Data Privacy Statement

Data protection declaration of Schwan Cosmetics International GmbH

Preamble

Schwan Cosmetics International GmbH (hereinafter Schwan Cosmetics) is pleased that you are visiting our website. Data protection and data security while using our website play a very important role for us. We would therefore like to inform you at this point which of your personal data we collect when you visit our joint website and for what purposes this is used. Since changes in the law or changes in our internal company processes may make it necessary to adapt this data protection declaration, we ask you to read it regularly. The data protection declaration applies to the Schwan Cosmetics website, which can be accessed under the domain https://www.schwancosmetics.com/.

 

1. Name and address of the responsible entity

The responsible entity is Schwan Cosmetics International GmbH, Schwanweg 1 in 90562 Heroldsberg (hereinafter referred to as "Schwan Cosmetics").

 

2. Names and addresses of the data protection officer

Our data protection officer is Mr. Sebastian Meyer, Schwanweg 1 - 90562 Heroldsberg. You can contact our data protection officer at any time with any questions concerning data protection. The best way to do this is by e-mail to: Datenschutz@schwan-stabilo.com.

 

3. General information on data processing

As a matter of principle, we collect and use personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services.

3.1 Personal data

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour. Information for which we cannot (or can only with a disproportionate effort) establish a link to your person, e.g. by anonymising the information, is not personal data.

3.2 Processing of personal data

Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.3 Legal basis for the processing of personal data

The collection and use of our users' personal data regularly takes place only with the user's consent. Insofar as we obtain the consent of the data subject for processing operations involving personal data, the legal basis is Article 6 (1) (a) of the General Data Protection Regulation (GDPR).

An exception applies in cases where obtaining consent in advance is not possible for factual reasons and the processing of the data is permitted by legal regulations. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR is the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) (c) GDPR is the legal basis.

If the processing is necessary to protect a legitimate interest pursued by us or a third party and the interests, fundamental rights and freedoms of the data subject do not overridde by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) (f) GDPR is the legal basis.

 

4. Data processing operations

Personal data is collected via this website, if you provide it to us on your own accord, e.g. by filling in forms or sending e-mails. We use this data for the purposes stated in each case or those resulting from the enquiry, e.g. providing your e-mail address, in order to contact you. Data is only transmitted to third parties if this is expressly permitted by law or if you have consented to the transmission in the course of an active business relationship.

4.1 Informational use of the website

You can visit our website without providing any personal information. If you only use our website for informational purposes, i.e. you do not provide us with any information about yourself, we do not process any personal data, with the exception of the data that your browser transmits to enable you to visit the website. For the purpose of the technical provision of our website, it is necessary that we process certain automatically transmitted information from you, so that your browser can display our website and you can use the website. This information is automatically collected each time you visit our website and stored in our server log files. This information relates to the computer system of the visiting computer. The following information is processed:

- Host

- IP address of the user

- Date and time of access

- Method of access (Get/Post)

- Request

- Protocol (e.g. https)

- Status (e.g. error messages)

- Amount of data retrieved

- Referrer

- Browser and operating system of the user

Legal basis for the above-mentioned data processing is Art. 6 (1) (f) GDPR. The processing of the aforementioned data is necessary for the provision of a website and thus serves to protect a legitimate interest of our company.

As soon as the aforementioned data is no longer required to display the website, it will be deleted. The collection of the data for the provision of the website and the (temporary) storage of the data in log files is absolutely necessary for the operation of the website. Further storage may take place in individual cases if required by law.

4.2 Active use of the website - Contact form

Apart from the usage of our website for informational purposes, we offer you the possibility to contact. One possibility is to contact us via our contact forms. In such an event we process the following information:

In principle, we require your e-mail address, your name, your company and address, as well as your website or social media. Furthermore, you can send us an individual message. The purpose of providing your data is to be able to allocate your enquiry and respond to you. It is your free decision whether you provide us with this data. Without such data it may happen, that we will be unable to process and fully or partially respond to your request.

The processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 (1) (f) GDPR). In the handling of your request lies or legitimate interest of the data processing.

If the contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR.

As soon as the enquiry you have made has been dealt with and the relevant matter has been conclusively clarified, the personal data processed by you via the contact form will be deleted. Further storage may take place in individual cases if this is required by law.

4.3 Contact per email

If you would like to contact us, make an offer or submit a press enquiry, you can send us an email to contact@schwancosmetics.com or to an email address from the relevant contact person. If you send us an email, we will process your email and all the data you have provided, such as name and company name. You can also send us an individual message. We will use this data only in order to respond to your email.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

The legal basis for processing the data transmitted in the course of contacting us is Art. 6 (1) (f) GDPR.  In the case of contact, the necessary legitimate interest in processing the data lies in the processing of your enquiry.

If the contact is aimed at concluding a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified. Further storage may take place in individual cases if this is required by law.

4.4. Contact per phone

To clarify any concerns, you can also contact us by telephone using the telephone numbers of the relevant contact persons stored on our website. In doing so, we process the personal data that you provide to us during the call.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

The legal basis for the processing of data transmitted in the course of contacting us is Art. 6 (1) (f) GDPR.  In the event of contact, the necessary legitimate interest in processing the data lies in the processing of your inquiry.

If the contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR.

For your own protection of your personal data, please refrain from informing us in particular of special categories of personal data within the meaning of Art. 9 (1) GDPR (for example: health data) about this.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified. Further storage may take place in individual cases if this is required by law.

4.5 Applicant management (career)

If you are interested in one of our vacancies listed on the website, you can send us an application at any time. In doing so, we will process all the information you provide.  

We assure you that we will only process the personal data you provide for the purpose of carrying out the application process. The legal basis for the processing of your personal data from your application documents is Section 26 (1) BDSG (German Data Protection Act) and Article 6 (1) (b) GDPR.

The storage period is 6 months after completion of the application process for the defence against any claims arising from the General Equal Treatment Act (AGG).

 4.6 Etracker

On this website we use the web analysis service etracker from etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg. The tools are used to analyze how you use the website and to carry out a statistical range analysis of this website. etracker cookies do not contain any information that would allow a user to be identified; in particular, the user's IP address is anonymised.

The data generated with etracker is processed and stored exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. In this regard, etracker has been independently tested, certified and awarded the ePrivacyseal data protection seal of approval. Any other use, merging with other data or disclosure to third parties does not take place.

Further information on etracker and etracker's data protection declaration can be found at the following links: www.etracker.com and

https://www.etracker.com/datenschutz/.

Article 6 (1) (f) GDPR serves as the legal basis for the data processing mentioned. The processing of the data mentioned is necessary for the provision of a website and thus serves to protect a legitimate interest of our company.

4.7 Supplier Portal

If you would like to apply as a company in our supplier portal, you must enter personal data about your contact person in the company in addition to the data about your company. We collect the following data from your contact person: first and last name, telephone number, extension, e-mail address, language and country. This is mandatory information. In addition, information on title, academic title, department, function and fax number / extension can be provided.

We collect this data in order to be able to contact the right contact person in the company in the event of a possible business relationship. The legal basis for the processing of the personal data presented is Art. 6 (1) (b) sentence 1 GDPR.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected or you have revoked your consent. Further storage can take place in individual cases if this is required by law.

For more information about our supplier portal, please click here.

 

5. Transfer of personal data to third parties

In principle, your personal data will not be transmitted to third parties. Your personal data will only be passed on to third parties or otherwise transmitted if:

• we are legally obliged to do so due to official or court orders,

• we are entitled to do so, e.g. because this is necessary to prosecute criminal offenses or to exercise and enforce our rights, or

• if you have given your prior consent.

 

6. Cookies and External Services

Cookies are small files that make it possible to store specific, device-related information on the user's access device (PC, smartphone, etc.). They serve the user-friendliness of websites and thus the users.

No cookies are currently used on our website.

 

7. Fan pages on Facebook, Instagram, LinkedIn and XING

We operate fan pages on the social networks Facebook, Instagram, LinkedIn and XING. As operators of these fan pages, we are jointly responsible with the operators of these networks within the meaning of Art. 4 No. 7 GDPR. When you visit one of our fanpages, personal data is processed by the responsible parties. As the controller of the fan pages, we have entered into agreements with the social networks which, among other things, regulate the conditions for using these pages. We have integrated this data protection policy into the corresponding fan pages:

- Facebook Data Policy

- Instagram Data Policy

- LinkedIn Data Policy

- XING Data Policy

 

8. Hyperlinks

Our website contains so-called hyperlinks to websites of other providers. When activating these hyperlinks, you will be forwarded from our website directly to the website of the other provider. These can also be the company websites of the partners of Schwan-STABILO Promotion Products. You will recognise this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on other websites. Please inform yourself about the handling of your personal data on other websites directly on the respective websites.

 

9. Security measures for the protection of the data stored with us

We are committed to protecting your privacy and treating your personal data confidentially. In order to prevent loss or misuse of the data stored with us, we take extensive technical and organisational security precautions, which are regularly reviewed and adapted to technological progress. However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions who are not in our area of responsibility. In particular, data disclosed without encryption - even if this is done by e-mail - can be read by third parties. We have no technical influence on this. It is the user's responsibility to protect the data he or she provides against misuse by encrypting it or in any other way.

9.1. Encryption of your data

On all websites where personal information is provided, we use the industry standard SSL (Secure Sockets Layer) to encrypt your data. With SSL encryption, your data is alienated before it is transmitted to our server so that it cannot be reconstructed by third parties. This ensures the confidentiality of your details and your payment details when making transactions over the Internet.

9.2. Technical measures for safety at Schwan Cosmetics:

• Encrypt sensitive data transfers with Thawte SSL Certificates.

• Server security: Our servers are protected against attacks by firewall systems

• An internal security system and an authorization concept ensure that our employees cannot access your personal data without special authorization.

 

10. External service providers

We use service providers to provide services and to process your data relating to our services. The service providers process the data exclusively within the scope of our instructions and have been obligated to comply with the applicable data protection regulations. All service providers have been carefully selected and will only have access to your data to the extent and for the period of time necessary to provide the services or to the extent that you have consented to the processing and use of the data.

In this context, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with our service providers. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by US authorities for control and for monitoring purposes, possibly also without any legal remedy. In addition, where possible, we are in communication with the service provider to ensure the protection of your personal data with any additional measures that may be necessary.

 

11. Storage period

Your personal data will be deleted as soon as the respective purpose for processing has been achieved or has subsequently ceased to apply.

In order to fulfil contractual obligations, data collected from you may be retained for as long as the contract exists and, depending on the scope of the contract, for 6 or 10 years beyond that to comply with legal retention obligations and to resolve any enquiries or claims that may arise after the contract expires.

If, at our discretion, data is necessary to investigate or defend claims against us or to bring a prosecution or claim against you, us or a third party, we may retain it for as long as such proceedings might be brought.

For customer service purposes, data collected from you may be retained for 3 to 10 years after collection unless you request that we delete this data and there are no contractual or statutory retention obligations that prevent this request for deletion.

Relevant obligations to provide proof and to retain data result, among others, from the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung).

In this case, the legal basis for the processing is the respective legal regulations in conjunction with Art. 6 (1) (c) GDPR.

If a contract is not concluded, we will delete your data after 3 years at the end of the statutory limitation period.

 

12. Data subject rights

12.1 Right to information, Art. 15 GDPR

You have the right to request information from us at any time about the data we have stored about you, as well as about its origin, recipients or categories of recipients to whom this data is passed on and the purpose for which it is stored.

12.2 Right of revocation, Art. 7 (3) GDPR

If you have given your consent to the use of data, you may revoke this consent at any time without giving reasons with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. For this purpose, an e-mail to Datenschutz@schwan-stabilo.com or a written notification to Schwan Cosmetics International GmbH, Schwanweg 1 in 90562 Heroldsberg shall suffice.

12.3 Right of rectification, Art. 16 GDPR

You may request the correction of incorrect or the completion of your data stored by us.

12.4 Right to erasure and blocking, Art. 17 and 18 GDPR

You have the right to block and delete your personal data stored by us. If legal storage obligations or other legally anchored reasons contradict the deletion, only the blocking of your data can be carried out instead of the deletion.

12.5 Right of data transfer, Art. 20 GDPR

Should you request the release of your personal data provided to us, we will release or transfer the data to you or another responsible party in a structured, common and machine-readable format if you so request. The latter, however, only if this is technically possible.

12.6 Right to object, Art. 21 GDPR

You have the right to object to the processing of personal data relating to you at any time on grounds relating to your particular situation within the framework of the requirements of Art. 21 GDPR, provided that the data processing is carried out on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR.

12.7 Contact for the assertion of data subject rights

To assert your data subject rights, you can contact us by e-mail at: Datenschutz@schwan-stabilo.com - or by post at Schwan Cosmetics International GmbH, Schwanweg 1 in 90562 Heroldsberg.

When you contact us, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions or respond to your request. We delete the data collected in this context after the storage is no longer necessary or restrict the processing if there are legal obligations to retain the data.

 

13. Right to file a complaint with the supervisory authority, Art. 77 GDPR

You have the right to file a complaint with the competent supervisory authority against the processing of your personal data if you consider that your rights under the GDPR have been violated.

 

14. Data transfer to affiliated companies

For operational reasons and to ensure IT operations and IT security, data may be transferred to affiliated companies of the Schwan-STABILO Group.

 

15. Automated decision-making/profiling

We do not use automated decision making or profiling (an automated analysis of your personal circumstances).

 

Status: August 2023

X