We are pleased that you are visiting our website. The protection of your privacy and the protection of your personal data, so-called personal data, when using our website is important to us, and we would like to take this opportunity to inform you about our company's data protection practices.
As part of our data protection responsibility, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR" ) in order to ensure the protection of personal data of the person affected by processing (we will also refer to you as the person affected as "customer", "user" , "you" , "you" or " data subject ").
To the extent that we decide, either alone or jointly with others, on the purposes and means of data processing, this primarily includes the obligation to provide you with transparent information about the type, scope, purpose, duration, and legal basis of the processing (see Articles 13 and 14 of the GDPR). With this declaration (hereinafter: " Privacy Notice "), we inform you about how your personal data is processed when you visit our website, contact us via our website contact form, or contact us by email or telephone.
We also inform you about our online presence on social media and your rights regarding the processing of your data. The term "data processing" always refers to the processing of personal data.
This privacy policy applies only to this website. It does not apply to other websites to which we merely refer via hyperlink. We cannot accept any responsibility for the confidential treatment of your personal data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. For information about how these companies handle your personal data, please visit these websites directly.
General(1) Definitions
Following the example of Art. 4 GDPR, this data protection notice is based on the following definitions:
– "Personal data" (Article 4 No. 1 GDPR) is all information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data, or information related to their physical, physiological, genetic, mental, economic, cultural, or social identity. Identifiability may also be achieved by linking such information or other additional knowledge. The origin, form, or embodiment of the information is irrelevant (photos, video, or audio recordings may also contain personal data).
– "Processing" (Article 4 No. 2 GDPR) is any operation or set of operations which is carried out on personal data, whether or not by automated (i.e., technology-based) means. This includes, in particular, the collection (i.e., acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison, linking, restriction, erasure, or destruction of personal data, as well as the change of a purpose or objective on which the data processing was originally based.
– “Controller” (Article 4 No. 7 GDPR) is the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of processing personal data.
– "Third party" (Article 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct authority of the controller or processor; this also includes other legal entities belonging to the group.
– "Processor" (Article 4 No. 8 GDPR) is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g., IT service providers). In the context of data protection law, a processor is not a third party.
– “Consent” (Article 4 No. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.
(2) Name and address of the controller
We are the responsible party for processing your personal data within the meaning of Art. 4 No. 7 GDPR:
Elanore Beauty GmbH
Jungfernstieg 34, 20354 Hamburg
+49 (0) 1521356704
i nfo@elanorebeauty.com
We are available to answer any questions you may have and to act as your contact person on the subject of data protection.
For further information about our company, please see the imprint on our website https://elanore.de/policies/legal-notice.
(3) Legal basis for data processing
By law, any processing of personal data is generally prohibited and is only permitted if the data processing falls under one of the following justifications:
– Article 6 (1) (a) GDPR (“consent”): If the data subject has voluntarily, in an informed manner and unambiguously indicated by a statement or other unambiguous confirmatory act that he or she agrees to the processing of personal data concerning him or her for one or more specific purposes;
– Article 6 (1) (b) GDPR: If the processing is necessary to fulfil a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;
– Article 6 (1) (c) GDPR: If processing is necessary to fulfil a legal obligation to which the controller is subject (e.g. a statutory retention period);
– Article 6 (1) (d) GDPR: If processing is necessary to protect the vital interests of the data subject or of another natural person;
– Article 6 (1) (e) GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or
– Article 6 (1) (f) GDPR ("Legitimate interests"): If processing is necessary to protect the legitimate (in particular legal or economic) interests of the controller or a third party, unless the conflicting interests or rights of the data subject prevail (in particular if the data subject is a minor).
For each of the processing operations we perform, we provide the applicable legal basis below. Processing may also be based on multiple legal bases. This processing is technically necessary to display our website. We also use the data to ensure the security and stability of our website.
(4) Data deletion and storage period
For each of the processing operations we perform, we specify below how long we store the data and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data is generally stored only on our servers in Germany, subject to possible disclosure in accordance with the provisions in A. (6) and A. (7).
However, storage may extend beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings, or if storage is required by legal regulations to which we as the controller are subject (e.g., Section 257 of the German Commercial Code (HGB), Section 147 of the German Tax Code (AO). If the storage period prescribed by law expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for doing so.
(5) Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties, taking into account the state of the art, the implementation costs, and the nature, scope, context, and purpose of the processing, as well as the existing risks of a data breach (including its likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
We will be happy to provide you with further information on this matter upon request. Please contact our data protection officer (see A. (2)).
(6) Conditions for the transfer of personal data to third countries
As part of our business relationships, your personal data may be transferred or disclosed to third parties. These companies may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer below in the relevant sections.
The European Commission has certified that some third countries have a data protection level comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, a consistently high level of data protection may not exist due to a lack of legal provisions. Where this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates, or recognized codes of conduct. Please contact our data protection officer (see A. (2)) if you would like more information on this.
(7) No automated decision-making (including profiling)
We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).
(8) No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on your prior provision of personal data. As a customer, you are generally under no legal or contractual obligation to provide us with your personal data. However, we may be unable to provide certain services to a limited extent or at all if you do not provide the necessary data. Should this exceptionally be the case within the scope of the products we offer presented below, you will be informed separately.
(9) Legal obligation to transmit certain data
We may, under certain circumstances, be subject to a specific statutory or legal obligation to make the lawfully processed personal data available to third parties, in particular public authorities (Article 6 (1) (c) GDPR).
(10) Your rights
You can assert your rights as a data subject regarding your processed personal data at any time using the contact details provided above under A. (2). As a data subject, you have the right:
– to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information on its details;
– to request the immediate correction of incorrect or the completion of your data stored by us in accordance with Art. 16 GDPR;
– to request the deletion of your data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
– to request the restriction of the processing of your data in accordance with Art. 18 GDPR if you contest the accuracy of the data or if the processing is unlawful;
– in accordance with Art. 20 GDPR, to receive the data you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller ("data portability");
– to object to processing in accordance with Art. 21 GDPR, provided that the processing is carried out on the basis of Art. 6 (1) S. 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary to fulfill a contract with you. Unless it is an objection to direct advertising, when exercising such an objection we ask you to explain the reasons why we should not process your data as we do. If your objection is justified, we will examine the situation and will either stop or adapt the data processing or show you our compelling legitimate reasons on the basis of which we continue the processing;
– pursuant to Art. 7 (3) GDPR, you have the right to revoke your consent (even before the GDPR came into force, i.e., before May 25, 2018) – that is, your voluntary, informed, and unambiguous consent, made clear by a statement or other unambiguous affirmative action, that you agree to the processing of your personal data for one or more specific purposes – at any time, if you have given such consent. This means that we may no longer continue the data processing based on this consent in the future, and
– in accordance with Art. 77 GDPR, to complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us.
(11) Changes to the privacy policy
As data protection law evolves and technological or organizational changes occur, our privacy policy is regularly reviewed for any necessary adjustments or additions. You will be notified of any changes on our website. This privacy policy is current as of April 2022.
Visiting websites(1) Explanation of the function
Information about our company and the services we offer can be found, in particular, at www.elanore.de . When you visit our website, your personal data may be processed.
(2) Personal data processed
When you use our website for informational purposes, we collect, store and process the following categories of personal data:
(2.1) "Log Data": When you visit our website, a so-called log data record (so-called server log files) is temporarily and anonymously stored on our web server. This consists of:
– the page from which the page was requested (so-called referrer URL)
– the name and URL of the requested page
– the date and time of the call
– a description of the type, language and version of the web browser used
– the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established
– the amount of data transferred
– the operating system
– the message whether the call was successful (access status/Http status code)
– the GMT time zone difference
(2.2) "Contact form data": When using contact forms, the data transmitted through them will be processed (e.g., gender, first and last name, address, company, email address, and the time of transmission). In addition, the following data is collected by our system:
(2.3) "Contacting us via the website contact form": If you use the contact form provided on our website for communication, you must provide your first and last name, as well as your email address. Without this information, your request submitted via the contact form cannot be processed. Providing your address is optional and allows us, if you wish, to process your request by post.
In addition, the following data is collected by our system:
(2.4) "Contact via order form": There is a web shop on our website which can be used for orders.
Type and scope of data processing Our data collection is limited to the following data:
▪First and last name
▪Telephone number
▪Email address
▪Account details
▪Product name
▪Content of the personal message, if applicable.
(2.5) "Contact via online presence in social media":
We maintain online presences on social networks (Instagram, among others) to inform active users about our services and to communicate via the platforms if they are interested. Our social media channels can only be accessed via an external link. Once you access our social media profile on the respective network, the terms and conditions and data processing guidelines of the respective operators apply.
We have no influence on the collection and further use of data by social networks. We have no knowledge of the extent, location, and duration of data storage, the extent to which the networks comply with existing deletion obligations, the evaluations and links made to the data, and to whom the data is shared. We therefore expressly point out that your data (e.g., personal information, IP address) will be stored by the network operators in accordance with their data usage guidelines and used for business purposes.
(3) Purpose and legal basis of data processing
We process the personal data described above in accordance with the provisions of the GDPR and other relevant data protection regulations, and only to the extent necessary. To the extent that the processing of personal data is based on Article 6 (1) (f) GDPR, the aforementioned purposes also represent our legitimate interests.
The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (the legal basis is Art. 6 (1) (f) GDPR).
Contact form data is processed to process customer inquiries (the legal basis is Art. 6 (1) (b) or (f) GDPR).
(4) Duration of data processing
Your data will only be processed for as long as necessary to achieve the aforementioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly. Regarding the use and storage period of cookies, please refer to section A. (4) and the Cookie Policy under B. (6).
Third parties employed by us will store your data on their systems for as long as is necessary in connection with the provision of services to us in accordance with the respective order.
Further details on the storage period can be found under A. (4) and the Cookie Policy B. (6).
(5) Transfer of personal data to third parties; justification
The following categories of recipients, who are usually processors, may have access to your personal data:
– Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g., for data center services, payment processing, IT security). The legal basis for the transfer is Art. 6 (1) (b) or (f) GDPR, unless they are contract processors;
– Government agencies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Art. 6 (1) (c) GDPR;
– Persons employed to conduct our business operations (e.g., banks, insurance companies, legal advisors, supervisory authorities). The legal basis for the transfer is Art. 6 (1) (b) or (f) GDPR.
For the guarantees of an adequate level of data protection when data is transferred to third countries, see A. (6).
Furthermore, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 (1) (a) GDPR.
(6) Use of cookies, plug-ins and other services on our website
We use cookies on our website. Cookies are small text files that are stored on your hard disk and assigned to the browser you use using a characteristic string. These files allow certain information to be sent to the location that placed the cookies. Cookies cannot run programs or transmit viruses to your computer and therefore do not cause any damage. They are designed to make the internet more user-friendly and effective, making it more pleasant for you.
Cookies can contain data that makes it possible to recognize the device used. However, cookies sometimes only contain information about certain settings that are not personally identifiable. Cookies cannot directly identify a user.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. In terms of their function, cookies are further divided into:
– Technical cookies: These are essential to navigate the website, use basic functions and ensure website security; they do not collect information about you for marketing purposes or store which websites you have visited;
– Performance cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur during website usage. They do not collect information that could identify you – all information collected is anonymous and is only used to improve our website and to find out what interests our users.
– Advertising cookies, targeting cookies: These are used to offer website users needs-based advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
– Sharing cookies: These are used to improve the interactivity of our website with other services (e.g., social networks); sharing cookies are stored for a maximum of 13 months.
Any use of cookies that is not strictly necessary for technical reasons constitutes data processing, which is only permitted with your express and active consent in accordance with Art. 6 (1) (a) GDPR. This applies in particular to the use of advertising, targeting, or sharing cookies. Furthermore, we will only pass on your personal data processed by cookies to third parties if you have given your express consent in accordance with Art. 6 (1) (a) GDPR.
As soon as the data transmitted to us via cookies is no longer required for the purposes described above, this information will be deleted. Further storage may occur in individual cases if required by law.
Most web browsers are preset to automatically accept cookies. However, you can configure your browser to accept only certain cookies or even prevent them altogether. Please note, however, that if you do this, you may not be able to use all the features of our website.
You can also delete cookies already stored in your browser via your browser settings. Furthermore, you can set your browser to notify you before cookies are stored. Since different browsers may vary in their functionality, please refer to your browser's help menu for the relevant configuration options.
(7) Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating our website.
In doing so, we or our processors process inventory data, contact data, content data, contract data, usage data as well as meta and communication data of users of our website on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 (1) subparagraph 1 (f) GDPR in conjunction with Art. 28 GDPR (conclusion of a contract for order processing).
