Privacy Policy
We operate our websites in accordance with the principles set forth below:
We are committed to complying with legal data protection regulations and strive to consistently adhere to the principles of data avoidance and data minimization.
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union, as well as other data protection regulations, is:
Ebner Friseureinrichtungen GmbH & Co. KG
Hohe Heide 5
97506 Grafenrheinfeld
Email: info@salondesign24.de
Phone: +49 (0) 9723 – 93542-0
We have designed our privacy policy in accordance with the principles of clarity and transparency. However, if there are any ambiguities regarding the use of various terms, the corresponding definitions can be viewed here.
Processing of personal data in accordance with the GDPR
We process your personal data, such as your first and last name, your email address, and IP address, etc., only if there is a legal basis for doing so. In this context, the following provisions of the General Data Protection Regulation (GDPR) are particularly relevant:
Art. 6(1)(a) GDPR: The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes.
Art. 6(1)(b) GDPR: Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request.
Art. 6(1)(c) GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject
Art. 6(1)(d) GDPR: Processing is necessary to protect the vital interests of the data subject or of another natural person
Art. 6(1)(e) GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Art. 6(1)(f) GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
However, we will still indicate at the relevant points in this privacy policy the legal basis on which your personal data is processed.
Processing of information pursuant to Section 25(1) of the TTDSG
We also process information in accordance with Section 25(1) of the TTDSG by storing information on your end device or accessing information already stored on your end device. This may include both personal information and non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses, and IMEI numbers. An end device is defined as any device connected directly or indirectly to the interface of a public telecommunications network for the purpose of transmitting, processing, or receiving messages, § 2(2)(6) TTDSG.
We generally process this information based on your consent, § 25(1) TTDSG.
To the extent that an exception under Section 25(2)(1) and (2) of the TTDSG applies, we do not require consent. Such an exception applies if we access or store the information solely to transmit a message via a public telecommunications network, or if this is absolutely necessary for us to provide a telemedia service that you have expressly requested. You may revoke your consent at any time.
We hereby inform you that the withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to the withdrawal.
The transfer of personal data also constitutes processing within the meaning of the preceding section 3. However, we would like to take this opportunity to provide you with separate information regarding the transfer of data to third parties. The protection of your personal data is very important to us. For this reason, we exercise particular caution when it comes to transferring your data to third parties.
Disclosure to third parties therefore occurs only if there is a legal basis for processing. For example, we disclose personal data to individuals or companies acting as processors on our behalf in accordance with Article 28 of the GDPR. A processor is anyone who processes personal data on our behalf—that is, in particular, under our direction and control.
In accordance with GDPR requirements, we enter into a contract with each of our processors to ensure their compliance with data protection regulations and thus provide comprehensive protection for your data.
We will delete your personal data to the extent that it is no longer necessary for the purposes for which it was collected or otherwise processed, and the processing is not required for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.
For security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the website operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock icon in your browser’s address bar.
If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.
We use cookies on our website. Cookies are small data packets that your browser automatically creates and that are stored on your device when you visit our website. These cookies are used to store information related to the device being used.
When it comes to the use of cookies, a distinction is made between technically necessary cookies and “other” cookies. Technically necessary cookies are those that are strictly required to provide an information society service that you have explicitly requested.
Technically necessary cookies
To make your experience with our services more enjoyable, we use technically necessary cookies, which may include so-called session cookies (e.g., language and font selection, shopping cart, etc.), consent cookies, cookies to ensure server stability and security, or similar. The legal basis for the cookies is derived from Art. 6(1)(f) of the GDPR, our legitimate interest in the error-free operation of the website, and our interest in providing our services to you in an optimized manner.
Additional Cookies
Other cookies include those used for statistical purposes, as well as for analysis, marketing, and retargeting.
We use these cookies on your behalf based on your consent in accordance with Art. 6(1)(a) of the GDPR.
You may revoke your consent to the use of cookies at any time.
We hereby inform you that the withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to the withdrawal.
To do this, you can either edit your cookie settings on our website, disable the use of cookies in your browser settings (though this may also limit the functionality of the online service), or opt out of the relevant service on a case-by-case basis.
We indicate the legal basis for processing this data in the privacy policy for each respective service.
Change cookie settings3
To obtain consent for the cookies we use, we utilize the service provider’s cookie banner
beeclever GmbH | Universitätsstraße 3 | D-56070 Koblenz
info@beeclever.de| www.beeclever.de
Information pursuant to Section 5 of the German Telemedia Act (TMG):
Represented by: Marco Pusceddu, Andreas Wächter
Koblenz Local Court HRB 26687 / VAT ID No. DE323392491
Responsible for the content pursuant to § 55(2) RStV: Marco Pusceddu, Andreas Wächter | Universitätsstraße 3, 56070 Koblenz
This site itself sets a so-called consent cookie to query and process the respective consent status. This consent cookie is technically necessary and is therefore used based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, § 25(1) TTDSG.
When you visit our website, the browser on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which the access originates (referrer URL)
• The browser you are using and, if applicable, your computer’s operating system, as well as the name of your internet service provider
We process the aforementioned data for the following purposes:
• Ensuring smooth website connectivity
• Ensuring a comfortable user experience on our website
• Evaluation of system security and stability
• Error analysis
• for other administrative purposes
Data that could be used to identify you, such as your IP address, will be deleted no later than 7 days after collection. If we store the data beyond this period, it will be pseudonymized so that it can no longer be linked to you.
The legal basis for data processing is Article 6(1)(f) of the GDPR. Our legitimate interest stems from the purposes of data collection listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your identity.
Contractual Relationship
Conclusion of Contract
In the context of establishing the contractual relationship, only the personal data strictly necessary for contract fulfillment will be processed in accordance with Art. 6(1)(b) of the GDPR.
To the extent that you provide additional voluntary information, this will only be processed based on the consent you have given pursuant to Art. 6(1)(a) of the GDPR. We use this voluntary information to offer customer-friendly service and to continuously improve it.
Customer Account5
You have the option to create a customer account with us. In addition to your personal data required for contract processing, your other voluntary information as well as your past purchases with us will be stored and processed. You can access this information at any time to get an overview of your purchases with us. This data is used so that you can easily log in with your credentials during your next purchase. It is also intended to help you manage your purchasing activities.
The legal basis is derived from the consent you have provided pursuant to Art. 6(1)(a) of the GDPR.
You have the option at any time to change or delete your data in your customer account, as well as to delete the account entirely. If you make use of this feature, your customer account and all data contained therein will be deleted immediately.
Sharing of data for shipping
We share the data necessary for shipping our goods (first and last name, address, email address, phone number, if required due to shipping arrangements) with the relevant shipping provider for notification/coordination regarding the delivery of the goods and for the actual delivery of the goods.
The legal basis for the disclosure is Article 6(1)(b) of the GDPR.
In this context, we will share your data with one of the following shipping service providers6 Continue. There you will receive further information regarding the processing of your data:
UPS
UPS Europe SA, Ave Ariane 5, Brussels, B-1200, Belgium: https://www.ups.com/de/de/help-center/legal-terms-conditions/privacy-notice.page?
Disclosure of data when using online payment service providers
If, during the ordering process, you choose to pay via one of the online payment service providers we offer, your contact information will be transmitted to that provider as part of the order placed. The legality of the data transfer is based on Art. 6(1)(b) GDPR, for the purpose of processing the payment method you have selected, as well as our legitimate interests pursuant to Art. 6(1)(f) GDPR to enable user-friendly and straightforward payment processing.
The personal data transmitted to the online payment service provider consists primarily of first name, last name, address, phone number, IP address, email address, or other data required for order processing, as well as data related to the order, such as the number of items, item number, invoice amount and tax rate, billing information, etc.
This information is necessary to process your order using your selected payment method, in particular to verify your identity, manage your payment, and maintain our customer relationship.
Please note, however: Personal data may also be disclosed by the online payment service provider to service providers, subcontractors, or other affiliated companies to the extent necessary to fulfill the contractual obligations arising from your order or if the personal data is to be processed on their behalf.
Depending on the selected payment method, e.g., invoice or direct debit, the personal data transmitted to the provider will be forwarded by the provider to credit bureaus. This transmission serves to verify your identity and creditworthiness in relation to the order you have placed. For information on which credit bureaus are involved and what data is generally collected, processed, stored, and shared by the respective provider, please refer to the providers’ respective privacy policies:
PayPal
PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Newsletter7
Newsletter content and registration details
We will only send you a newsletter if you subscribe to it and have given your consent in accordance with Art. 6(1)(a) GDPR, § 25(1) TTDSG. The content of the newsletter is specifically described during the newsletter registration process. To subscribe to the newsletter, simply provide your email address. If you provide additional voluntary information, such as your name and/or gender, this will be used exclusively to personalize the newsletter sent to you.
Double opt-in and logging
For security reasons, we use the so-called double opt-in procedure for newsletter sign-ups to ensure that no one can sign up using someone else’s email address. Therefore, after signing up for our newsletter, you will first receive an email asking you to confirm your registration. Your registration will only become effective once you have confirmed it.
Furthermore, your subscription to the newsletter is logged. This logging includes the storage of the time of registration and confirmation, the data you provided, and your IP address. If you make changes to your data, these changes are also logged.
Cancellation
If you no longer wish to receive our newsletter, you can revoke your consent at any time for the future. To do so, you can click the unsubscribe link at the end of each newsletter or send us an email to the following email address: info@salondesign24.de
The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to withdrawal.
Use of Shopify
We use the services of Shopify International Ltd. (“Shopify”), Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, to send our newsletter.
For this purpose, your email addresses and any additional data entered will be
Shopify is used on our behalf for sending out and statistically analyzing newsletters.
For evaluation purposes, the emails sent may contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This allows us to determine whether a newsletter message has been opened and which links, if any, were clicked. In addition, technical information is collected (e.g., time of access, IP address, browser type, and operating system). The data is collected exclusively in pseudonymized form and is not linked to your other personal data; direct personal identification is ruled out.
This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses may be used to better tailor future newsletters to the interests of recipients. If you wish to object to the use of your data for statistical analysis, you must unsubscribe from the newsletter.
Furthermore, Shopify may use this data itself, based on your consent pursuant to Art. 6(1)(a) GDPR, for the purpose of tailoring and optimizing the service to meet your needs, as well as for market research purposes, such as determining which countries the recipients are from. However, Shopify does not use the data of our newsletter recipients to contact them directly or to pass the data on to third parties.
We have entered into a data processing agreement with Shopify, which obligates Shopify to protect our customers’ data and not to disclose it to third parties..
You can view Shopify’s privacy policy here: https://www.shopify.de/legal/datenschutz
The use of the Shopify newsletter service, the conduct of statistical surveys and analyses, and the logging of the registration process are based on your consent, Art. 6(1)(a) GDPR, § 25(1) TTDSG.
Contact form / Email contact8
We provide a contact form on our website so that you can reach out to us at any time.
To use the contact form, you must provide a name for a personalized greeting and a valid email address This information is required for contact purposes so that we know who the inquiry is from and can process it accordingly.
If you submit inquiries to us via the contact form, your information from the inquiry form—including the contact details you provided there and your IP address—will be processed in accordance with Art. 6(1) S. Article 1(b) and (f) of the GDPR regarding Processing of pre-contractual measures carried out at your request or to pursue our legitimate interest, namely the conduct of our business activities.
You are also welcome to send us an email instead using the email address provided on our website. In this case, we will store and process your email address as well as the information you provide in the email in accordance with Art. 6(1)(b) and (f) of the GDPR to process your message.
The inquiries and the associated data will be provided no later than 3 months9 deleted upon receipt, unless they are required for a further contractual relationship.
Request for Quote
We provide a quote request form on our website so that you can request a quote from us at any time.
To use the inquiry form, you must provide a name for a personalized greeting and a valid email address required to prepare a quote.
The contact information you provide, as well as your IP address, will be processed in accordance with Art. 6(1) S. Article 1(b) and (f) of the GDPR regarding Processing of pre-contractual measures carried out at your request or to pursue our legitimate interest, namely the conduct of our business activities.
Catalog Order
We provide a form on our website that you can use to order our catalogs.
To use the form, you must provide a name for a personalized greeting, an address, and a valid email address for contact purposes and to receive the catalogs.
The contact information you provide there, as well as your IP address, will be processed in accordance with Art. 6(1) S. Article 1(b) and (f) of the GDPR regarding Processing of pre-contractual measures carried out at your request or to pursue our legitimate interest, namely the conduct of our business activities.
Repair Request/Complaint
We provide a form on our website that you can use to submit a repair request and/or file a complaint with us.
To use the form, you must provide a name, an address, and a valid email address so we can contact you, identify the source of the inquiry, and process it. Additionally, you may voluntarily provide your phone and fax numbers, upload images and/or videos, and include a description of the issue.
Your personal data will be processed in accordance with Art. 6(1) S. Article 1(b) of the GDPR regarding Implementation of contractual measures processed.
We use a chat feature from Shopify on our website. This is live chat software provided by Shopify International Ltd. (“Shopify”), Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
The following data is collected and processed from you during the live chat.
Chat history
Name provided
IP address
Country of origin
Pages visited
Duration of the visit to the pages
Additional personal information, depending on the details provided (e.g., email address, phone number)
The chat is used for real-time communication.
Processing is carried out on the basis of Art. 6(1)(f) GDPR in accordance with our legitimate interest in direct and customer-friendly communication.
We have entered into a data processing agreement with Shopify, which obligates Shopify to protect our customers’ data and not to disclose it to third parties..
You can view Shopify’s privacy policy here: https://www.shopify.de/legal/datenschutz
Our website uses the Google Maps API. By using Google Maps, information about your use of this website (including your IP address) may be transmitted to a Google server (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) in the United States and stored there.
Google may transfer the information obtained through Maps to third parties where required by law or where such third parties process the data on Google’s behalf. However, your IP address will under no circumstances be associated with other data held by Google. Nevertheless, we must point out that it is technically possible for Google to identify individual users based on the data received.
We have no control over whether your personal data and personal profiles are processed by Google for other purposes. If you wish to avoid this at all costs, you can disable the Google Maps service and thereby prevent data transfer to Google. To do this, you simply need to disable JavaScript in your browser. In this case, no data will be transferred, but you will also no longer be able to use the map display on our website.
You can find Google’s Privacy Policy here. [https://www.google.com/policies/privacy/?hl=de]
The use of Google Maps is a service provided to you so that you can easily locate our business and, if necessary, better plan your visit. The use of Google Maps is based on your consent in accordance with Art. 6(1) S. Article 1(a) of the GDPR.10
Google Tag Manager
We use Google Tag Manager from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. Google Tag Manager is an administration and management tool that allows other tracking and/or analytics tools to be centrally managed and deployed.
When you visit our website and give your consent pursuant to Art. 6(1)(a) GDPR, Google Tag Manager collects and processes your IP address, which may also be transferred to the United States. However, Google Tag Manager itself does not create user profiles or perform analyses.
You can find Google’s Privacy Policy here. [https://www.google.com/policies/privacy/?hl=de]
We use the analysis and tracking tools listed below on our website. These serve to ensure the ongoing optimization of our website and to tailor it to user needs.
We use these tools based on the consent you have provided in accordance with Art. 6(1)(a) of the GDPR. You may revoke your consent at any time by changing your cookie settings. Processing prior to revocation remains lawful.
The respective data processing purposes and data categories can be found in the corresponding tools. Please note that we have no influence over whether and to what extent the service providers carry out further data processing.12
We use Google Analytics on our website, a web analytics service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”).
Google Analytics uses cookies in this context (see Section 7). The information generated by the cookie regarding your use of this website, such as
Name and version of the browser used
Your computer's operating system
Website from which the access originates (referrer URL)
IP address of the requesting computer
Time of server request
are generally transmitted to a Google server in the United States and stored there.
However, since we have enabled IP anonymization on our website, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the U.S. and truncated there.
On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activity, and to provide us with other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
We have entered into a data processing agreement with Google.
Please click here for an overview of Google’s privacy policy. [https://support.google.com/analytics/answer/6004245]
We use the remarketing feature of Google Analytics to target advertising campaigns—including Google AdWords campaigns—at visitors to our website.
Based on your previous visits to our website, you will be shown relevant ads when you visit other websites on the Google Display Network.
The DoubleClick cookie enables Google to display targeted advertisements to us and other third-party providers that correspond to interests determined based on your previous visits to our website and/or other websites. These advertisements may be displayed on websites operated by Google and/or other operators within the Google advertising network. We also use Google Analytics advertising features to analyze the effectiveness of our own advertising campaigns.
If you have agreed in your Google Account to allow Google to link your web and app browsing history to your Google Account and to use information from your Google Account to personalize ads, Google uses your data together with Google Analytics data to create audience lists for cross-device remarketing. To do this, Google Analytics first collects Google-authenticated IDs for you as a user on our website that are linked to your Google account. Google Analytics then temporarily links these IDs with Google Analytics data to optimize our audiences.
Please click here for an overview of Google’s privacy policy. [https://support.google.com/analytics/answer/6004245]
We use Google Ads, an online advertising program from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), on our website.). Conversion tracking is also used. With this tool, Google Ads places a cookie on your device when you visit our website via a Google ad.
The cookie does not serve any purpose of personal tracking. If you, as a user, visit our website and the cookie is still active, we and Google can recognize that you clicked on the corresponding ad and were redirected to our site. Each Google Ads customer is assigned a different cookie. Cookies cannot be tracked across the websites of Ads customers in this way.
Conversion statistics for Ads customers are generated using data collected via conversion cookies. As Google Ads customers, we thus learn the total number of users who responded to our ad and were then redirected to a website equipped with a conversion tracking tag. This allows us to assess the success of individual advertising campaigns. During this process, we do not receive any information that would allow us to personally identify you as a user.
When using Google Ads, your browser automatically establishes a direct connection to Google’s server and, if you have a Google account and are logged in, can associate the visit with your account. If you do not have a Google account, Google assigns you a unique identifier. We have no influence over what additional data Google collects and stores.
For more information on Google’s privacy policy, please visit http://www.google.de/policies/privacy/.
We use the “conversion pixel” or visitor action pixel from Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). By calling this pixel from your browser, Meta Platforms can subsequently determine whether a Facebook ad was successful—for example, whether it led to a completed online purchase.
We receive only statistical data from Meta Platforms regarding this, with no reference to a specific individual. This allows us to track the effectiveness of Facebook ads for statistical and market research purposes. In particular, if you are logged into Facebook, we also refer you to their privacy policy. https://www.facebook.com/about/privacy/.
On our websites, we use the reCAPTCHA service from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), in order to distinguish between human input and automated, abusive, machine-generated processing. We have a legitimate interest in protecting our website content from abusive automated scraping and spam.
When the reCAPTCHA service is queried, both your IP address and, if applicable, other data required by Google for the reCAPTCHA service are transmitted to Google and processed there.
When using reCAPTCHA, you must accept Google’s Terms of Service. There is a separate field for this. We have enabled IP anonymization on this website, so that your IP address is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the U.S. and truncated there.
On our behalf, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data. The separate privacy policy of Google applies to this data.
For more information on Google’s privacy policy, please visit: https://www.google.com/intl/de/policies/privacy/.
Our website uses the YouTube plugin, which is operated by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). In addition, we also embed YouTube videos on our website using iFrames.
If you activate the YouTube plugin during your visit or play a video embedded via an iFrame, a connection to YouTube’s servers is established and the YouTube server is informed which of our pages you have visited. This allows YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your account before visiting our website.
For more information on the handling of user data, please refer to YouTube’s Privacy Policy at: https://www.google.de/intl/de/policies/privacy
The legal basis for this is your consent pursuant to Art. 6(1)(a) of the GDPR. You may revoke your consent at any time by changing the cookie settings on our website.
Our website uses the Vimeo plugin, which is operated by Vimeo, LLC (555 West 18th Street, New York, New York 10011). In addition, we embed videos from Vimeo on our website using iFrames.
As soon as you visit our website, which is equipped with this plugin, or play a video embedded via iFrame, a connection to the Vimeo servers is automatically established. As part of this connection, information about which of our web pages you have visited is transmitted. If you are logged into Vimeo during your visit, your usage behavior—such as visiting the relevant pages and, for example, starting a video—is also assigned to your personal user account.
If you do not wish to be tracked in this way, you should log out of your user account before visiting our website and delete the relevant cookies from Vimeo.
For more information on data processing and privacy policy by Vimeo, please visit https://vimeo.com/privacy.
The legal basis for this is your consent pursuant to Article 6(1)(a) of the GDPR. You may revoke your consent at any time by changing the cookie settings on our website.
Rights of the Data Subject
You are entitled to the following rights:
Pursuant to Article 15 of the GDPR, you have the right to request information about your personal data processed by us. This right to information includes details regarding
the purposes of processing
the categories of personal data
the recipients or categories of recipients to whom your data has been or will be disclosed
the planned storage period or at least the criteria for determining the storage period
the existence of a right to rectification, erasure, restriction of processing, or objection
the existence of a right to file a complaint with a regulatory authority
the source of your personal data, unless it was collected by us
the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details
Pursuant to Article 16 of the GDPR, you have the right to request the immediate correction of any inaccurate or incomplete personal data we have stored about you.
Deletion
Pursuant to Article 17 of the GDPR, you have the right to request the immediate deletion of your personal data from us, provided that further processing is not necessary for one of the following reasons:
the personal data is no longer necessary for the purposes for which it was collected or otherwise processed
to exercise the right to freedom of expression and information
to fulfill a legal obligation that requires processing under the law of the European Union or the Member States to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller
for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR
for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) GDPR, to the extent that the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing
for the assertion, exercise, or defense of legal claims
You may request the restriction of the processing of your personal data pursuant to Article 18 of the GDPR for one of the following reasons:
You dispute the accuracy of your personal data.
The processing is unlawful, and you object to the erasure of the personal data.
We no longer require the personal data for the purposes of processing, but you require it to assert, exercise, or defend legal claims.
You object to the processing pursuant to Art. 21(1) GDPR.
If you have requested the rectification or erasure of your personal data or a restriction on processing pursuant to Art. 16, Art. 17, or Art. 18 of the GDPR, we will notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You may request that we provide you with a list of these recipients.
You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format.
You also have the right to request the transfer of this data to a third party, provided that the processing was carried out using automated means and is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) or on a contract pursuant to Art. 6(1)(b) of the GDPR.
Pursuant to Art. 7(3) of the GDPR, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal. In the future, we may no longer continue data processing that was based on your withdrawn consent.
Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, provided there are grounds arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will honor without requiring you to specify your particular situation. If you wish to exercise your right of withdrawal or objection, simply send an email to shop@cde-salondesign.de
You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
is necessary for the conclusion or performance of a contract between you and us
is permitted under the laws of the European Union or the member states to which we are subject, and these laws include appropriate measures to safeguard your rights and freedoms as well as your legitimate interests
with your express consent
However, these decisions must not be based on special categories of personal data under Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases mentioned in i) and iii), we will take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, which includes, at a minimum, the right to request human intervention on our part, to present your own point of view, and to challenge the decision.
If we change the privacy policy, this will be indicated on the website has been completed, and registered customers will be informed.
As of: March 21, 2022
1 With the GDPR, SSL or TLS encryption is mandatory for all websites that provide a contact form, order form, or newsletter subscription. However, we generally recommend SSL encryption for all websites because, in our opinion, this reflects the state of the art.
2 Please remember to inform users directly about the use of cookies via a cookie notice when they visit the website.
3 You should insert a link to the cookie settings here, allowing the user to adjust their cookie preferences.
4 In these cases, you must obtain separate consent from customers for the voluntary data. This declaration of consent must then also be documented.
5 When registering via a customer account, a separate declaration of consent referencing the privacy policy is required in all cases.
6 Please add or remove the relevant shipping providers.
7 When processing newsletter subscriptions, you must always obtain the subscriber’s consent. We are happy to provide you with a corresponding statement for this purpose. This statement must include a link to the privacy policy.
8 You should not request any further information here. Otherwise, you will need additional consent from the customers. Please add the following sentence before the submit button: “By clicking the Submit button, my personal data will be processed in accordance with the Privacy Policy.” (please link to the Privacy Policy)
9 We recommend deleting inquiries that did not result in a contract after 3 months, but no later than 6 months.
10 You should obtain the user’s consent before using Google Maps. Therefore, a consent text should appear first, and the map should only be displayed after the user confirms it. Consent should be obtained again with each new visit to the website, or an opt-out option should be provided.
11 Please remember that you must enter into a data processing agreement with all service providers.
12 Please note that the use of most analytics and tracking tools, particularly Google’s, raises privacy concerns, as it is unclear whether and for what purpose (additional) data is processed here. If you use the tool on your website, however, you remain the data controller and cannot absolve yourself of liability by referring to the respective provider.
13 If this is not the case, please delete. To use Google Analytics in a manner that is more compliant with data protection laws, you should definitely Set up IP anonymization.
14 We generally advise against using the Facebook Conversion Pixel unless you obtain the customer’s explicit consent. If you still wish to use it, you should definitely use only the standard version and refrain from using the extended matching.
15 In general, we consider the use of reCAPTCHA to be questionable, as it is unclear exactly what Google does with the data. In any case, IP anonymization should be used.
Until recently, this Google service still set cookies. Currently, this appears to have been disabled, meaning reCAPTCHA could be used without consent.
But then you would have to constantly check whether Google has changed the service again and is setting cookies after all. This raises the question of how you intend to handle Google reCaptcha.
You could use legitimate interest as the legal basis here and forgo obtaining consent, or you could obtain consent for the service. We would recommend obtaining consent, as Google reCAPTCHA also combines the data with other Google data.
However, if you use Google reCAPTCHA, you would need to include a consent form.
16 The Rhineland-Palatinate State Office for Data Protection has written a helpful guide on the data protection aspects of embedding videos https://www.datenschutz.rlp.de/fileadmin/lfdi/Dokumente/TYPO3_Videoeinbettung_mit_2-Klick-Video-Loesung.pdf
17 On YouTube, data is collected and sent to YouTube as soon as the website is visited. If YouTube is used, YouTube’s “Enhanced Privacy” feature should definitely be enabled. However, this alone is not sufficient to comply with data protection principles. A two-click solution would also be best here. There are likely already several providers on the market for this, such as corresponding plugins for WordPress. In the latest version, text containing a link can also be inserted within a preview image. This text should link to your own privacy policy with the following wording: “By pressing the ‘Play’ button, you consent to the processing of your personal data in accordance with our privacy policy.”
18 On Vimeo, data is collected and sent to Vimeo as soon as the site is visited. To use Vimeo in compliance with data protection regulations, a two-click solution would need to be implemented here. There are likely already several providers on the market offering such solutions, for example, corresponding plugins for WordPress.
Discover our exclusive hairdressing chairs with their elegant design.
