Our website uses cookies to enhance your browsing experience. You agree to the usage of cookies when you continue using this site, as detailed in our privacy policy.

Data protection

Data protection declaration according to the GDPR

Thank you for visiting our website. Your privacy is very important to us. Our data processing procedure is set out below..

I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of EU Member States, as well as other provisions of data protection law is the data controller:

Janssen Cosmetics GmbH
Ulrich Janssen
Pontsheide 36
52076 Aachen
Germany
Tel.: +49 2408 7046-0
E-mail: info@janssen-cosmetics.com
Website: www.janssen-cosmetics.com.

II. Name and address of the data controller

The data protection officer of the data controller is:

Dragan Stanković
ido stanković
Lütticher Straße 7
52064 Aachen
Germany
Tel.: +49 241 5903360
E-mail: d.stankovic@ido-stankovic.de
Website: www.ido-stankovic.de.

III. General information about data processing

  1. Scope of processing of personal data
    We collect and use the personal data of our users only insofar as it is necessary to provide an operational website and our content and services. The collection and use of our users’ personal data is subject to the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for genuine reasons and the processing of the data is permitted by statutory provisions.

  2. Legal basis for the processing of personal data
    Insofar as we obtain the consent of the party concerned for processing personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis.
    Art. 6 (1) (a) of the GDPR serves as a legal basis for the processing of personal data required for the fulfilment of a contract to which the party concerned is a contracting party. This will also apply to processing operations necessary for the implementation of pre-contractual measures.

    If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) of the GDPR serves as the legal basis.

    In the event that overriding interests of the concerned party or another natural person necessitate the processing of personal data, Art. 6 (1) (d) of the GDPR serves as the legal basis.

    If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the above interest, Art. 6 (1) (f) of the GDPR serves as the legal basis for the processing.

  3. Data deletion and storage duration
    The personal data of the person concerned will be deleted or blocked as soon as the purpose for storage no longer applies. Storage may also take place if the EU or domestic legislator has provided for this in EU regulations, laws or other provisions to which the data controller is subject. The data will also be blocked or deleted if the storage period prescribed by the above standards expires, unless it is necessary for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

  1. Description and scope of data processing
    Each time our website is accessed, our system automatically collects data and information from the computer system of the user. The following data is collected:

    (1) Information about the browser and the version used
    (2) The IP address of the user
    (3) Date and time of access

    The data is also stored in our system log files. These data are not stored together with other personal data of the user.

  2. Legal basis for data processing
    The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) of the GDPR.

  3. Purpose of data processing
    The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user shall remain stored for the duration of the session.
    The data is stored in log files in order to ensure the smooth functioning of the website. The data is also used to optimise the website and to ensure the security of our IT systems. No assessment of the data for marketing purposes takes place in this context.

    These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) (f) of the GDPR.

  4. Duration of storage
    The data will be deleted as soon as they are no longer necessary for the purpose in respect of which they were collected. In the case of data collection to ensure the website provision, this is the case when the respective session is terminated.

    If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or removed so that data allocation to the visiting client is no longer possible.

  5. Objection and disposal options
    Data collection for the website provision and data storage in log files is necessary for operating the website. Consequently, the user may not object.

V. Use of cookies

  1. Description and scope of data processing
    Our website uses cookies. Cookies are text files that are stored in the internet browser or by the user's computer system browser. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

    We use cookies to ensure our website is user-friendly. Some of our website features require that the requesting browser can be identified even after the user has changed to another page. The following data is stored and transmitted in the cookies:

    (1) Language settings
    (2) Unique identification number for shopping cart and wish list
    (3) Session ID (unique identification number)
    (4) Log-in status

    We also use cookies on our website, which enable us to analyse our users’ surfing habits. Further information can be found under IX. Web analysis with Google Analytics.

    When you visit our website, a notice will inform you about the use of cookies for analysis purposes and refers you to this data protection policy. In this context, there is also a notice as to how the storage of cookies in the browser settings can be prevented.

  2. Third-party cookies
    a. Trusted Shops Trust Badge
    The Trusted Shops Trust Badge is integrated in this website to display the reviews available on Trusted Shops.

    This serves to safeguard our predominantly legitimate interests in an optimal marketing of our offer in accordance with Art. 6 (1) (1) (f) of the GDPR. Trustbadge and the advertised services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

    When Trustbadge is visited, the web server automatically saves a so-called server log file which contains information including your IP address, the date and time of the visit, the amount of data transferred and the requesting provider (access data) and documents the visit. These access data are not evaluated and are automatically overwritten at the latest seven days after the end of your visit.

    Further personal data will only be transferred to Trusted Shops if you have consented to this, have decided to use Trusted Shops products after finalising an order or have already registered for use. In this case, the contractual agreement made between you and Trusted Shops applies.

    b. Social plug-ins from AddThis using the ‘2-click solution’
    So-called social plug-ins (‘plug-ins’) from social networking sites are used on our website. In order to improve protection of your data when you visit our website, the plug-ins are integrated into the page by means of a so-called ‘2-click solution’. This integration ensures that no connection is established with the servers of the respective social networking site when a page from our website containing these plug-ins is visited. Only when the plug-ins are activated does your browser establish a direct connection to the servers of the corresponding social networking site.

    The content of the respective plug-in is then transmitted directly to your browser by the associated web provider and integrated into the page. Through the integration of the plug-ins, the web providers receive the information that your browser has visited the corresponding web page, even if you do not have a profile with the respective provider or are not logged in. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider (to the USA if applicable) and stored there. If you interact with the plug-ins, for example by clicking on the 'like' or 'share' button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published on the social networking site and displayed to your contacts there. This serves to safeguard our predominantly legitimate interests in an optimal marketing of our offer in accordance with Art. 6 (1) (1) (f) of the GDPR.

    Please refer to the website provider’s privacy policy for the purpose and scope of the data collection and further processing thereof, the use of the data by the website providers, a method of contacting them, your rights in this regard and the setting the options to protect your privacy:  http://www.addthis.com/privacy/privacy-policy

  3. Legal basis for data processing
    The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) of the GDPR.

    The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) of the GDPR if the user has given his or her consent.

  4. Purpose of data processing
    The purpose of using technically necessary cookies is to simplify users’ website experience. Some website features cannot be made available without the use of cookies. For these features, it is necessary that the browser is recognised also after the user switches pages. Cookies are necessary for the following applications:

    (1) Shopping Cart
    (2) Adoption of language settings

    The user data collected by technically necessary cookies are not used to create user profiles.

    The analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies mean we can learn how the website is used and therefore constantly improve our offer.

    These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) (f) of the GDPR.
     
  5. Storage duration, objection and removal option
    Cookies are stored on the user's computer and transmitted to our website by that computer. Accordingly, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all features of the website can be used to the fullest extent possible.

VI. Newsletter

  1. Description and scope of data processing
    Users can subscribe to receive our free newsletter via our website. When subscribing to receive the newsletter, the data from the input screen is transferred to our newsletter service provider.

    (1) Name
    (2) First name
    (3) Salutation
    (4) Email address

    In addition, the following data is collected when subscribing:

    (1) IP address of the visiting computer
    (2) Date and time of subscription
    (3) Page via which the subscription was made (subscription form or checkout)

    Your consent will be obtained for the processing of your data during the subscription process and reference will be made to this data protection statement.

    If you purchase goods or services on our website and enter your email address, this may subsequently be used by us for sending newsletters. In this case, only direct marketing for our own similar goods or services will be sent via the newsletter.

    No data will be passed on to third parties in connection with data processing for the sending of newsletters. The data will be used exclusively for sending the newsletter.

  2. Legal basis for data processing
    The legal basis for the processing of the data by the user after registration for the newsletter is Art. 6 (1) (a) GDPR if the user has given his or her consent and § 7 (3) of the UWG (German Unfair Competition Act) as a result of the sale of goods or services.

  3. Purpose of data processing
    The collection of the user's email address is used to deliver the newsletter. The collection of other personal data as part of the subscription process serves to prevent misuse of the services or the email address used.

  4. Duration of storage
    The data will be deleted as soon as they are no longer necessary for the purpose in respect of which they were collected. The user's email address will therefore be stored if the newsletter subscription is active. The other personal data collected in the course of the subscription process are usually deleted after a period of seven days.

  5. Objection and disposal options
    Subscription to the newsletter can be cancelled by the user at any time. For this purpose, there is a relevant link contained in every newsletter. This also enables the revocation of the consent to the storage of personal data collected during the subscription process.

VII. Registration

  1. Description and scope of data processing
    On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input screen and transmitted to us and stored. The data will not be transmitted to third parties. The following data is collected as part of the registration process:

    (1) The IP address of the user
    (2) Date and time of registration
    (3) Salutation
    (4) (preferred) customer status
    (5) First name
    (6) Surname
    (7) Address
    (8) Telephone number
    (9) Email address
    (10) Country
    (11) Hashed password
    (12) Country settings such as region, currency, pricing model

    As part of the registration process, the user's consent to the processing of these data is obtained.

  2. Legal basis for data processing
    The legal basis for the processing of the data is Art. 6 (1) (a) of the GDPR if the user has given his or her consent.

    If the registration serves the fulfilment of a contract to which the data subject is a party or the implementation of pre-contractual measures.

    If the registration serves the fulfilment of a contract to which the user is a party, or the implementation of pre-contractual measures, the further legal basis for the processing of the data is Art. 6 (1) (b) of the GDPR.

  3. Purpose of data processing
    Registration of the user is required for the provision of certain content and services on our website.

    Registered users can manage their own user data and access their order history. Registered users may be shown offers that are not accessible to users who are not registered.  

  4. Duration of storage
    The data will be deleted as soon as they are no longer necessary for the purpose in respect of which they were collected.

    This is the case for the data collected during the registration process, if registration is cancelled or amended via our website.  

  5. Objection and disposal options
    As a user you have the option of cancelling your registration at any time. You may amend the data stored about you at any time. You can contact us as follows:
    Janssen Cosmetics GmbH
    Pontsheide 36, 52076 Aachen, Germany
    Tel.: +49 2408 7046-0
    E-mail: info@janssen-cosmetics.com.

VIII. Contact form and email contact

  1. Description and scope of data processing
    A contact form is available on our website. If a user makes use of this option, the data entered in the input screen will be transmitted to us and stored. These data are:

    (1) Salutation (optional)
    (2) Company name (optional)
    (3) First name
    (4) Surname
    (5) Address
    (6) Telephone number
    (7) Email address
    (8) Date and time the message was sent to us

    When the message is sent, the following data will also be stored:

    (1) The IP address of the user
    (2) Date and time of registration

    Your consent will be obtained for the processing of the data when the message is sent, and reference will be made to this data protection statement.

    Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.
    The data will not be passed on to third parties in this context. The data will be used exclusively for the purpose of the conversation.

  2. Legal basis for data processing
    The legal basis for the processing of the data is Art. 6 (1) (a) of the GDPR if the user has given his or her consent.

    The legal basis for processing the data transmitted in the course of sending an email is Art. 6 (1) (f) of the GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) of the GDPR.

  3. Purpose of data processing
    The processing of personal data from the input screen serves exclusively for handling communication. In the case of contact by email, this also constitutes a necessary legitimate interest in the data processing.

    The other personal data processed when the message is sent serve to prevent misuse of the contact form and to ensure the security of our IT systems.

  4. Duration of storage
    The data will be deleted as soon as they are no longer necessary for the purpose in respect of which they were collected. For the personal data from the contact form input screen and sent via email, this is the case when the conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been definitively clarified.

    The additional personal data collected when the message is sent will be deleted after a period of seven days at the latest.

  5. Objection and disposal options
    The user may revoke his or her consent regarding the processing of personal data at any time. If the user contacts us by email, he or she may object to the storage of his or her personal data at any time. In this case, the conversation cannot be continued.

    You may have the stored data concerning you deleted at any time. You can contact us as follows:
    Janssen Cosmetics GmbH
    Pontsheide 36, 52076 Aachen, Germany
    Tel.: +49 2408 7046-0
    E-mail: info@janssen-cosmetics.com

    In this case, all personal data stored in the course of establishing contact will be deleted.

IX. Web analysis by Google Analytics

  1. Scope of processing of personal data
    This website uses Google Analytics, a web analytics service provided by Google Inc. (hereafter referred to as Google). Google Analytics uses ‘cookies’, which are text files placed on your computer, to help the website analyse how users use the website. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States of America. However, due to the activation of IP anonymisation on these web pages, Google will shorten your IP address within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area in advance. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of this website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services to website operators in connection with website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

    You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the website features to their fullest extent. In addition, you may reject the data generated by the cookie related to your use of the website (including your IP address) being collected and processed by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en (Browser-Add-on zur Deaktivierung von Google Analytics). 

    If individual pages of our website are accessed, the following data is stored:
    (1) Two bytes of the IP address of the visiting user's system
    (2) The website accessed
    (3) The website from which the user accessed the visited website (referrer)
    (4) The subpages accessed via the visited website
    (5) The time spent browsing the website
    (6) Frequency of visits to a website

    The software runs exclusively on our website servers. The users’ personal data is only stored there. The data will not be passed on to third parties.  

  2. Legal basis for the processing of personal data
    The legal basis for the processing of users’ personal data is Art. 6 (1) (f) of the GDPR.

  3. Purpose of data processing
    The processing of users' personal data enables us to analyse the browsing patterns of our users. By evaluating the data collected, we can compile information about the use of our website's individual features. This helps us to constantly improve our website and its usability. These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) (f) of the GDPR. By anonymising the IP address, users’ interest in protecting their personal data is sufficiently considered.

  4. Duration of storage
    The data is deleted as soon as it is no longer needed for our storage purposes. In our case this happens after 3 years.

  5. Objection and disposal options
    Cookies are stored on the user's computer and transmitted to our website by that computer. Accordingly, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all features of the website can be used to the fullest extent possible.

    In addition, or as an alternative to the browser add-on, you can prevent Google Analytics from tracking our pages by clicking on this link: An opt-out cookie will be installed on your device. This will prevent Google Analytics from collecting cookies for this website and for this browser in future as long as the cookie remains installed in your browser.

X. Use of Google AdWords

  1. Scope of processing of personal data
    Our website uses Google Conversion Tracking. If you have reached our website via an ad inserted by Google, then Google Adwords places a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies become invalid after 30 days and are not used for personal identification. If the user visits certain pages on our website and the cookie has not expired, Google may recognise that the user clicked on the ad and was directed to that page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers.

  2. Legal basis for the processing of personal data
    The legal basis for the processing of users’ personal data is Art. 6 (1) (f) of the GDPR. 

  3. Purpose of data processing
    The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users.

  4. Duration of storage
    The data will be strictly deleted as soon as the purpose of their collection has been fulfilled. In the case of conversion cookies, they become invalid after 30 days.

  5. Objection and disposal options
    If you do not wish to participate in tracking, you can reject the placing of a cookie required for this - e.g. via browser settings that generally deactivate the automatic setting of cookies or else set your browser so that cookies are blocked by the domain ‘googleleadservices.com’. Please note that you cannot delete the opt-out cookies if you wish to continue preventing the measurement of clicks from being recorded. If you have deleted all your cookies in your browser, you must set the respective opt-out cookie again.

XI. Rights of the data subject

The following list includes all rights of data subjects under the GDPR. Rights that are not relevant in relation to your own website do not have to be mentioned. The list can be shortened in this respect.

If personal data is processed by you, then you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the data controller:

  1. Right of access
    You can request confirmation from the data controller as to whether your personal data will be processed by us. In the event of such processing, you may request the following information from the data controller:

    (1) the purposes for which the personal data are processed;
    (2) the categories of personal data processed;
    (3) the recipients or categories of recipients to whom the personal information about you has been or will be disclosed;
    (4) the planned duration of storage of your personal data or, if it is not possible to provide specific information in this regard, criteria for determining the duration of the storage;
    (5) whether the right to rectify or delete your personal data, to restrict processing by the data controller, or to object to such processing exists;
    (6) whether the right of appeal vis-a-vis a supervisory authority exists;
    (7) all available information on the origin of the data, if the personal data are not collected from the data subject;
    (8) whether automated decision-making including profiling in accordance with Article 22 (1) and (4) of the GDPR exists, and - at least in these cases - meaningful information on the logic involved as well as the scope and intended effects of such processing on the data subject.

    You have the right to request information as to whether your personal data will be transferred to a third country or to an international organisation. In this context, you may request that you are informed of the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with the transfer.

    When processing data for scientific, historical or statistical research purposes:

    This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the fulfilment of the research or statistical purposes, and the restriction is necessary for the fulfilment of the research or statistical purposes.

  2. Right to rectification
    You have the right to have your personal data rectified and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller will rectify the data in question immediately.

    When processing data for scientific, historical or statistical research purposes: Your right to rectification may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes, and the restriction is necessary for the achievement of the research or statistical purposes.

  3. Right to restrict processing
    Under the following conditions, you may request that the processing of your personal data be restricted:

    (1) if you dispute the accuracy of your personal data for a period which allows the data controller to verify the accuracy of the personal data;
    (2) the processing is unlawful, and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
    (3) the data controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
    (4) if you have lodged an objection against the processing pursuant to Art. 21 (1) of the GDPR and it has not yet been determined whether the legitimate reasons of the data controller override your own reasons.

    Where the processing of your personal data has been restricted, such data may not be processed, except for their storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person, or for reasons of a vital public interest of the EU or a Member State.

    If the processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction of processing is lifted.
    When processing data for scientific, historical or statistical research purposes: Your right to restrict the processing may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the achievement of the research or statistical purposes.

  4. Right to deletion
    a. Deletion obligation
    You may request that the data controller deletes your personal data immediately, and the data controller is obliged to delete these data immediately if one of the following reasons applies:

    (1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
    (2) You revoke your consent on which the processing pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) of the GDPR was based and there is no other legal basis for the processing.
    (3) You object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) of the GDPR.
    (4) Your personal data have been processed unlawfully.
    (5) The deletion of your personal data is necessary to fulfil a legal obligation under EU or Member State law to which the data controller is subject.
    (6) The personal data relating to you have been collected in relation to information society services offered pursuant to Art. 8 (1) of the GDPR.

    b. Information provided to third parties
    If the data controller has made your personal data public and is obliged to delete them in accordance with Art. 17 (1) of the GDPR, he or she shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform the data processors who process the data that you, as the data subject, have requested that all links to this personal data or copies or replications of these data be deleted.  

    c. Exemptions
    The right to deletion does not exist if the processing is necessary

    (1) to the exercise of freedom of expression and information;
    (2) to fulfil a legal obligation which the processing requires under EU or Member State law to which the data controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller;
    (3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) of the GDPR;
    (4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) of the GDPR, insofar as the law referred to under section (a) presumably makes it impossible or seriously impairs the objectives of such processing from being achieved, or
    (5) to assert, exercise or defend legal claims.

  5. Right to information
    If you have exercised your right to rectify, cancel or restrict the processing of your personal data against the data controller, he or she is obliged to notify all recipients to whom your personal data have been disclosed of such rectification, cancellation or restriction, unless this proves impossible or involves unreasonable expense.

    You have the right to be informed of such recipients vis-à-vis the data controller.

  6. Right to data portability
    You have the right to receive your personal data that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to communicate these data to another data controller without being obstructed by the data controller to whom the personal data was provided, insofar as

    (1) the processing is based on a consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) of the GDPR or on a contract pursuant to Art. 6 (1) (b) of the GDPR and
    (2) processing is carried out using automated procedures.

    In exercising this right, you also have the right to request that your personal data be transmitted directly by one data controller to another, insofar as this is technically feasible. Freedoms and rights of third parties shall not be affected by this.

    The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

    If you wish to receive your personal data, please contact us:
    Janssen Cosmetics GmbH
    Pontsheide 36, 52076 Aachen, Germany
    Tel.: +49 2408 7046-0
    E-mail: info@janssen-cosmetics.com

  7. Right to object
    You have the right, for reasons arising from your particular circumstances, to object at any time to the processing of your personal data based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

    The data controller will no longer process your personal data unless he or she can prove compelling reasons for processing worthy of protection which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

    If your personal data are processed for the purpose of direct marketing, you have the right to object at any time; this will also apply to profiling in so far as it is linked to such direct marketing.

    If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

    You also have the option to exercise your right to object in relation to the use of information society services - notwithstanding the Directive 2002/58/EC - by means of automated procedures using technical specifications.

    When processing data for scientific, historical or statistical research purposes: You also have the right to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) of the GDPR for reasons arising from your particular circumstances.

    Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the realisation of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

  8. Right to revoke the declaration of consent under data protection legislation
    You have the right to revoke your declaration of consent under data protection legislation at any time. The revocation of consent does not affect the legitimacy of the processing carried out based on the consent up to the time consent is revoked.

  9. Automated decision in individual cases including profiling
    You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or affects you significantly in a similar way. This will not apply if the decision

    (1) is necessary for the conclusion or performance of a contract between you and the data controller,
    (2) is authorised by EU or Member State law to which the data controller is subject, and contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
    (3) is made with your explicit consent.

    However, these decisions may not be based on special categories of personal data under Art. 9 (1) of the GDPR, unless Art. 9 (2) (a) or (g) of the GDPR applies, and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.

    In the cases referred to in (1) and (3), the data controller will take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the data controller, to present his or her point of view and to contest the decision.

  10. Right to appeal to a supervisory authority
    Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State that you reside in, work in or where the presumed infringement took place, if you consider that the processing of your personal data is in breach of the GDPR.

    The supervisory authority to which the complaint was submitted will inform the complainant of the status and outcome of the complaint, including the option of a judicial remedy under Article 78 of the GDPR.

Aachen, May 2018