DATA PROTECTION AND SECURITY
DATA PROTECTION INFORMATION
As of October 1st 2020
Article 1 – Overview
The following data protection information informs you about the type and extent of the processing of personal data by the Salwa Petersen GmbH. Personal data is information that can be directly or indirectly attributed or assigned to your person.
The data processing by Salwa Petersen GmbH can be primarily divided into two categories:
- For the purpose of the contract execution, all data necessary for the execution of a contract with Salwa Petersen GmbH are processed. If external service providers are involved in the execution of the contract, e.g. logistics companies or payment service providers, your data will be transmitted to them to the required extent.
- By visiting the website of Salwa Petersen GmbH, various information is transmitted between your device and our server. This can also be personal data. The information collected in this way will e.g. be used to optimize our website or to display advertisements in the browser of your device.
Our site and our services are not intended for use by children under 16 years.
According to the provisions of the General Data Protection Regulation (Hereafter “GDPR”), you have different rights that you can assert against us. This includes amongst other things the right to contradict against selected data processing, in particular, data processing for advertising purposes.
Article 2 – Name and contact data of the persons responsible for the data processing and the data protection officer
This data protection information applies to the data processing by Salwa Petersen GmbH, Hafenweg 22, 48155 Münster, Germany, CEO: Salwa Petersen, District Court Münster HRB 16844 ("Responsible person"), and for the following website www.salwapetersen.com. The operational data protection officer of Salwa Petersen GmbH is reachable under the above mentioned address or by email: email@example.com.
Article 3 – Purposes of data processing, legal bases, and legitimate interests pursued by the Salwa Petersen GmbH or a third party as well as categories of recipients
3.1.Visiting our website
When you visit our website, the browser used on your device automatically sends information to the server of our website/application and temporarily stores it in a so-called log file. We have no influence on this. The following information will also be collected without your intervention and stored until automated deletion:
- the IP address of the requesting Internet-enabled device,
- the date and time of access,
- the name and URL of the retrieved file,
- the website/application from which the access was made (referrer URL), the browser you use and, if necessary, the operating system of your Internet-capable computer as well as the name of your access provider.
The legal basis for processing the IP address is Article 6 (1) (f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point the annotation, we are not able to take direct conclusions about your identity from the collected data, and we do not draw any conclusion to your identity.
The IP address of your device and the other data listed above are used by us for the following purposes:
- ensuring a smooth connection setup,
- ensuring comfortable use of our website,
- the name and URL of the retrieved file,
- evaluation of system security and stability.
The data is stored for a time period of 7 days and then the IP address is automatically deleted. For security reasons, but without your IP address, this information will be stored in log files for longer and deleted after 31 days. The data contained in the log files are stored separately from other data by you.
We also use so-called cookies, tracking tools, targeting methods and social media plug-ins for our website/application. The exact procedures used and how your data are used for this purpose are described more detail in Section 3.4.
3.2.Conclusion, execution or termination of a contract
3.2.1.Data processing at the conclusion of the contract
Salwa Petersen GmbH’s business is the selling of goods and services, the retail trade within the framework of the officially issued permits and the serial production of the goods to be offered. In this context, we process the data required to complete, execute or terminate a contract. That includes:
- First name, last name, title, salutation
- Invoice and delivery address, if necessary, additional address
- E-mail address
- If applicable Company name and VAT ID
- Date of birth
- if necessary telephone number
The legal basis for this is Article 6 (1) (b) GDPR that means you provide the data based on the contractual relationship between you and us. To process your e-mail address, we are also obliged to send an electronic order confirmation in the form of a confirmation of dispatch due to a requirement in the German Civil Code (BGB) (Article 6 (1) (c) GDPR). Insofar as we do not use your contact data for advertising purposes (see below 3.3.), we store the data collected for the execution of the contract until the expiry of the legal or possible contractual warranty and guarantee rights. After expiry of this period, we retain the information required by commercial and tax law of the contractual relationship for the legal periods. For this period (usually ten years from the conclusion of the contract), the data will be reprocessed in the event of a review by the tax authorities.
To process the purchase contract, the following additional data processing is required:
The companies Stripe is commissioned with the processing of credit card payments. All entries of credit card data are entered directly into the systems of Stripe and cannot be read or stored by us.
We will transmit details of your delivery address to a logistics company commissioned by us for the purpose of processing the purchase contract.
In order to ensure that the goods are delivered according to your wishes, we use your e-mail address to contact you in advance of the delivery in order to inform you of the delivery time. Within this email, you also have the option of specifying your preferred delivery location or a storage location.
3.2.2.Transmission to credit bureaus
In the event of a delay in payment, we submit the necessary data to a company commissioned, if other legal requirements exist, with the assertion of the claim. Legal bases for this are both Article 6 (1) (b) and Article 6 (1) (f) GDPR. The assertion of a contractual claim is to be regarded as a legitimate interest within the meaning of the second-named regulation.
If the other legal requirements exist, we also provide information about the payment delay or any default on loans to credit agencies cooperating with us. The legal basis for this is Article 6 (1) (f) GDPR. The legitimate interest which this requires arises from our and third parties' interest in reducing contract risks for future contracts.
3.3. Data processing for advertising purposes
The following statements refer to the processing of personal data for advertising purposes. The GDPR declares such data processing on the basis of Article 6 (1) (f) as fundamentally conceivable and as a legitimate interest. The duration of data storage for advertising purposes does not follow any rigid principles and is based on the question of whether the storage is required for the promotional approach.
To find out more about the process in case of a opposition, please refer to para. 3.3.3.
3.3.1.Advertising purposes of the Salwa Petersen GmbH and third parties
As far as you have concluded a contract with us, we will keep you as an existing customer. In this case, we will process your postal contact details outside the scope of a specific consent in order to provide you with information about new products and services in this way. We process your e-mail address in order to provide you with information about similar products, outside of the availability of a specific approval. You can contradict this service in the checkout within every order or in each customer information at the end of the information.
3.3.2.Interest righteous advertising
In order for you to receive only those promotional information that is of perceived interest to you, we categorize and supplement your customer profile with further information. Statistical information, as well as information about yourself (e.g. basic data of your beauty profile in the "My Account" area), are used. The aim is to provide you with advertisements oriented only to your actual or perceived needs and not to bother you with useless advertising. Your address and order data will be processed by us for our own marketing purposes.
3.3.3. Right of revocation
Against the data processing for the aforementioned purposes, you can at any time charge for the respective communication channel separately and with effect for the future objection. All you need to do is send an e-mail or a letter to the contact details listed under para. 2.
Insofar as you object, the affected contact address for further advertising data processing will be blocked. We point out that in exceptional cases, even after receipt of your objection; there may be a temporary shipment of advertising material. This is technically due to the necessary lead time of advertisements and does not mean that we do not implement your objection. Thank you for your understanding.
3.3.4. Newsletter dispatch
On our website, we offer you the opportunity to sign up for our newsletter. In order to be sure that no errors have occurred when entering the email address, we use the so-called double-opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Only if you click on this confirmation link your email address will be included on our mailing list. The processing of your electronic contact data takes place here only on the basis of your consent (Article 6 (1) (a) GDPR):
By signing up, you agree that Salwa Petersen GmbH collects the information (customer master data, purchase data) and usage data (use of the Online Services) stored on your customer account, use it for our own market and opinion research and on this basis exclusively make personalized advertising and special offers of products and services from the fields of beauty, clothing, nutrition and lifestyle, namely:
- via email
- On the Salwa Petersen website
- via mail and any form of contacting Salwa Petersen GmbH.
3.4.Online presence and website optimization
Overview and contradictions to web analytics and marketing services.
3.4.1.Cookies and cookie-like technologies - General notes
Please check our cookies policy.
If you have a customer account with Salwa Petersen GmbH and you are logged in or activate the function "stay logged in", the information stored in cookies will be added to your customer account.
3.4.2. Opposition / opt-out possibility
In addition to the deactivation methods described above, you can generally prevent the ex-plained targeting technologies via cookies by setting a corresponding cookie in your brows-er. In addition, you have the option of deactivating preference-based advertising with the help of the preference manager that can be called up here, so that all tags are no longer delivered.
3.5. Customer account
For our customers registered with a customer account the purchase on salwapetersen.com becomes a special experience. Registration is free and opens the door to your personal space with many benefits. In order to provide you with the greatest possible comfort during your purchase, we offer you the permanent storage of your personal data in a password-protected customer account. The investment of the customer account is optional and takes place on the basis of your consent within the meaning of Article 6 paragraph 1 letter a) GDPR. After setting up a customer account, no re-entry is required. In addition, you can view and change the data stored in your customer account at any time.
In addition to the data requested during an order, you must provide a self-selected password to set up a customer account. This serves together with your e-mail address for access to your customer account. Please treat your personal access data confidentially and in particular do not make it accessible to unauthorized third parties. We cannot accept liability for misused passwords unless we are responsible for the abuse. Please note that even after leaving our website, you will automatically be logged in, unless you actively log out.
In addition, you can decide for yourself which personal information you entrust to us in addition. The more we know about you, the better we can respond to your needs and the greater the comfort we can offer you on salwapetersen.com. Moreover, you can select preferred payment methods and save your payment data or different delivery addresses.
You have the option to delete your customer account at any time. Please note, however, that this does not mean that the data in the customer account can be deleted. As a rule, the data stored about your person will be deleted or anonymized immediately after the expiry of the existing commercial and taxable duty of storage after 10 years.
Article 4 – Transmission to recipients outside the EU
We do not share your information with recipients located outside the European Union or the European Economic Area.
Article 5 –Integration of third party content
The legal basis for the processing of your data is Article 6 paragraph 1 sentence 1 letter f) of the GDPR. We have a legitimate interest in optimizing our website and improving our offer to you by including third-party content.
For a more detailed description of who we embed content in and how your data is processed, see the description of the embedded content below.
- YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Data protection: https://policies.google.com/privacy - An opt-out is possible under:https://adssettings.google.com/authenticated
- Google Maps (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Data protection:https://policies.google.com/privacy - An opt-out is possible under:https://adssettings.google.com/authenticated
- Instagram (Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA). Data protection: https://help.instagram.com/155833707900388
Article 6 – Your rights
In addition to the right of revocation of your consent granted to us, you are entitled to the following further rights if the relevant legal requirements apply:
- Right of information about your personal data stored with us in accordance with. Art. 15 DSG Regulation; in particular, you can provide information about the purposes of proces-sing, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the source of their data, if not collected directly from you,
- Right to correct incorrect or correct data according to Art. 16 GDPR,
- Right to delete your stored data in accordance with. Art. 17 DSGVO insofar as no statutory or contractual retention periods or other statutory obligations or rights for further storage is to be observed,
- Right to restriction of the processing of your data acc. Art. 18 GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion; the person in charge no longer needs the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing according to Art. 21 GDPR,
- Right to data portability acc. Art. 20 DSGVO, this means the right to transfer selected data stored about us in a common, machine-readable format, or to request transmission to an-other person in charge,
- Right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
6.2. Right of revocation
Under the conditions of Article 21 (1) GDPR, data processing may be objected for reasons that arise from the particular situation of the person concerned.
The above general right of revocation applies to all processing purposes described in this privacy statement, which are processed on the basis of Article 6 (1) (f) GDPR. Unlike the special right of objection to data processing for commercial purposes, according to the GDPR, we are only obliged to implement a general objection if you give us reasons of major importance (e.g. a possible danger for life or health). In addition, it is possible to contact the Salwa Petersen GmbH supervisory authority, the data protection officer or firstname.lastname@example.org.
7.Data security measures
All personally transmitted data, including your payment data, will be transmitted using the common and secure SSL (Secure Socket Layer) standard. SSL is a secure and proven standard, e.g. is also used in online banking. You will see a secure SSL connection, including the attached s at the http (i.e. https: // ...) in the address bar of your browser or the lock icon at the bottom of your browser.
Incidentally, we use appropriate technical and organizational security measures to protect your personal data stored against manipulation, partial or complete loss and against unauthorized access by third parties.
What does a secure password look like? A secure password should be chosen randomly and consist of all the characters and special characters your keyboard provides. As a rule, you should note the following points when creating your password: Your password should: - consist of at least eight characters, - contain upper and lower case letters, numbers and special characters, - be changed every three months, - and each account should have its own password receive.
Avoid sending passwords, login or account information via e-mail. Confidential data, such as passwords should generally not be passed on to third parties due to possible misuse! Never answer unknown advertising e-mails and do not click on any links contained therein. This will confirm to the spammer that your address actually exists and is being used.
Salwa Petersen is verified as a sender at trustedDialog, can be identified by all email providers and classified as authentic. This can be recognized by the sign to the left of the sender in your Inbox. If mails without this number are received you are not from Salwa Petersen.
If someone tries to trick you and us with your credit card or your PayPal account, please follow the instructions of your credit card company or PayPal and inform us immediately at the email address email@example.com. Most credit card companies and/or PayPal cover all the damages that may be caused by misuse of your credit card or PayPal account under certain conditions.
Article 8 – Modifications to this statement