Privacy policy
This privacy policy gives you an overview of how esthetic space processes your data. It applies to all websites, apps and other services and benefits offered by esthetic space GmbH.
If you have a question about this privacy statement or about data protection at esthetic space in general, you can contact us at privacy@esthetic-space.com.
Please also send us an email if you wish to exercise any of your rights as a data subject under Articles 15-22 of the GDPR, including revoking consent for marketing purposes and unsubscribing from the newsletter. For more information about your rights, please see section 9.
1. General Information On Data Processing
The collection and processing of your personal data is carried out exclusively within the framework of the legal data protection regulations, in particular the DSGVO. According to Art. 4 DSGVO, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as name, postal address, e-mail address or telephone number, but also usage data and your IP address, if applicable.
There is no commercial transfer of your data (sale, rental) to third parties. We use services of various providers, where the processing of your personal data may be necessary. This is the case, for example, in the following:
- for the operation of our websites (e.g. hosting, display through the delivery of images),
- in the context of contract initiation as well as for the provision of contractual services (e.g. processing and shipping of orders placed with us or if you apply for a job with us),
- for recording customer satisfaction and usage behavior on our websites (so-called tracking) as well as for marketing and advertising (e.g. for sending newsletters) and
- for quality assurance.
Some of the service providers and partners engaged by us are not located within the European Union (EU) or the European Economic Area (EEA) or store and process personal data there. In case of transfer to external entities in third countries, i.e. outside the EU or the EEA, we ensure that these entities treat your personal data with the same care as within the EU or the EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we ensure the careful handling of personal data through contractual agreements or other suitable guarantees.
2. Responsible Body / Contact
The responsible body according to Art. 4 No. 7 DSGVO is:
esthetic space GmbH
Freester Weg 10c
13503 Berlin
Germany
phone: +49 30 75439444
E-mail: privacy@esthetic-space.com
You can reach us by mail, phone and e-mail. In order to protect personal data, we may answer inquiries or parts of inquiries via another communication channel.
3. Data Protection Officer
Florian Preusner
Freester Weg 10c
13503 Berlin
E-mail: privacy@esthetic-space.com
4. Data Collection When Visiting And Using Our Websites
We use the store system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online store Art. 6 (1) sentence 1 lit. f) DSGVO due to our legitimate interest in a secure and reliable display of all basic functions in our online store.
All data collected on our website is processed on the servers of Shopify. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on behalf of Shopify. In the case of transfer of data to Shopify Inc. in Canada, the adequate level of data protection is guaranteed by adequacy decision of the European Commission. If Shopify then sends that personal data to a country outside of Canada (for example, if Shopify sends that data to their sub-processors), that data is protected by contractual obligations comparable to those in standard European Union contractual clauses.
For more information about Shopify's privacy practices, please visit the following website: https://www.shopify.com/legal/dpa.
For information on the cookies used on this website, please refer to the cookie settings as well as section 5 of this privacy policy. Listed below are those services that are already activated at the time the website is accessed for the first time. The extent to which cookies are also used by these services can also be found in the cookie settings.
4.1 Consent and Privacy Management
To make it as convenient as possible for you to provide consent, we use the consent management service GDPR Legal Cookie by beeclever GmbH, Friedrich-Mohr-Straße 1, D-56070 Koblenz.
In doing so, the date and time of the visit, browser information, opt-in and opt-out data, device information and the IP address are processed. The legal basis is Art. 6 para. 1 lit. f DSGVO: Obtaining and managing legally required consents are to be considered a legitimate interest within the meaning of the aforementioned provision. We have deliberately chosen a provider from the EU that only processes data that is necessary for the smooth administration of your consents. Accordingly, conflicting interests of exclusion are not apparent.
The revocation document of a previously granted consent is stored for a period of three years. The retention is based on our accountability pursuant to Art. 5 (2) DSGVO and can therefore be based on Art. 6 (1) lit. f DSGVO. Enabling proof also related to a period prior to exercising your revocation is considered a legitimate interest within the meaning of this provision. The data will be processed again solely in the event of an official investigation. Therefore, conflicting interests are not apparent. Further information on GDPR Legal Cookie's data protection can be found at https://gdpr-legal-cookie.com/pages/datenschutzerklarung.
5. Use Of Cookies
We use cookies to provide you with a comprehensive range of functions and to make the use of our websites more comfortable, as well as for web analysis (improvement of the shopping experience, control of our marketing activities, individualization of our product offers) and for advertising measures. "Cookies" are small files that your browser stores on your terminal device in a designated directory. Through these, it can be determined, for example, whether you have visited a website before. There are session cookies (so-called temporary cookies), which are deleted as soon as you close your browser, and permanent cookies, which are stored on your end device for a longer period (e.g. lifetime 1 month) or indefinitely. We use session cookies to show you your shopping cart across multiple pages. Permanent cookies help us to recognize you when you visit our online store again and to show you products that are suitable for you.
Technically necessary cookies are used automatically, i.e. without your prior express consent (see Section 25 (2) TTDSG). We use all other types of cookies exclusively on the basis of your prior express consent (cf. Section 25 (1) TTDSG). For details, please refer to our cookie settings . You can give your consent at the beginning of website use by clicking the "Accept all" button or separately for each individual service after clicking "More". The cookies set then will be automatically deleted at the end of their lifetime. If you click on "Refuse", no further services will be loaded (with the exception of technically necessary services).
You can revoke your consent given to us at any time with effect for the future by preventing the storage of cookies in your browser in each case and deleting the corresponding cookies. Please note that deactivating cookies may lead to restrictions in the use of our websites or may even make them unusable at all.
You can adjust your privacy settings for esthetic space websites by using the link in footer called "Cookie Settings".
6. Processing Of Data For Advertising Purposes
We are interested in maintaining the customer relationship with you and in sending you information and offers by mail or e-mail that we believe fit your wishes and interests.
6.1 Email newsletter and product recommendations
esthetic space offers you a free newsletter service with which we inform you about current offers, sales promotions, product recommendations and all about office products. If you provide us with your email address to receive the newsletter, we will first send you a confirmation email. Please click the "Confirm" button in this mail to be added to the newsletter distribution list. The legal basis for sending the newsletter is your consent (Art. 6 para. 1 lit. a DSGVO). In connection with this so-called double opt-in procedure, we store the IP address used for registration on our website and confirmation, as well as the time of these actions. The legal basis for this storage is Art. 6 para. 1 lit f DSGVO. In cases of doubt, to be able to prove that consent was given to receive our newsletter is considered a legitimate interest. After weighing the interests of the website visitors, no overriding interests of exclusion are apparent.
As an existing customer of esthetic space, you will receive e-mails with information about our products and promotions independently of a registration for the newsletter and within the legally possible scope. The newsletter is sent on the basis of Art. 6 (1) lit. f DSGVO in conjunction with § 7 (3) UWG. The use of the e-mail is a legitimate interest in this context. If you no longer wish to receive such e-mails, you can unsubscribe as described below.
Unsubscribing from the newsletter is possible at any time via an unsubscribe link contained in each newsletter. You can object to the use of your e-mail address for advertising purposes at any time, either in total or for individual measures, with effect for the future, without incurring any costs other than the transmission costs according to the basic rates. A message in text form to the above contact details is sufficient for this purpose.
7. Collection Of Personal Data In Connection With The Performance Of A Contract
7.1 Obligation To Provide Data
The provision of personal data may in some cases be required by law (e.g. tax regulations) or result from contractual provisions (e.g. information on the contractual partner). For example, you are obliged to provide us with personal data if our company concludes a contract with you. Without this personal data, we could neither conclude a contract with you nor fulfill it vis-à-vis you. Unless expressly stated at the time of collection, the provision of data is not required or obligatory.
In the following, we explain the necessary data processing activities in connection with a contract performance. Consequently, the legal basis for these processing activities is Art. 6 (1) lit. b DSGVO. This also applies to processing operations that are necessary for the performance of pre-contractual measures, for example in cases of inquiries about our products or services, as well as to all data processing required in connection with the performance of the contract, e.g. the transfer of data for the purpose of invoice settlement or the delivery of goods.
If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for compliance with tax obligations, the processing is based on Art. 6 (1) lit. c DSGVO (legal obligation) in conjunction with the processing obligation under national law. In connection with the execution of sales contracts, in accordance with the requirements of commercial and tax law, the necessary data will be stored by us in blocked form for ten years beginning with the year following the order and will only be processed again in the event of an official inspection.
7.2 Order form
For the fulfillment of a contract, further personal data is necessary (e.g. your e-mail address, name, address, date of birth to verify your age of majority, etc.). The exact scope results from the order form of our online store. We need this data in order to enter into a contract with you about your order and also to process it (Art. 6 para. 1 lit. b DSGVO). For order processing, the data is transmitted to the following recipients.
7.3 Payment service provider
We provide you with the following payment method(s) for the settlement of your order, from which you can choose for your order.
7.3.1 Payment processing via Shopify Payments
We use the Shopify Payments service provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify Payments") to process payments for orders placed through our website. In doing so, name, first name, address, depending on the selected payment method credit card data or account number and other order data as well as HTTP headers (IP address, browser information, referrer) are processed. Shopify Payments works together with the company Klarna Bank AB, veavägen 46, 111 34 Stockholm to process payments.
The legal basis for the processing is Art. 6 (1) lit. b DSGVO, as the processing of the payment serves the fulfillment of the contract. In accordance with commercial and tax law requirements, the necessary data will be stored by us in blocked form for ten years beginning with the year following the order and will only be processed again in the event of an official inspection. Further information on data protection can be found at https://www.shopify.com/legal/privacy and https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.
7.3.2 Payment processing via Paypal
You have the option to process your payment via the provider Paypal (PayPal (Europe) S.à r.l. et Cie, S.C.A, Luxembourg). For this purpose, you will be redirected to the respective website of the provider in order to verify yourself in the respective stores and to authorize the payment. For the purpose of payment processing, we only transmit data that the providers need to fulfill their contract (the execution of your payment). The legal basis for the processing is Art 6 (1) lit. b DSGVO. For more information on data processing and how to exercise your rights, please visit https://www.paypal.com/webapps/mpp/ua/privacy-full.
8. Your Rights As A Data Subject
8.1 Right of revocation and objection
In accordance with Art. 7 (2) DSGVO, you have the right to revoke consent you have given to us at any time. This has the consequence that we will no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Insofar as we process your data on the basis of legitimate interests pursuant to Art. 6(1)(f) DSGVO, you have the right to object to the processing of your data pursuant to Art. 21 DSGVO and to provide us with reasons that arise from your particular situation and which, in your opinion, argue for an overriding of your interests worthy of protection. If it concerns an objection to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.
If you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the above contact details.
8.2 Right To Information
In accordance with Art. 15 DSGVO, you have the right to request information about whether and which of your personal data is processed by us.
8.3 Right To Rectification, Deletion And Blocking
You have the right to request the correction (Art. 16 DSGVO) or deletion (Art. 17 DSGVO) of your personal data or its completion. In cases where your data cannot be deleted (e.g. due to legal obligations), you have the right to request the restriction ("blocking") of processing in accordance with Art. 18 DSGVO.
8.4 Right to data portability
Pursuant to Art. 20 DSGVO, you have the right to receive your personal data that you have provided to us in a common, structured and machine-readable format, provided that the processing is pursued with the help of automated processes.
8.5 Right to complain to a supervisory authority
You also have the right to lodge a complaint with the competent supervisory authority (Article 77 GDPR) if you believe that the processing of personal data concerning you violates the law.
9. Changes To The Data Protection Declaration
Changes to the law or changes to our internal processes may make it necessary to adapt this data protection declaration. The current version of the data protection declaration is always available at esthetic-space.com/pages/privacy.
As part of the further development of our business, it may happen that the structure of esthetic space changes, by changing the legal form, founding, buying or selling subsidiaries, parts of companies or components. In such transactions, customer information will be transferred together with the part of the company to be transferred. In any transfer of personal information to third parties to the extent described above, esthetic space will ensure that it is done in accordance with this Privacy Policy and relevant data protection laws.
Should a transfer of your data occur, we will inform you of this in advance and inform you of your right to object in this regard.
Version 1.0 - Status 31.10.2022