We would hereby like to inform you of the ways and scope in which your personal data is processed by BCG Baden-Baden Cosmetics Group GmbH and your rights in accordance with data protection legislation.
1. Who Is Responsible for Data Processing and How Do I Contact the Data Protection Officer?
The party responsible for data processing is:
Data protection officer
Im Rosengarten 7
76532 Baden-Baden, Germany
Represented by: Managing Directors Hermann Crux and I-Ting Wu
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (new FDPA) as well as all other relevant laws only insofar as this is required to provide information on this website as well as our services on this website.
If you are using the website simply for information purposes, that is to say, if you are not logging in or registering to use the website or providing us with any other information, we will not collect any personal data, with the exception of the data that your browser transmits in order to enable you to visit the website. These are:
Date and time of query
Time zone difference in relation to Greenwich Mean Time (GMT)
Content of request (specific page)
Access status/HTTP status code
Transferred data quantity in each case
Website issuing the request
Operating system and its interface
Language and version of the browser software.
To ensure that the website functions, this information is saved in log files. Furthermore, this data is used for the purposes of ensuring that our information-technology systems are secure and optimizing our website.
Art. 6 (1) f) of the GDPR forms the legal basis for temporarily saving data and log files.
If processing operations for personal data are based on acquiring the consent of the person affected, Art. 6 (1) a) of the GDPR serves as the legal basis.
Art. 6 (1) b) of the GDPR forms the legal basis for processing personal data in order to fulfill contracts in the case that one of the contracting parties is the person concerned. The same applies to implementing pre-contractual measures that necessitate processing operations.
If our company is subject to a legal obligation for which it is necessary to process personal data, Art. 6 (1) c) of the GDPR serves as the legal basis.
Art. 6 (1) d) of the GDPR is the legal basis in cases where vital interests of the persons concerned or another natural person necessitate the processing of personal data.
If personal data is processed in order to protect the legitimate interests of our company or a third party, the interests, basic rights and fundamental freedoms of the person concerned are of secondary importance. Art. 6 (1) f) of the GDPR is the legal basis for processing data in this instance.
Personal data can be passed onto our IT service providers for the purposes of making this website available.
3. Data Security
We maintain up to date technical procedures to ensure data security, in particular in relation to the protection of your personal data against risks during data transfer and against third parties acquiring knowledge of these data. These procedures are continuously updated to reflect the current state of the art.
Furthermore, cookies will be stored on your computer. Cookies are small text files that are stored on your hard drive, assigned to your browser, and through which certain information passes to the body responsible for setting the cookies (us, in this case). Cookies cannot execute programs or transfer viruses to your computer. They are used to make our Internet services overall more user-friendly and effective.
a) Transient cookies are automatically deleted once you close the browser. This includes in particular session cookies. These store a session ID with which various queries from your browser can be assigned to the same session. This enables your computer to be identified on a return visit to the website. The session cookies are deleted once you log out or close the browser.
b) Persistent cookies are automatically deleted after a specific period of time, which may vary from cookie to cookie. You may delete the cookies at any time in the security settings of your browser.
c) You may configure your browser settings as required and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out that if you do so, you may not be able to use all of the functions of this website.
d) The flash cookies used are not collected by your browser but by your flash plug-in. They store the necessary data independently of the browser you use and have no automatic expiry date. If you do not wish the flash cookies to be processed, you will have to install an add-on, e.g. “Clear Flash Cookies” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/clear-flash-cookies/) or Adobe Flash Killer Cookie for Google Chrome.
e) Analysis cookies. We use analysis cookies to improve the content and quality of our website. Analysis cookies enable us to understand how our website is being used, which allows us to optimize our services on an ongoing basis.
Name of Cookie
Type of Cookie
Purpose of Cookie
Completion of Cookie
Displays cookie information
Registers a unique ID that is used to generate statistical data on user behavior on the website
Different periods of validity: ten years, 24 months, and when a browser session ends
Reduces the requirement rate (Google Analytics)
When a browser session ends
These cookies are used to collect website statistics for Google Analytics as well as to track conversion rates
CONSENT, HSID, NID, SAPISID, SID, SIDCC, SSID, PHPSESSID
This cookie is necessary for Google to collect anonymized, statistical data. No sensitive data is collected when you are not logged into your Google account. When you are logged in, Google links your actions to your account. For more information on Google and the cookies used, please click on the following link: www.google.com/intl/de/policies/privacy/
Different periods of validity: between five months and 20 years
This stored information is stored separately from any other data submitted to us. The cookies data, in particular, are not associated with your other data. You can delete any currently saved cookies at any point in time. Automatic deletion is also an option.
You may prevent cookies being stored by adjusting the settings in your browser software accordingly; however, we would like to point out that if you do so you may not be able to make full use of all of the functions of this website.
5. Contact Form
We collect the personal data provided by you when you are completing the contact form. The data submitted will be processed and used solely for the purposes of providing you with the information you have requested. Any additional processing or use of your data for advertising or market research purposes will be carried out only with your express permission.
The following data is saved when a message is sent:
(1) IP address of the user
(2) Point in time of registration (date and time)
(3) First and last names
(4) Email address
(6) Zip code
(9) Optional: Data provided voluntarily, such as your first name, last name, company name, email, telephone number, fax number and skin type
In order to be able to process your data within the framework of the sending progress, we request the consent of the user and refer the respective user to this privacy statement.
Contact can also be made via an alternatively provided email address; in this case, the personal data of the user sent together with the email is saved by our company.
If a user has given their consent, the legal basis for processing data is Art. 6 (1) a) of the GDPR. If the purpose of making contact via email is to conclude a contract, the legal basis for this is Art. 6 (1) b) of the GDPR.
Our company processes personal data obtained from the input mask solely for the purposes of making contact and processing the data required in this process. This also constitutes our legitimate interest, which is required for processing operations when contact is made via email. Processing other personal data during the sending process is based on preventing any misuse of the contact form as well as ensuring the security of our information-technology systems.
As soon as data collected to achieve the original purpose is no longer required, it is deleted. Personal data obtained from the input mask of the contact form on the website or sent to us via email is no longer required if it is no longer necessary to communicate with the user. This is the case if, when looking at the particular circumstances, it becomes clear that the respective situation will not continue into the future and there will be no more communication.
Additional personal information that we obtain during the sending progress is deleted within seven days.
The user can withdraw their consent regarding their personal data being processed at any time. In the case of contact being made via email, the user can withdraw their consent regarding their personal data being processed at any time. However, no further communication can take place as all of the personal data that was saved as part of making contact will be deleted in this case.
6. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States. If IP anonymization is activated on this website, Google will truncate your IP address within the Member States of the European Union or in other treaty States of the European Economic Area prior to transmitting it to the US. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. Google will use this information on behalf of the website provider for the purpose of evaluating your use of the website, compiling reports on website activity and providing the website provider with other services relating to website activity and Internet usage.
The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google.
You may prevent the collection for Google of the data (incl. your IP address) generated by cookies and related to your use of the website, and the processing of such data, by downloading and installing the browser plug-in that can be accessed at: tools.google.com/dlpage/gaoptout. or by using Google Analytics OptOut on the basis of a cookie.
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in truncated form, thereby preventing them from being traced to a specific person. If the data acquired about you can be attributed to a personal connection, this contact will be dismissed immediately and the personal data will be deleted without delay.
We use Google Analytics so that we can analyze the usage of our website and improve it on a continuous basis. Using the statistics obtained, we can improve our services and make these more interesting for you as a user. In exceptional cases in which personal data is transferred to the USA, Google has signed up to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is Art. 6 (1) (1) f) of the GDPR.
The legal basis for processing the personal data of users is Art. 6 (1) f) of the GDPR. Processing the personal data of users enables us to analyze the browsing behavior of our users. By analyzing the data acquired, we are able to compile information about the use of the individual components that make up our website, which helps us to improve our site and how user-friendly it is on a continuous basis. Our legitimate interest in processing data lies in these objectives in accordance with Art. 6 (1) f) of the GDPR. Anonymizing the IP address means that the user’s interest with regard to the protection of personal data is sufficiently taken into account.
The data is deleted as soon as it is no longer required for our recording purposes.
Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy statement: http://www.google.de/intl/de/policies/privacy.
7. Integration of Google Maps
We make Google Maps services available on this website. We can therefore display interactive maps for you directly on our website, making it convenient for you to use the map function.
When visiting the website, Google receives the information that you have called up the respective subpage of our website (including your IP address). This takes place irrespective of whether Google provides a user account that you are logged into or whether there is no user account. When you are logged into a Google account, this data is immediately allocated to your account. If you do not want the data to be allocated to your profile on Google, you need to log out before activating the button.
Google saves this data as a usage profile and uses this for the purposes of advertising, conducting market research and/or designing its website in line with users’ needs. This data (including the data of users who are not logged in) is analyzed in particular for the purposes of providing appropriate advertisements and informing other users of the social network of your activities on our website. You have the right to object to the creation of this user profile; you need to contact Google to exercise this right.
Information on the third-party provider: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.de/intl/de/policies/privacyand https://policies.google.com/technologies/product-privacy?hl=de. Google also processes your personal data in the USA and has signed up to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
8. Which Data Protection Rights Can I Enforce as a Concerned Party?
If professional provisions are not in conflict, you have the right:
· To withdraw any consent given to us at any point in time in accordance with Art. 7 (3) of the GDPR. This results in us no longer being permitted to continue data processing operations based on this consent in the future.
· To request information on your personal data processed by us at any time in accordance with Art. 15 of the GDPR. In particular, you can request information on the purposes of processing the data, the category of personal data, as well as the source of the data, the categories of recipients to whom your data was or is disclosed, the purpose and intended storage period, the existence of a right to rectify incorrect data, erase data and restrict processing operations or object to data being processed, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, as well as the existence of an automated decision-making function, including profiling and, where applicable, significant information regarding the profiling details;
· To request that incorrect or incomplete personal data saved by us is rectified or completed without delay in accordance with Art. 16 of the GDPR;
· To request that personal data saved by us be erased in accordance with Art. 17 of the GDPR, provided that processing this data is not required for the purposes of exercising freedom of expression and information, fulfilling a legal obligation or for reasons relating to public interest or to establish, exercise or defend legal claims;
· To request that the processing of your personal data is restricted in accordance with Art. 18 of the GDPR, insofar as you dispute the accuracy of the data, the processing operation is illegal but you refuse the erasure of the data and we no longer require the data, you need this data to establish, exercise or defend legal claims however or you have filed an objection to the processing of your personal data in accordance with Art. 21 of the GDPR;
· To receive your personal data with which you provided us in a standard, structured format that can be processed by a computer in accordance with Art. 20 of the GDPR or to have this data transferred to another responsible party and
· raise a complaint regarding data processing with a supervisory authority in accordance with Art. 77 of the GDPR. As a general rule, you can contact the supervisory authority in the area in which you normally live; alternatively, you can contact the supervisory authority of your workplace or our legal office.
Please direct any requests for information, or queries or objections to the processing of your data via email to firstname.lastname@example.org or to the address listed in our Legal Notice.
We do not collect the personal data of minors. In the event that such data are collected unwittingly, they will be deleted without delay.
You have the right to object to your personal data being processed for the purposes of direct advertising without having to specify your reasons for doing so. If we process your data to protect legitimate interests, you can object to your data being processed for this purpose for reasons relating to your particular situation. In this case, we no longer process your personal data, unless we can establish compelling and legitimate reasons for processing the data that outweigh your interests, rights and freedoms or if the data is processed for the purposes of establishing, exercising or defending legal claims.
In order to make the website available to users and ensure that the website operates correctly, it is necessary to record data and save this data in log files. As a result of this, users do not have the option of objecting to data being processed in this manner.
If log files are saved, they are deleted after seven days at the latest and the respective data is not processed further.
11. Do I have the Option to Raise a Complaint?
If you believe that we are processing your personal data in an illegal manner or that we are violating data protection legislation for other reasons, you can raise a complaint with the supervisory authority responsible for us:
State officer for data protection:
70025 Stuttgart, Germany