The responsible for data processing is:
ili Skincare GmbH
Steinfurter Straße 51a
48149 Münster, Germany
info@herbsom.de
Thank you for your interest in our online store. The protection of your privacy is very important to us. Below we inform you in detail about the handling of your data.
You can visit our websites without providing any personal information. Each time you access a website, the web server only automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the request, the amount of data transferred and the requesting provider (access data) and documents the request. This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving our services. This serves to protect our legitimate interests in the correct presentation of our offer, which outweigh our interests in the context of a balancing of interests in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO. All access data is deleted no later than seven days after the end of your visit to the site.
For the purpose of contract processing in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, because in these cases we need the data to process the contract and we can not send the order without their information. Which data is collected can be seen from the respective input forms.
Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and shipping processing, can be found in the following sections of this privacy policy. After complete processing of the contract, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law in accordance with Art. 6 para. 1 p. 1 lit. c DSGVO, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
Insofar as you have given your consent to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO by deciding to open a customer account, we will use your data for the purpose of opening the customer account as well as for storing your data for further future orders on our website. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or by using a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted, unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.
In the context of customer communication, we collect personal data to process your inquiries in accordance with Art. 6 (1) p. 1 lit. b DSGVO if you voluntarily provide us with this data when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, since in these cases we absolutely need the data to process your contact. Which data is collected can be seen from the respective input forms. After complete processing of your request, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.
For the fulfillment of the contract pursuant to Art. 6 para. 1 p. 1 lit. b DSGVO, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.
When processing payments in our online store, we work with these partners: technical service providers, credit institutions, payment service providers.
Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, who work for us as part of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves the fulfillment of the contract according to Art. 6 para. 1 p. 1 lit. b DSGVO. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.For questions about our payment processing partners and the basis of our cooperation with them, please use the contact option described in this privacy policy.
If necessary, we provide our service providers with further data, which they use together with the data necessary for processing the payment as our order processors for the purpose of fraud prevention and optimization of our payment processes (e.g. invoicing, processing of contested payments, accounting support). Pursuant to Art. 6 (1) p. 1 lit. f DSGVO, this serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests.
Purchase on account via KlarnaIf you decide to use the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as Klarna), we ask for your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO that we may transmit the data necessary for the processing of the payment and an identity and credit check to Klarna. In Germany, the credit agencies mentioned in Klarna's privacy policy may be used for the identity and credit check. Klarna uses the information received about the statistical probability of non-payment for a weighed decision on the establishment, implementation or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option mentioned in this privacy policy. This may result in us no longer being able to offer you certain payment options. You can also revoke your consent to this use of personal data at any time vis-à-vis Klarna.
If you register for our newsletter, we will use the data required for this purpose or separately provided by you to regularly send you our e-mail newsletter based on your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the list of recipients, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) p. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.
In order to make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and allow us to recognize your browser on your next visit (persistent cookies).We use such technologies that are mandatory for the use of certain functions of our website (e.g. shopping cart function). Through these technologies, IP address, time of visit, device and browser information as well as information about your use of our website (e.g. information about the contents of the shopping cart) are collected and processed. In the context of a balancing of interests, this serves overriding legitimate interests in an optimized presentation of our offer in accordance with Art. 6 (1) p. 1 lit. f DSGVO.
In addition, we use technologies to fulfill the legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. For more information on this, including the respective legal basis for data processing, please see the following sections of this Privacy Policy.
You can find the cookie settings for your browser under the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™
Insofar as you have consented to the use of the technologies pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO, you may revoke your consent at any time by sending a message to the contact option described in the privacy policy.
Insofar as you have given your consent to this in accordance with Art. 6 (1) p. 1 lit. a DSGVO, we use the following cookies and other third-party technologies on our website. After the end of the purpose and the end of the use of the respective technology by us, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your revocation options can be found in the section "Cookies and other technologies". For more information including the basis of our cooperation with the individual providers, please refer to the individual technologies. If you have any questions about the providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
We use the technologies described below from Adobe Systems, Software Ireland Limited, Ireland, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland ("Adobe"). The information automatically collected by Adobe technologies about your use of our website is generally transmitted to and stored on a server operated by Adobe, Inc, 345 Park Avenue San Jose, CA 95110-2704, USA. For the USA, there is no adequacy decision of the European Commission. Our cooperation is based on standard data protection clauses of the European Commission. If your IP address is collected via Adobe technologies, it is shortened or completely replaced by a generic IP address before being stored on Adobe servers by activating appropriate settings.
For the uniform presentation of the content on our website, data (IP address, time of visit, device and browser information) is collected by the script code "Adobe Fonts", transmitted to Adobe and subsequently processed by Adobe. We have no influence on this subsequent data processing. The data processing takes place on the basis of an agreement between jointly responsible parties pursuant to Art. 26 DSGVO.
We use the technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), as described below. The information automatically collected by Google technologies about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission. If your IP address is collected via Google technologies, it is shortened by activating IP anonymization before being stored on Google's servers. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise stated for the individual technologies, the data processing is based on an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 DSGVO. Further information about data processing by Google can be found in: Datenschutzhinweisen von Google.
For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. As a matter of principle, your IP address will not be merged with other data from Google. Data processing is carried out on the basis of an order processing agreement by Google.
For the uniform presentation of the content on our website, data (IP address, time of visit, device and browser information) is collected by the script code "Google Fonts", transmitted to Google and subsequently processed by Google. We have no influence on this subsequent data processing.
For the integration of third-party content, data (IP address, time of visit, device and browser information) is collected via the YouTube video plugin in the extended data protection mode used by us, transmitted to Google and subsequently processed by Google, only if you play a video.
We use the Facebook Pixel as part of the technologies of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") described below. The Facebook Pixel automatically collects and stores data (IP address, time of visit, device and browser information, as well as information about your use of our website based on events specified by us, such as a visit to a website or newsletter registration), from which usage profiles are created using pseudonyms. In addition, as part of the so-called extended data matching, information is collected and stored hashed for matching purposes, with which individuals can be identified (e.g. names, e-mail addresses and telephone numbers). For this purpose, when you visit our website, a cookie is automatically set by the Facebook Pixel, which automatically enables recognition of your browser when you visit other websites by means of a pseudonymous CookieID. Facebook will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website use, in particular personalized and group-based advertising.The information automatically collected by Facebook technologies about your use of our website is usually transmitted to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. There is no adequacy decision of the European Commission for the USA. Insofar as the transfer of data to the USA falls within our responsibility, our cooperation is based on standard data protection clauses of the European Commission. Further information about data processing by Facebook can be found in the privacy notices of Facebook.
As part of Facebook Analytics, statistics on visitor activity on our website are created from the data collected with the Facebook Pixel about your use of our website. The data processing takes place on the basis of an order processing agreement by Facebook. Their analysis serves the optimal presentation and marketing of our website.
Via Facebook Ads, we advertise this website on Facebook as well as on other platforms. We determine the parameters of the respective advertising campaign. Facebook is responsible for the exact implementation, in particular the decision on the placement of the ads with individual users. Unless otherwise specified for the individual technologies, the data processing is based on an agreement between joint controllers pursuant to Art. 26 DSGVO. The joint responsibility is limited to the collection of the data and its transmission to Facebook Ireland. The subsequent data processing by Facebook Ireland is not covered by this.
Based on the statistics on visitor activity on our website generated via Facebook Pixel, we operate Facebook Custom Audience group-based advertising on Facebook by determining the characteristics of the respective target group. In the context of the extended data matching that takes place to determine the respective target group (see above), Facebook acts as our processor.
Based on the pseudonymous cookie ID set by the Facebook Pixel and the data collected about your usage behavior on our website, we conduct personalized advertising via Facebook Pixel remarketing.
Via Facebook Pixel Conversions, we measure for web analytics and event tracking your subsequent usage behavior when you have reached our website via an ad from Facebook Ads. The data processing takes place on the basis of an order processing agreement by Facebook.
Insofar as you have given your consent to the respective social media operator in accordance with Art. 6 (1) p. 1 lit. a DSGVO, when you visit our online presences on the social media mentioned above, your data will be automatically collected and stored for market research and advertising purposes, from which usage profiles will be created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to the privacy notices of the providers linked below. If you still need help in this regard, you can contact us.
Facebook is an offer of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland") The information automatically collected by Facebook Ireland about your use of our online presence on Facebook is usually transmitted to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission. Data processing in the context of a visit to a Facebook Fanpage is based on an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. For more information (Insights data information), please see here.
Instagram is an offer of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland") The information automatically collected by Facebook Ireland about your use of our online presence on Instagram is usually transmitted to a server of Facebook, Inc, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission. Data processing in the context of a visit to an Instagram fan page is based on an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. For more information (Insights data information), please see here.
YouTube is a service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our online presence on YouTube is usually transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission.
Pinterest is an offer of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). The information automatically collected by Pinterest about your use of our online presence on Pinterest is usually transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission.
LinkedIn is an offer of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is usually transmitted to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission.
As a data subject, you have the following rights:
|
Right of objection Insofar as we process personal data as explained above in order to protect our legitimate interests which prevail in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you may exercise this right at any time as described above. If the processing is carried out for other purposes, you will only have the right to object if there are grounds arising from your particular situation.
|
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data, as well as revocation of consent given or objection to a particular use of data, please contact us directly using the contact details in our imprint.
