures are necessary to ensure a needs-based design and continuous optimization of our website. In addition, they enable us to compile statistics about the usage of our website and continuously optimize our services. These interests are seen as justified as stipulated in the above-mentioned regulation.
Further information on the purposes of our data processing and types of data used by the tracking tool are described below.
• Browser type/version
• Operating system used
• Referrer URL (the page visited previously)
• Host name of the accessing computer (IP address)
• Time of the server query
These are transmitted to, and saved on, a Google server in the USA. The information is used to evaluate the usage of the website, to compile reports about activities on the website, and to provide additional services related to website and internet usage for the purposes of market research and needs-based design of these websites. This information may be transmitted to third parties, insofar as this is legally prescribed or insofar as third parties are contracted to handle this data.
In standard practice, Analytics uses the complete IP addresses of website users to create general geographic reports. When IP masks are in use, Analytics removes the last octet of the user's IP address before it is used and stored.
Google will not combine your IP address with other data.
As described under clause 4, the installation of cookies can be prevented using an appropriate setting of your browser software, although this can affect your usage of the website. Data collection by this tool can be prevented by using a browser add-on, which you can find here: https://tools.google.com/dlpage/gaoptout?hl=de.
On mobile devices you can simply click the link and thus prevent collection by Google Analytics. For our website this will place an opt-out cookie on your device, which will remain until you delete it.
More information about data privacy regarding Google Analytics can be found in their "Help" section: https://support.google.com/analytics/answer/6004245?hl=de.
We have entered into the necessary contract data processing agreement with Google. The contract establishes the object and duration of handling, type and purpose of processing, types of personal data, categories of data subjects, and the obligations and rights to which we are bound as per DSGVO. The contract guarantees that Google is correspondingly bound to us regarding compliance with these obligations. The handling of your data by Google is carried out solely in accordance with our instructions. We have ensured that Google offers sufficient guarantees that appropriate technical and organizational measures are observed which ensure that handling and processing are carried out in accordance with the requirements of DSGVO and that the rights of data subjects are protected. The contract processor will not make use of any additional contract processor without previous separate or general written approval on our part.
7. Social media plugins
On the basis of Art. 6 sect. 1 p. 1 lit. f DSGVO we use social media plugins on our website for the social networks Facebook, Instagram, YouTube, Pinterest, and Twitter in order to raise public awareness of our products. This promotional purpose is classified as a legitimate interest as per the DSGVO. The respective companies offering the plugins are responsible for ensuring that their operation complies with data protection requirements. We endeavour to protect visitors to our website to the greatest possible degree by integrating the plugins via the so-called double-click method.
Our website uses social media plugins from Facebook Inc., Menlo Park, California, USA (subsequently "Facebook") in the form of "LIKE" or "SHARE" buttons.
When you access a page on our website containing such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly to your browser by Facebook and integrated into the website.
Through the integration of plugins, Facebook obtains information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook account or are not currently logged into Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there.
If you are logged into Facebook, Facebook can directly match your visit to our website to your Facebook account. If you interact with the plugins, e.g. by clicking the "LIKE" or "SHARE" buttons, the corresponding information is transmitted directly to a Facebook server and stored there. The information will also be published on Facebook and displayed to your Facebook friends.
Facebook can use this information for the purposes of advertising, market research, and needs-based design of Facebook pages. In order to do this, Facebook creates profiles regarding usage, interests and relationships, e.g. to evaluate your use of our website regarding the advertisements inserted on Facebook, to inform other Facebook users about your activities on our website, and to provide further services connected to the use of Facebook.
If you do not want Facebook to associate its data collected through our website with your Facebook account, you must log out of your Facebook account before visiting our website.
Our website uses social plugins ("plugins") from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").
The plugins are characterized by an Instagram logo, e.g. in the form of an "Instagram camera".
When you access a page on our website which contains a plugin, your browser establishes a direct connection to the Instagram servers. The plugin content is transmitted by Instagram directly to your browser and embedded into the page. Through this embedding, Instagram obtains information that your browser has accessed the corresponding page on our website, even if you do not have an Instagram profile or are not currently logged into Instagram.
This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can immediately record your visit to our website on your Instagram account. If you interact with the plugins, e.g. by clicking the "Instagram" button, this information is transmitted directly to an Instagram server and stored there.
The information is also published on your Instagram account and displayed to your contacts there.
If you do not want Instagram to associate the data collected by our website with your Instagram account, you must log out of Instagram before visiting our website.
Our website contains a link to the internet platform www.youtube.com. YouTube LLC, with headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA is responsible for this web presence (https://www.youtube.com/t/terms).
Information about the data provided to YouTube LLC:
As soon as you activate the corresponding plugin and visit the site www.youtube.com, YouTube LLC obtains data from you. We expressly advise you that we have only the following knowledge about data handling and processing by YouTube.
Data is generally collected and transmitted during every interaction with www.youtube.com. Initially, data which you send to the platform operator (particularly when signing into your user account) is stored.
Even without entering it yourself, data is collected when you use certain services: particularly information about the services you use and the way you use them, e.g. when you view a video on YouTube, visit a website on which our advertising services are used, or view and interact with our advertising and content.
Our website also uses plugins from the service "pinterest.com", which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA ("Pinterest"). The plugin is recognizable by the Pinterest logo. As with the other social media plugins, when you visit our site a direct connection to the Pinterest servers is established, and log data is transmitted to the Pinterest servers. These are located in the United States, among other places. The log data contains, for example, your IP address, the address of sites you visit which contain Pinterest functions, your browser type and settings, the date and time of your query, your manner of use of Pinterest, and cookies (cf. clause 6). Pinterest can match your visit to our website to your Pinterest account if you are logged into it. If you activate a Pinterest button, the corresponding information is transmitted directly to Pinterest by your browser.
Our website contains integrated plugins from the short message network Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (hereafter "Twitter"). You can recognize the Twitter plugins (tweet button) on our site by the Twitter logo. You can find an overview of tweet buttons here: https://about.twitter.com/resources/buttons.
When you access a page on our website which contains such a plugin, a direct connection between your browser and the Twitter server is established. Twitter thus obtains the information that you have visited our site with your IP address. If you click the Twitter "tweet button" while you are logged into your Twitter account, you can link the content of our site to your Twitter profile. In this way Twitter can log your visit to our site to your user account. Please note that we as the operator of the website obtain no information about the content of the data transmitted or its use by Twitter.
If you do not want Twitter to be able to log your visit to our website, please log out of your Twitter account when visiting our site.
8. Rights of data subjects
The new General Data Protection Regulation has substantially expanded your rights. These are enumerated in the following list and briefly explained with a mention of their legal basis.
• Disclosure, Art. 15 DSGVO: You have the right to request disclosure pertaining to your personal data which we handle. This includes e.g. information about purposes of processing, the category of personal data, categories of parties to whom your data was or is disclosed, the planned duration of storage, the existence of a right to correction, deletion, or restriction of handling or the objection thereto, the existence of a right to appeal, the origin of your data if it is not collected by us, and existence of automated decision-making including profiling and (if applicable) significant information about its details;
• Right to correction, Art. 16 DSGVO: you can request the immediate correction or completion of personal data stored by us;
• Right to deletion ("Right to be forgotten"), Art. 17 DSGVO: you have a right to the deletion of your personal data stored by us, as long as its processing is not necessary for the exercise of the right to free expression and information, for fulfilling a legal obligation, for reasons of public interest, or for the assertion, exercise, or defence of legal claims/rights;
• The right to limitation of handling, Art. 18 DSGVO: you can request to limit the handling of your personal data, provided that you are disputing the correctness of the data, the handling is unlawful, you decline its deletion and we no longer need the data, but you need it for the assertion, exercise, or defence of legal claims/rights, or you have filed an objection (clause 9) to its handling pursuant to Art. 21 DSGVO;
• Right to data transmission, Art. 20 DSGVO: you can request to obtain any personal data which you have provided to us in a structured, standard, and machine-readable format, or have them transmitted to another responsible party;
• Revocation of consent, Art. 7 sect. 3 DSGVO: You can revoke your consent previously granted to us at any time. This means that in the future we may no longer continue any data processing dependent upon this consent. The legality of any processing carried out before consent was revoked and was thus permitted by your consent, is not affected.
• Right to appeal, Art. 77 DSGVO: You have the right to appeal to a supervisory authority if you believe that your personal data has been handled in a manner which violates the data protection regulations. To do this you can typically approach the supervisory authority of your usual area of residence, of your workplace, or of our headquarters.
9. Right to object
In addition, you have the right to object, pursuant to Art. 21 DSGVO. This applies to your personal data which is handled on the basis of legitimate interests as per Art. 6 sect. 1 p. 1 lit. e or f DSGVO, and insofar as there are grounds for an objection to data handling resulting from your particular situation. You have an unrestricted right to object to direct advertising, even without giving details about your particular situation.
You can exercise your right to object and your other rights by sending an email to email@example.com.
10. Data security
For our website we use the widely-used SSL protocol (Secure Socket Layer) along with the highest level of encryption supported by your browser, normally 256-bit encryption. If your browser does not support 256-bit encryption, we revert instead to 128-bit v3 technology. Whether an individual page on our website is transmitted with encryption is shown by the image of a closed key or lock icon in the lower status bar of your browser.
Protecting your data is important to us. Therefore, we take suitable technical and organizational security measures to protect your data against incidental or intentional manipulation, partial or complete loss, destruction, and unauthorized access by third parties. Our security measures are continuously improved in accordance with developing technology.
11. Existence of automated decision-making
Automatic decision-making or profiling does not occur.
12. Updates and changes to this data privacy notice
It may become necessary to adjust this data privacy notice due to the ongoing development of our website, or to update it due to changing legal requirements. You can access and print the current data privacy notice here: https://www.mn-cosmetics.com/pages/datenschutz
Current version: July 9, 2018