Data Privacy Statement

Schwan Cosmetics International GmbH (in the following: Schwan Cosmetics) is firmly committed to data privacy. Therefore, as a matter of course, we strictly adhere to the legal regulations concerning the protection of data privacy (in particular those in GDPR (General Data Protection Regulation) and BDSG [German Data Protection Act] and will do everything possible to ensure the privacy of your data. In addition, it is important for us that you know at any given time which data we store and how we use them. Please take a moment to read the following text informing you about the way we deal with your data. We reserve the right to revise the content of this data privacy statement from time to time, in particular to adapt it to new legal stipulations and technical development so that we can also safeguard data protection in the future. It is therefore advisable to regularly take note of our information and remarks concerning data processing.

1. Responsible person and scope

The responsible person is: Schwan Cosmetics International GmbH, Schwanweg 1, 90562 Heroldsberg, Germany (hereinafter Schwan Cosmetics).

2. Data Protection Officer

Our Data Protection Officer is: Mr. Sebastian Meyer, Schwanweg 1, 90562 Heroldsberg, Germany. Please refer to our Data Protection Officer if you have any questions regarding data protection issues at our company. You can reach him under the email-address:

3. General Principles on data processing

We collect and use personal data from our users basically only then, when this is necessary to provide a functional Website as well as to deliver our content and services.

3.1. Personal data
Personal data is all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, email-address, address, date of birth or your phone number. Non-personal data is ex. data regarding the number of users at a website.

3.2. Processing of personal data
Processing of personal data is any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

We process personal data through our Website only if you provide us with this data, ex. when filling out our contact form or sending us an email. We process this data for the named purposes or for the purposes defined in your request. We do not disclose your personal data to third parties, unless otherwise provided by law or you have given us your consent thereto. Apart from that you may use the general information at without revealing your personal data.

In particular we process your personal data as provided:

3.2.1. Contact form
On our Website, we offer you to contact us via a contact form provided by us. Basically, to answer your question or request, we will need you to provide us with the following data: your email-address, as well as your first and last name. Using the message area, you can send us an individual message. You may freely decide, whether you want to provide this information. Without this information we will however not be able to answer your question or reply to your request. The purpose of specifying this data is to assign your question or request and to be able to reply to you. When using the contact form, no personal data will be transferred to third parties.
As soon as your question or request has been answered or completed, your personal data will be deleted. Any further storage may however take place, if storage is required by law.
The data processing described above is carried out in accordance with article 6 (1) lit. b and article 6 (1) lit. f GDPR.
3.2.2. Job applications
If you are interested in our job offer, you can send us an application via our Website. Basically, to consider your job application, we will need you to provide us with a consent to process your data, as well as the following data: your email-address, your first and last name, a message with help of the message area, including a download of your application documents. You may freely decide to provide us with this information. Without this information we will however possibly not be able to consider your application. Your personal data will not be transferred to third parties. We assure you, that we will process your personal data only for the purposes of carrying out the job application process. Your personal data will be stored for 6 months after concluding the job application process.
The data processing described above is carried out in accordance with article 6 (1) lit. a GDPR.
3.3. Legal basis
Collecting and processing your personal data takes generally place upon your consent. Should the data processing be based on your consent, the legal basis for this data processing is Article 6 (1) lit. a GDPR. An exception may occur when obtaining a consent is not possible and/or this is permitted by law. If processing your data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, the legal basis for this data processing is Article 6 (1) lit. b GDPR. If processing your personal data is necessary for compliance with a legal obligation to which we as the controller are subject, the legal basis for this data processing is Article 6 (1) lit. c GDPR.
If processing your personal data is necessary for the purposes of legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, the legal basis for this data processing is Article 6 (1) lit. f GDPR.
3.4. Transferring data
It is a policy at Schwan Cosmetics not to transfer any personal data of its users to third parties, without having your explicit consent to do so. Schwan Cosmetics does not sell any usernames or email addresses to third parties or to send you advertisements.

4. Cookies

Below we describe the processing operations connected with usage of cookies, sessions and logfiles.

4.1. Usage of cookies, sessions and logfiles
A cookie is a small text file stored in your browser cache and enables an analysis of your use of our Website and/or ensures the functionality of the Website. Further our partners use cookies in order to evaluate the user behaviour for advertising purposes (social targeting). A session is a single session which will be saved on our server for a short period of time. Logfiles are created by the server and stored by us. They contain automatically generated logs of all or specific activities of processes on a computer system.
4.2. Data collected by cookies
Except for the IP address, no personal data will be stored in the cookies, sessions and logfiles. Furthermore, these files cannot transfer viruses, spy on your computer, or send emails undetected. In addition, each webserver can only read out those cookies it placed itself.
The following data is automatically collected via cookies, sessions and logfiles when you call up our Website:

  • Your internet address (IP address) / host name
  • Agent/browser type and version
  • Website you were referred from (referrer URL)
  • Operating system used
  • Pages viewed on our Website
  • Date and time of access
  • Session (for registered users)
  • Session ID (for registered users)

This data is stored separately from the data you provided to us and is not linked with other personal data. The data processed according to 4.2. is processed for statistical purposes, in order to optimize our Website and our offer.

4.3. etracker
The provider of this website uses the services of etracker GmbH, Hamburg, Germany ( to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time. Your objection has no disadvantageous consequences.

Further information on data protection with etracker can be found here

4.4. Google Tag Manager
Google Tag Manager is a webservice to manage the website-tags. The tool Google Tag Manager does not use any cookies and does not process any personal data. The tool can however trigger the usage of tags, which again may process certain personal data. Google Tag Manager does however not process this data. If deactivated at the domain or cookie level, is the deactivation for all tracking tags applicable, also for such which are implemented by the Google Tag Manager.
For more information on the terms of use and data privacy for the Google Tag Manager, please access the following policies:

4.5. Social media
Fan pages on Facebook, Instagram, LinkedIn and XING:
We are active on Facebook, Instagram, LinkedIn and XING social network fan pages. As the operator of these fan pages, we share joint responsibility with the operators of these networks in the sense of Article 4 (7) GDPR. When you visit our fan pages, personal information is process by the responsible parties. As the responsible party for our fan pages, we have reached agreements with the social networks, which also regulate the terms for use of these pages. This Data Privacy Statement has been integrated on all corresponding fan pages, where additional information is available.
On our Website, we use the social media plugin of the network Xing: the XING-Button

from XING AG, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter XING),

When you visit our Website, your browser connects directly to XING's servers. Therefore, we have no influence on the scope of personal data which is stored by XING by means of its plugin and can only inform to the best of our knowledge.
For more information on the personal data processed by XING and the terms of use at XING, please access the following XING policies:

On our Website, we use the social media plugin of the network Linkedin: the Linkedin Follower Button
from LinkedIn Ireland Unlimited Company, Wilton Place,

Dublin 2, Irland (hereinafter Linkedin),

When you visit our Website, your browser connects directly to Linkedins servers. Therefore, we have no influence on the scope of personal data which is stored by Linkendin and can only inform to the best of our knowledge.
For more information on the personal data processed by Linkedin and the terms of use at Linkedin, please access the following Linkedin policies:

4.6. Prevention of cookies
If you object to the use of cookies, sessions and logfiles, you can block or restrict their usage in your browser. However, it cannot be ruled out that in this case you might not be able to use individual functions on our webpages.
Upon closing your browser, the session-cookies are deleted, other cookies after one year. Cookies from our Partners, ex. Google (4.4) are deleted maximally after 24 months. You can deactivate the usage of cookies by Google by means of visiting the deactivating site of Google. Alternatively, you may deactivate the usage of third party cookies by means of visiting the deactivating site of the network initiative.

4.7. Legal basis
The processing activities described above are necessary for the purposes of legitimate interests pursued by us. The legal basis for this data processing is Article 6 (1) lit. f GDPR.

5. Data security and precautionary measures

We are committed to protecting your privacy and treating your personal data confidential. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are regularly reviewed and adapted to technological progress. Intensive training of our employees and their obligation to data security ensure that your personal data is treated confidential.
5.1. Responsibility of the User
We urge you to also take all possible measures to protect your data while working on the internet. Due to the structure of the internet, it is not possible for us to ensure that third parties, which are not within the scope of our responsibility, adapt identical privacy and security measures. Possibly if personal data is not encrypted or is sent per email it may be seen or read by third parties. Hereto we have no impact. It is the responsibility of the User, to secure his/her data via encryption or by other means.

5.2. Encryption
We use the SSL (Secure Sockets Layer) to encrypt your data on all Websites which require providing personal data. SSL encryption masks your data before transmitting it to our server, in such a manner that it cannot be reconstructed by third parties. This safeguards the privacy of your personal data.
5.3. Technical security measures at Schwan Cosmetics International GmbH:

  • Encryption of sensitive data transfer with SSL certificates by Thawte.
  • Server security: a firewall system protects our servers against attacks.
  • An internal security system and authorisation concept make sure that your sensitive data are not accessible to our employees unless they have a special authorisation.

6. Service providers for processing personal data

We employ service providers, who process personal data on our behalf and only on our instruction. The service providers are required to comply with all data protection regulations and to process data in accordance with our instructions. Our service providers have been carefully selected and receive access to your personal data only to the extent and for the time necessary to carry out their services.
Service providers in third countries such as the USA and countries outside the European Economic Area are subject to data protection regulations, which do not protect personal data to same extent as in the European Union. Should we process your personal data in countries, which do not provide such a high level of data privacy as in the European Union, then we will ensure by means of contractual regulations and other instruments that your that your personal data is safe and adequately protected.

7. Storage period

Your data will be stored only for the period of time required by law. Your data will be erased, when you have withdrawn your consent for processing your data or the purposes of processing your data have been obtained or when the processing is no longer legitimate for any legal reasons. Any retention periods required by law shall remain unaffected. During the statutory retention periods your data will not be processed for other purposes.

8. Rights concerned

From the GDPR, the following rights arise for you as an affected person for the processing of your personal data:

8.1 Right of access
According to art. 15 GDPR, you can request information about your personal data processed by us. In particular, you may request information on the source of the data, the recipients of this data or categories of recipients, as well as the processing purposes.

8.2. Right of objection
If the processing of personal data is based on your consent, you may object to this processing for the future, at any time and without any reason. To do so please send an email or a letter to: Schwan Cosmetics International GmbH, Schwanweg 1, 90562 Heroldsberg, Germany.

8.3. Right to rectification
In accordance with art. 16 GDPR, you can immediately request the rectification of incorrect or the completion of your personal data stored by us.

8.4. Right to erasure or restriction
In accordance with art. 17 GDPR, you may request the deletion of your personal data stored by us. The personal data will be deleted within 7 working days from your request. Any retention periods required by law shall remain unaffected. If your data may not be deleted due to retention periods, only a restriction of processing may be applied. Upon deleting your data, no access right may be granted.
8.5. Right to data portability
According to art. 20 GDPR, you may request to receive your personal data that you have provided to us in a structured, common, and machine-read format, or you may request the transfer to another responsible person, insofar this is possible to due technical means.
8.6. Right of revocation
In accordance with art. 7 (3) GDPR, you can revoke your once given consent to us at any time. As a result, we are not allowed to continue the data processing based on this consent for the future. In such an event you may not access our company sight.
8.7. Exercising the rights concerned
To exercise the aforementioned rights, please contact us / or: Schwan Cosmetics International GmbH, Schwanweg 1, 90562 Heroldsberg, Germany. Your personal data (possibly your email, name and telephone number) will be processed in order to answer your questions or respond to your concern. This data will be deleted if no longer necessary; in the event of statutory retention periods the processing may only be limited.

9. Complaint to a supervisory authority

According to art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of stay, your workplace or our company headquarters.