Privacy Policy

1) Introduction and Contact Information of the Data Controller
1.1 We are delighted that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when using our website. Personal data refers to any information that can personally identify you.

1.2 The data controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is HEIDELBERG KOSMETIK GMBH, CEO: Sandra Heidelberg, Bernadottestrasse 9a, 14193 Berlin, Germany, Phone: +49 176 30371877, Email: info@heidelbergkosmetik.com. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3 The data controller has appointed a data protection officer who can be contacted as follows: Sandra Heidelberg, Bernadottestrasse 9a, 14193 Berlin, Phone: +49 176 30371877, Email: info@heidelbergkosmetik.com.

2) Data Collection When Visiting Our Website
2.1 When you visit our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we collect only such data that your browser sends to our server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Browser used
- Operating system used
- IP address used (if applicable, in anonymized form)
Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no further use or disclosure of this data. However, we reserve the right to retrospectively check the server log files should concrete evidence point to unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" address line and the lock symbol in your browser's address bar.

3. Contact When contacting us (e.g., via contact form or email), personal data is collected. The specific data collected through the use of a contact form is evident from the respective contact form used. This data is solely stored and used for the purpose of responding to your inquiry or for contacting you and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after the final processing of your request, provided that there are no legal storage obligations to the contrary.

4. Rights of the Data Subject 4.1 Under the applicable data protection law, you have the following rights as a data subject regarding the processing of your personal data (rights of data subjects), with reference to the specified legal basis for each right:
• Right to information according to Art. 15 GDPR;
• Right to rectification according to Art. 16 GDPR;
• Right to erasure according to Art. 17 GDPR;
• Right to restriction of processing according to Art. 18 GDPR;
• Right to notification according to Art. 19 GDPR;
• Right to data portability according to Art. 20 GDPR;
• Right to withdraw consent granted under Art. 7(3) GDPR;
• Right to lodge a complaint according to Art. 77 GDPR. 4.2 RIGHT TO OBJECT IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTERESTS WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS. IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING YOUR DATA FOR DIRECT MARKETING PURPOSES.

5. Duration of Personal Data Storage The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and – if applicable – by the relevant statutory retention periods (e.g., commercial and tax retention periods). If personal data is processed on the basis of express consent pursuant to Art. 6(1)(a) GDPR, the data is stored until the consent is revoked. If there are legal retention periods for data that is processed within the framework of legal or similar obligations based on Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer necessary for the fulfillment of the contract or the initiation of a contract and there is no legitimate interest on our part in continuing to store it. If personal data is processed based on Art. 6(1)(f) GDPR, it is stored until you exercise your right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims. If personal data is processed for the purpose of direct marketing based on Art. 6(1)(f) GDPR, it is stored until you exercise your right to object under Art. 21(2) GDPR. Unless otherwise stated in this statement on specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.