Privacy policy

1. Scope

We take the protection of personal data very seriously. By providing this information on data protection, we aim to explain to you which personal data we process and for which purposes while you are using our website.

This information applies to all content on the website www.seyo.de (hereinafter referred to as the ‘website’).

The legal basis for data protection can be found in the EU General Data Protection Regulation (hereinafter referred to as the ‘GDPR’) and the German Federal Data Protection Act (hereinafter referred to as the ‘BDSG’).

2. Definitions

Personal data

‘Personal data’ means all information related to an identified or identifiable natural person; a natural person is considered identifiable if he or she can be identified, directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. a cookie) or to one or more special features that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Processing

‘Processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Types of personal data

Access data

Access data is data about each access to the server on which our website is located. Access data includes the name of the website accessed, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously), IP address and the requesting provider.

Cookies

Cookies are small files that allow specific information related to the device to be stored on the device used to access the website.

Input data

If you register with us as a customer, fill in the contact form on our website or contact us in any other way (e.g. telephone, email), we process the personal data that you enter in the respective form or communicate to us in another way (e.g. last name, first name, email address, address).

4. Purposes of processing

Access data

Our hosting provider collects the access data on our behalf for security reasons for fraud and abuse monitoring as well as to statistically record website use. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. Please refer to Section 6 for information on how IP addresses are processed by third-party providers.

Cookies

Cookies are used to improve the user-friendliness of websites and thus improve the user’s experience (e.g. storage of login data). On the other hand, they can be used to record statistical data on website usage and to analyse it in order to improve our website.

The legal basis for the use of cookies is Art. 6(1)(f) GDPR. Our legitimate interest in this data collection arises from the fact that we require the use of cookies to ensure the user-friendliness of our website and to optimise our website.

Location data

If you use our institute finder, your location data (geographic coordinate data) may be collected. For further information on this, please refer to Section 6.

Input data

If you register as a customer, we will use your personal data to administer your account (legal basis: Art. 6(1) Sentence 1(b) GDPR). If you use our contact form or otherwise communicate your personal data to us, we will use it to process your request (legal basis: Art. 6(1) Sentence 1(a), (f) GDPR). If you communicate with us by email, your emails and the personal data communicated therein will be transported on our behalf to the servers of our email provider Strato AG in order to be stored on our servers (legal basis: Art. 6(1) Sentence 1(a), (f) GDPR).

Our legitimate interest in this data collection within the meaning of Art. 6(1)(f) GDPR arises from the fact that we cannot process your request (registration, establishment of contact) without your data.

5. Data processing by third parties

Hosting

Our website is operated on the servers of the hosting provider Strato AG. The latter processes the personal data mentioned in Section 3 on our behalf for the operation of our website as well as for abuse monitoring. The legal basis for this is Art. 6(1) Sentence 1(f) GDPR.

Plug-ins, usage analysis

We embed various services and content from third-party providers on our website. The embedding may result in the processing of your personal data. Furthermore, it is possible that data may be transferred to countries outside the EU as a result of embedding third-party content. For more information on this, please refer to Section 6.

The legal basis for embedding these services and content is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest in this data processing results from the fact that we use the third-party services to make our website user-friendly and to optimise our website.

6. Google Analytics, institute locator and Google Maps

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses cookies, which are text files placed on your computer, to enable the analysis of how you use the website. The information generated by the cookie about your use of this website will usually be transmitted to and stored by Google on a server in the United States. However, if IP anonymization is activated on this website, then within EU Member States or in other member states of the European Economic Area Google will shorten your IP address before transmitting it. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of this website, compiling reports on website activity and providing other services for the website operator relating to website usage and internet usage. Google will not associate your browser’s IP address transmitted for Google Analytics purposes with any other data held by Google. You can prevent the storage of cookies using the corresponding settings in your browser software; however, we would like to point out that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent the recording of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in available via the following link: tools.google.com/dlpage/gaoptout

Please note that on this website we use Google Analytics with the code ‘gat. anonymizeIp();’ in order to guarantee an anonymous collection of IP addresses (so-called IP masking).

You can find more information on the terms of use and data protection at

https://support.google.com/analytics/answer/6004245?hl=de.

Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield,

https://www.privacyshield.gov/EU-US-Framework.

The legal basis for the use of Google Analytics is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest in this data collection arises from the fact that we require the use of Google Analytics to optimise our website.

Institute locator and Google Maps

Our institute locator lets you find a SEYO institute near you. For this purpose, you are shown a map from Google Maps at www. seyo.de/en/providersearch. By zooming in on the map, you will find the location of the cosmetics institute offering SEYO products which is closest to you. When you visit our website, Google receives the information that you have retrieved the corresponding subpage of our website. In addition, as far as we are aware the following information is transmitted to Google: date and time of the visit to the respective website, internet address or URL of the website accessed, IP address of the device used to access the website and any start and destination addresses entered on the Google Maps page for navigation purposes. This occurs regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses it for purposes of advertising, market research and/or the demand-oriented design of its website. Such analysis takes place in particular (even for users who are not logged in) to deploy demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such user profiles, although you must contact Google to exercise this right.

For more information about the purpose and scope of data collection and processing by Google, please refer to Google’s privacy policy. There you will also find further information about your rights in this regard and settings options to protect your privacy: www.google.de/intl/de/policies/privacy.

Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

The legal basis for the use of the institute locator and Google Maps is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest in this data collection arises from the fact that we use Google Maps to make it easier to find our SEYO institutes and thus to optimise our website.

7. Online job applications, publication of job advertisements

We offer you the opportunity to apply to us via our website. When you apply digitally in this way, we will electronically collect and process your applicant and application data as part of the application procedure.

The legal basis for this processing is Section 26(1) Sentence (1) BDSG in conjunction with Art. 88(1) GDPR.

If an employment contract is concluded after the application procedure, we will store the data you provided when applying in your personnel file for the purpose of the usual organisational and administrative processes – naturally in compliance with further legal obligations.

The legal basis for this processing is also Section 26(1) Sentence (1) BDSG in conjunction with Art. 88(1) GDPR.

If an application is rejected, we will automatically erase the data transmitted to us two months after notification of the rejection. However, this erasure will not take place if legal provisions require us to store the data for a longer period, for example for up to four months due to the obligation to provide proof under the General Act on Equal Treatment (AGG), or until the conclusion of legal proceedings.

In this case, the legal basis is Art. 6(1)(f) GDPR and Section 24(1) No. 2 BDSG. Our legitimate interest lies in legal defence or enforcement.

If you expressly consent to your data being stored for a longer period, e.g. for addition to a database of applicants or interested parties, we will process the data further on the basis of your consent. The legal basis is then Art. 6(1)(a) GDPR. However, under Art. 7(3) GDPR you can of course withdraw your consent with effect for the future at any time by notifying us.

8. MailChimp newsletter

We offer you the opportunity to register for our free newsletter via our website.

If you register for our newsletter, the data requested from you for this purpose, i.e. your email address and, optionally, your name and address, will be transmitted to us. At the same time, we will store the IP address of the internet connection from which you access our website as well as the date and time of your registration. During the subsequent registration process, we will obtain your consent to the sending of the newsletter, specifically describe the content and refer to this privacy policy. The data collected will be used exclusively for sending the newsletter; it will therefore in particular not be passed on to third parties.

The legal basis in this regard is Art. 6(1)(a) GDPR.

Under Art. 7(3) GDPR, you can withdraw your consent to receiving the newsletter with effect for the future at any time. All you need to do in this case is inform us of your withdrawal or click on the unsubscribe link contained in each newsletter.

We use MailChimp, a service provided by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA, hereinafter referred to as ‘The Rocket Science Group’, to send our newsletters.

By being certified under the EU-US Privacy Shield, (‘EU-US Privacy Shield’),

https://www.privacyshield.gov/...

The Rocket Science Group guarantees that EU data protection regulations will also be complied with when processing data in the USA. Furthermore, The Rocket Science Group provides additional privacy information at

http://mailchimp.com/legal/pri...

If you register for our newsletter, the data requested during the registration process, such as your email address and, optionally, your name and address, will be processed by The Rocket Science Group. In addition, your IP address and the date and time of your registration will be stored. During the subsequent registration process, your consent to the sending of the newsletter will be obtained, the content described specifically, and reference made to this privacy policy.

The newsletter subsequently sent via The Rocket Science Group also contains what’s known as a tracking pixel or web beacon. Using this tracking pixel, we can evaluate whether and when you have read our newsletter and whether you have clicked on any links contained therein. In addition to other technical data, such as data from your computer system and your IP address, the data processed is stored so that we can optimise our newsletters and respond to the wishes of readers. We therefore process the data in order to enhance the quality and attractiveness of our newsletters.

The legal basis for sending the newsletter and for the analysis is Art. 6(1)(a) GDPR.

Under Art. 7(3) GDPR, you can withdraw your consent to receiving the newsletter with effect for the future at any time. All you need to do in this case is inform us of your withdrawal or click on the unsubscribe link contained in each newsletter.

9. Voluntary nature of data provision

The provision of personal data when you visit our website is neither required by law or contract nor necessary to conclude a contract. You are also not obliged to provide personal data when you visit our website, although the access data is recorded automatically when you visit our website. If you wish to register as a customer, your registration data is required.

10. Duration of processing

Access data, cookies

Our hosting provider temporarily stores the access data for security reasons (e.g. to clarify misuse or fraud) and then erases it. Data whose further storage is required for evidence is excluded from erasure until the respective incident has been finally clarified.

If IP addresses are processed by third-party providers, we have no influence on the duration of the processing. Under Section 6 you will find the links to the privacy policies of the third-party providers. There you can find out about the duration of the processing.

Input data

Personal data that you enter via our forms or otherwise provide to us will be processed for the duration of the processing of your request, provided the continued storage of the data is required due to tax and commercial retention periods or justified by a consent.

11. Objection

You have the right to object at any time to your personal data being processed on the basis of Art. 6(1) Sentence 1(f) GDPR, if there are reasons for the objection which result from your particular situation. However, we will continue to process your personal data if there are compelling legitimate reasons to continue processing the data which outweigh your interests, rights and freedoms, or if the processing serves to establish, exercise or defend against legal claims. If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising, without giving any reasons (Art. 21 GDPR).

12. Further rights of data subjects

If you have given your consent, you have the right to withdraw it. Please note that a withdrawal does not alter the lawfulness of the consent granted up until the withdrawal (the withdrawal has no retroactive effect).

Under the GDPR, you have the right to receive information free of charge about the personal data we hold about you (Art. 15 GDPR).

Furthermore, in accordance with the GDPR you have the right to have your personal data rectified (Art. 16 GDPR), erased (Art. 17 GDPR), to have its processing restricted (Art. 18 GDPR) and a right to data portability (Art. 20 GDPR).

In justified cases, you also have the right to lodge a complaint with the data protection supervisory authority responsible for us (Art. 77 GDPR).

You can assert your rights under the GDPR by email or in writing. The provider’s contact details are specified below.

13. Contact details

Provider of this website as the controller under data protection law:

SEYO GmbH
Wilhelm-Stein-Weg 5
22339 Hamburg
Germany

Tel.: +49 (0) 40 537 99 100
Email: info@seyo.de

Data protection supervisory authority

Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6 (Block C)
20095 Hamburg
Germany

Telephone: +49 (0) 40 42854 – 4040
Fax: +49 (0) 40 42854 – 4000
Email: mailbox@datenschutz.hamburg.de
http://www.datenschutz.hamburg...

Last amended: May 2018