NextGen Beauty GmbH/LA MANUFACTURE (hereinafter, “we”) appreciates your interest in our company and our products. It is important to us that you also feel safe with regard to the protection of your personal data when you visit our website, https://www.la-manufacture.shop (hereinafter, “website”), or our SkinCam web app, https://skincam.la-manufacture.shop/ (hereinafter, “app”).
If you wish to use certain services on our website, e.g., if you wish to place an order with our shop, it is necessary to process your personal data.
1. Information about the controller and data protection officer
2. Collection and processing of personal data when you visit our Website
4. Sharing personal data in general
5. Sharing personal data with third parties; social plug-ins
6. Evaluation of usage data (“tracking”) and usage-related information (“(re)targeting”)
7. Use of our web shop
8. Information about the newsletter
9. Our presence on social media
10. Your rights as a data subject
12. List of cookies used
The controller as defined in the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection legislation is:
NextGen Beauty GmbH
Am Limespark 2
65843 Sulzbach, Germany
Telephone: +49 6196 76156-0
Fax: +49 6196 76156-1298
You can find more information about us in our company details at https://www.la-manufacture.de/imprint.
(b) The controller’s data protection officer is:
CTM COM GmbH
Phone: +49 6151 394272
Fax: +49 6151 394277
When you use the website for information purposes only (i.e., when you do not send us information in any other way), we generally only collect the personal data that your browser sends to our server. We collect the following data that are technically necessary in order to display our website in the version and language that are appropriate for you, to ensure stability and security, and to create general reports about the use of our website (the legal basis is point (f) of the first sentence of Art. 6(1) of the GDPR):
· IP address
· Date and time of the request
· Content of the request (specific page)
· Website from which the request originates
· Operating system
The above data will be deleted promptly if it is no longer required for the above purposes, and no later than 30 days after we have collected it.
If you provide us with further personal data, such as in the context of a registration, contact form, survey, or competition or for the performance of a contract, we will use these data for the purposes specified, for the purpose of customer administration, and, where necessary, for the purpose of processing and invoicing any business transactions, in each case to the extent required for the given purpose.
If you contact us by email (e.g., at the address listed above), the personal data transmitted with your email will be stored. The data will not be shared with third parties. The data will be processed exclusively for purposes of processing the conversation.
The legal bases for the processing of data transmitted in the course of sending a message are points (b) and (f) of the first sentence of Art. 6(1) of the GDPR. This data will be used solely for processing the contact; this also includes our necessary legitimate interest in processing the data within the meaning of point (f) of the first sentence of Art. 6(1) of the GDPR. The data will be erased as soon as they are no longer required for the purpose for which they were collected, which is the case once the respective conversation has ended. The conversation ends when it is clear from the circumstances that the matter in question has been conclusively clarified.
In addition to the data mentioned above, cookies will be stored on your computer when you use our website. Cookies are small text files correlating with the browser you are using and stored on your hard drive and are used to transmit certain information to the party placing the cookie (in this case us). Cookies cannot execute programs or transmit viruses to your computer. They are used to make the internet offer more user-friendly and effective as a whole.
This website uses the following types of cookies and their the scope and function are explained below:
– Transient cookies: Transient cookies are automatically deleted when you close the browser. This includes in particular session cookies. They store what is known as a session ID, which allows various requests from your browser to be correlated with the common session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser. For example the contents of a shopping basket in an online shop or a login status can be stored in this type of cookie.
– Persistent cookies: Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.
(b) Browser settings
You can configure your browser settings as you wish and refuse to accept third-party cookies or all cookies. Stored cookies can be deleted in the system settings of the browser. Please note that you may not be able to use all this website’s features.
(c) List of cookies
(a) Sharing with service providers
For certain data processing activities, we sometimes employ service providers who are bound by our instructions and who, without exception, process the data on our behalf and as instructed by us.
(b) Disclosure to public authorities, injured parties and for legal action
If it is required for the clarification of an illegal or fraudulent use of our Website or for legal prosecution, personal data will be forwarded, where applicable, to the prosecution authorities and to injured third parties. However, this only occurs if there are indications of illegal or fraudulent behaviour.
(c) Transfers in the context of company transactions
In the course of the further development of our business, the structure of our company may change due to changes in legal form, the establishment, purchase or sale of subsidiaries, parts of companies or components. In case of such transactions, customer information may be shared with the acquirer or legal successor, together with the part of the business to be transferred.
(d) Sharing with recipients outside the EU
It is possible that we may transfer personal data to countries outside the EU (“third countries”). Any transfer of data to a recipient in a third country will take place in compliance with the applicable data protection law. Where the European Commission has not determined that an adequate level of protection exists in a third country, we will provide appropriate safeguards to ensure that your data is adequately protected. This can be done in particular by concluding data processing agreements which contain EU standard data protection clauses and which, in the opinion of the European Commission, provide adequate safeguards (available at: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm). Please contact us for further details.
Our Website may also contain offers from third parties. If you click on such an offer, we will transfer data to the respective provider to the extent required (e.g., the information that you found this offer on our site and, if applicable, additional information that you have already provided for this purpose on our website).
(b) Social plug-ins
When we use so-called “social plugins” from social networks like Facebook or Twitter on our website, we integrate them as follows:
When you visit our website, the social plugins are disabled, meaning there is no transmission of any data to the operators of these networks. If you wish to use one of the networks, click on the respective social plugin in order to establish a direct connection with the respective network’s server.
If you have a user account with the network and are logged in when you enable the social plugin, the network can correlate your visit to our website with your user account. If you want to prevent this, please log out of the network before enabling the social plugin.
When you click on the link to an offer or enable a social plugin, personal data may be transferred to providers in countries that are not part of the European Economic Area and that, in the view of the European Union (“EU”), do not guarantee an “adequate level of protection” that meets EU standards for the processing of personal data. Please bear this in mind before clicking on a link or enabling a social plugin and thereby initiating a transfer of your data.
The social plugin remains enabled until you disable it or delete your cookies.
(c) Meta Platforms Ireland Limited social plugins
This website uses social plugins from Meta Platforms Ireland Limited (Ireland).
When you visit a page that contains such a plugin, your browser connects to Facebook, and the content is loaded from these pages. Your visit to this website may therefore be tracked by Meta even if you do not actively use the social plugin feature. If you have a Facebook account, you can use such a social plugin to share information with your friends. We have no influence on the content of the plugins and the transmission of information.
Meta Platforms Ireland Limited provides detailed information on the scope, nature, purpose, and further processing of your data at https://www.facebook.com/about/privacy. Here, you can also find further information about your rights and setting options for protecting your privacy.
(d) YouTube videos
On the basis of our legitimate interests (i.e., interest in the optimisation of our online content within the meaning of point (f) of the first sentence of Art. 6(1) of the GDPR), our online content incorporates YouTube videos that are stored at http://www.youtube.com and can be played directly from our website. These are all included in the “extended data protection mode”, which means that no data about you as a user are transferred to YouTube unless you play the videos. The data specified in the following paragraph will only be transmitted when you play the videos. We have no influence on this data transfer.
When you visit the website, YouTube receives your IP address and the information that you have visited the relevant sub-page of our website. This occurs irrespective of whether you are logged in to a user account provided by YouTube or whether no such user account exists. If you are logged in to Google, your data will be correlated directly with your account. If you do not wish a correlation to be established with your YouTube profile, you must log out before enabling the button. YouTube stores your data as user profiles and uses it for the purpose of advertising, market research, and/or the demand-oriented design of its website. Such an analysis is performed, in particular (even for users not logged in), in order to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and must contact YouTube in order to exercise this right.
We use a pixel from the provider TikTok on this Website (for the EU: TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn, London, WC2B 6NH.). This is a code that we have implemented on our Website. With the help of this code, a connection to the TikTok servers is established when you visit our website, provided you consent to this, in order to track your behaviour on our website. Personal data such as the IP address and other information such as device ID, device type and operating system can also be transferred to TikTok. TikTok uses email or other login or device information to identify users of our Website and to assign their actions to a TikTok user account.
TikTok uses this data to display advertising to its users in a targeted and personalised manner and to create interest-related user profiles. The data collected will only be used by us as part of the measurement of the effectiveness of advertising placements.
As a general rule, your data will be processed within the EU or the EEA. A corresponding data protection agreement has been concluded with TikTok for this purpose. If personal data is transmitted to countries outside the EU or the EEA, this is done under template contracts of the so-called standard contractual clauses.
(g) Facebook Business Tools and Facebook Ads Manager, sharing of event data
We use Facebook Business Tools and the Facebook Ads Manager, which are provided by Meta Platforms Ireland Limited (Ireland). These allow us to define when and where ads should be placed and to track how successful our ad campaigns are. To this end and with the consent you provide via our cookie banner (point (f) of the first sentence of Article 6(1) of the GDPR), we share so-called “event data” for the targeting of our ad campaigns. These data are shared in hashed form only. They include, in particular, your email address, postcode, and city.
We wish to tailor the content of our website as closely as possible to your interests and thus improve our service for you. We use so-called tracking technologies to identify usage preferences and particularly popular areas of the Website.
We use so-called (re)targeting technologies so that we can tailor our online marketing (e.g., banner advertising) more specifically to your use-based interests. When you visit other websites that collaborate with the providers of these (re)targeting technologies, these are read and used in order to provide you with information that is as interest-related as possible.
When the above technologies are used, cookies on our website and (in the case of retargeting) on third-party websites record your interest in our products and services. This involves the use of random identifiers (so-called cookie IDs), which we do not connect with your name, address, or similar information even when this information is known to us (e.g., from an existing contractual relationship), unless you have consented to this.
Tealium Audience Stream: Within our website, we use “Tealium Audience Stream”, a service provided by Tealium Inc., which has a registered office at Sovereign House, Second Floor, Vastern Road, Reading, RG1 8BT, United Kingdom (Tealium); this service processes data from which user profiles are created using pseudonyms. Information collected for this purpose might include the following, for example: seen and clicked ads, items, advertising, visitor numbers, topic of the page, etc. You can object to the collection and storage of data for the purpose of web analysis and ad displays at any time with future effect by following the instructions at http://tealium.com/de/privacy/. The legal basis is your consent (point (a) of the first sentence of Art. 6(1) of the GDPR).
Tealium iQ (Tag Management System): This website uses a Tag Management System (TMS), a service provided by Tealium Inc., which has a registered office at Sovereign House, Second Floor, Vastern Road, Reading, RG1 8BT, United Kingdom (Tealium), in order to dynamically adjust parts of the website. The TMS is necessary for providing our services and therefore cannot be disabled. The cookie has a duration of 12 months. The legal basis is a legitimate interest under point (f) of the first sentence of Art. 6(1) of the GDPR, namely the pursuit of our business purposes.
(c) Facebook retargeting (website custom audience)
A Meta Platforms Ireland Limited (Ireland) pixel is integrated into this website (website custom audience pixel). If you have given your consent, this pixel collects information about the use of this website (e.g., information about items viewed) and transmits it to Meta. This information may be attributed to you personally with the help of other information about you that Meta has stored based on an account you own on the social network “Facebook”, for example. The information collected via the pixel can be used to display interest-related advertising for our offers in your Facebook account (retargeting). The information collected via the pixel may also be aggregated by Meta, and the aggregate information may be used by Meta Platforms Ireland Limited for its own advertising purposes and for the advertising purposes of third parties. In this way, Meta can infer certain interests from your browsing behaviour on this website, for example, and may also use this information to promote third-party offers. Meta may also combine the information collected via the pixel with other information that Meta has collected about you through other websites and/or in connection with your use of the social network “Facebook” so that a profile about you can be stored at Meta. This profile may be used for advertising purposes. The legal basis for this data processing is point (a) of the first sentence of Art. 6(1) of the GDPR.
Your consent to the transfer of data to Meta by means of the pixel on this website can be withdrawn at https://www.youronlinechoices.com/de/praferenzmanagement/.
Depending on the specific processing purpose, this involves various relationships between Meta and us under data protection law:
Meta Platforms Ireland Limited is our processor with regard to the processing of personal event data for measurement and analysis services.
Meta Platforms Ireland Limited and we are joint controllers with regard to the processing of personal event data for the purpose of creating approachable target groups, delivering commercial and transaction-related messages, and personalising features and content as well as for the purpose of improving and securing Meta products. The agreement we have entered into with Meta in this context in order to define our mutual responsibility for compliance with the GDPR can be found here. In the context of the joint processing of your personal data, we have agreed with Meta that providing you with information about the data processing and enabling you to exercise the data subject rights to which you are entitled according to the GDPR is primarily Meta’s responsibility. You can also find more information about the processing of your personal data by Meta, including information about the legal basis of the data processing and how you can exercise your data subject rights vis-à-vis Meta, here.
Apart from this, Meta Platforms Ireland Ltd. and we are each individually responsible for the processing of personal data.
(d) Google Marketing
We only use Google Marketing products (e.g., Search Ad and Display & Video 360) with your express consent, which you can declare by clicking on the “Agree” button in the website’s cookie banner. We store your consent in a cookie on your end-user device so that you are not asked for your consent every time you visit our website, and we also store it on our servers, together with the IP address and time, for legal reasons; we will erase this information or restrict its processing if you withdraw your consent. Google uses personal data to personalise advertisements, and cookies can be used for both personalised and non-personalised advertising. Further information is available at https://policies.google.com/technologies/partner-sites?hl=de.
You can place an order with our web shop as a guest, i.e., without registering. You also have the option of creating a customer account (“account”). The advantage of this is that, in the event of a future order, you can log in to your account directly using your email address and a password and do not have to enter your contact information again. You will also enjoy additional benefits, such as being able to retrieve your order history at any time. Information about the data processing in connection with ordering as a guest and about the data processing in connection with an account is provided below.
(b) Ordering as a guest
If you would like to place an order with our web shop as a “guest”, the contract can only be completed if you provide the personal data we require in order to process your order. The mandatory information needed for processing contracts is marked separately; specifically, this includes your
- title, first name, last name,
- email address, and
Additional information, such as your telephone number, is provided on a voluntary basis. Voluntarily provided information can help us improve our customer service, such as by enabling us to contact you quickly in case there are questions about your order.
(c) Creating an account
You can also voluntarily create a user account (“account”), which allows us to save your data for future purchases. When an account is created, we also request the same data that we need for guest orders (see (b) above). You also have to provide a password of your choice so that you can be identified. The accounts are not public and cannot be indexed by search engines. Once you have created an account, you can delete it at any time.
(d) Data processing in the case of orders
If you place an order, we will process the contract data (e.g., ordered merchandise, payment information, etc.) in addition to the personal data requested from you. The data you provide and the contract data will only be processed by us once you place your order or, in the case of an account, once you have registered and for the purpose of appropriately processing your order and for the mutual fulfilment of obligations arising from the sales contract. The legal basis for this is point (b) of the first sentence of Art. 6(1) of the GDPR.
In the course of processing your order, we will send you emails. These contain technologies like pixels that allow us to determine whether you have opened these emails. In particular, this helps us identify problems with the delivery of these emails. If you do not want this, you can set up your email software so that graphics are not automatically loaded. The legal basis for our processing is point (f) of the first sentence of Art. 6(1) of the GDPR.
(e) Storage of personal data
Due to provisions of commercial and tax law, we are obligated to store your address, payment, and order data for the duration of ten years; the legal basis for this is point (c) of the first sentence of Art. 6(1) of the GDPR. After two years, however, we restrict the processing of these data, which means that your data are only used for the purpose of complying with the legal obligations. If you have cancelled your account, your data in relation to the account will be erased, unless they are stored for reasons relating to commercial or tax law in accordance with point (c) of the first sentence of Art. 6(1) of the GDPR.
(f) Sharing of personal data with third parties
Our email newsletter with promotional information about our products, offers, promotional sales, and company (hereinafter, “newsletter”) is only sent with the consent of the recipient or when permitted by law (point (a) of the first sentence of Art. 6(1) and Art. 7 of the GDPR as well as Section 7(2), No. 3, or Section 7(3) of the UWG (Gesetz gegen den unlauteren Wettbewerb [Act against Unfair Competition]). The following information is intended to inform you about the subscription, transmission, and analysis procedures as well as your right to object.
In order to subscribe to the newsletter, you merely need to provide your email address.
Registration takes place in a so-called double opt-in procedure. This means that, after subscribing, you will receive an email requesting confirmation of your subscription. This confirmation is necessary so that no one can register with unknown email addresses.
Registrations for the Newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to the data we have stored about you will also be logged.
You can cancel your subscription to our newsletter, meaning you can withdraw your consent, at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal. A link for cancelling your subscription to the newsletter can be found at the end of each newsletter.
When you unsubscribe from the Newsletter, personal data will be deleted, unless its retention is legally required or justified, and in this case processing is limited only to these exceptional purposes. In particular, we may use the email addresses provided for up to three years on the basis of our legitimate interests in accordance with point (f) of the first sentence of Art. 6(1) of the GDPR before we delete them for the purpose of sending newsletters in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual erasure request is possible at any time if the former existence of consent is confirmed at the same time.
We also maintain a corporate presence on social networks like Facebook and Instagram, to which we provide links on our website. When you access the relevant networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply, over which we have no influence. When you do so, data may also be processed outside the European Union.
(a) Right of access to information
You have the right to request information at any time about the personal data we process to the extent that they concern you and to obtain this information upon request at any time within the scope of Art. 15 of the GDPR. To do so, you can send a request by post or email to the contact address provided.
(b) Right to rectification of incorrect data
You have the right to demand that we rectify the personal data concerning you without undue delay, in accordance with Art. 16 GDPR if it is incorrect. To do so, please contact us at the address provided.
(c) Right to erasure
You have the right, under the conditions described in Art. 17 of the GDPR, to demand that we erase the personal data concerning you. These conditions provide in particular for a right of erasure if the personal data is no longer required for the purposes for which it was collected or otherwise processed, and in cases of unlawful processing, withdrawal or the existence of an obligation to erase the data under European Union law or the law of the member state to which we are subject. To exercise your right of erasure, please contact us at the address provided.
(d) Right to restriction of processing
You have the right to demand that we restrict our processing in accordance with Art. 18 of the GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period of time required to verify its accuracy, and if the user requests restricted processing instead of erasure if there is an existing right to erasure; also if the data is no longer required for the purposes we pursue, but the user needs it to assert, exercise or defend legal claims, and if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the address provided.
(e) Right to data portability
You have the right to obtain from us the personal data that concern you and that you provided to us and to receive these data in a structured, commonly used, and machine-readable format in accordance with Art. 20 of the GDPR. To exercise your right to data portability, please contact us at the address provided.
(f) Right to object
You have the right, in accordance with Art. 21 of the GDPR, to object at any time, on grounds relating to your particular situation, to the processing of your personal data on the basis of, among other things, point (e) or (f) of the first sentence of Art. 6(1) of the GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defence of legal claims.
(g) Right to withdraw consent (in the event of consent having been given)
You have the right to withdraw previously given consent in accordance with Art. 7(3) GDPR with effect for the future. Withdrawal of consent does not affect the lawfulness of the processing carried out until its withdrawal on the basis of the consent.
(h) Right to lodge a complaint
You also have the right to address complaints to the supervisory authorities for data protection. The competent supervisory authority for us is:
Der Hessische Datenschutzbeauftragte (The Hessian Data Protection Commissioner)
Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany
P.O. Box 31 63, 65021 Wiesbaden, Germany
Telephone: +49 611 14080
Fax: +49 611 1408 – 900
Internet at: http://www.datenschutz.hessen.de
|la-manufacture.shop||_fpb||Wird von Facebook genutzt, um eine Reihe von Werbeprodukten anzuzeigen, zum Beispiel Echtzeitgebote dritter Werbetreibender.||1 Jahr||Social Media-Cookies|
|.facebook.com||fr||Wird von Facebook genutzt, um eine Reihe von Werbeprodukten anzuzeigen, zum Beispiel Echtzeitgebote dritter Werbetreibender.||3 Monate||Social Media-Cookies|
|Tealium||la-manufacture.shop||CONSENTMGR||Speichert die Opt-In/Opt-Out Auswahl für den Benutzer.||1 Jahr||Unbedingt erforderliche Cookies|
|Tealium||la-manufacture.shop||utag_main||Das utag_main Cookie ist ein Cookie von Tealium, damit wir dessen Tag-Manager-Lösung einsetzen können. Das utag_main Cookie ist ein Erstanbieter-Cookie von Tealium. Dieses Cookie nimmt einen Zeitstempel auf, sobald der Seitenbesuch beginnt, zählt die Anzahl der Aufrufe, die Anzahl aller Seitenbesuche und eine individuelle ID. Diese Informationen werden von unseren Analytics-Werkzeugen zur Verbesserung der Daten zu Ihrem Website-Besuch verwendet. Somit verstehen wir besser, wie Nutzer die Seite verwenden und wie man das Nutzerlebnis verbessern kann.||1 Jahr||Unbedingt erforderliche Cookies|
|-||la-manufacture.shop||lama_session||Session Identifier||2 Stunden||Unbedingt erforderliche Cookies|
|-||la-manufacture.shop||XSRF-TOKEN||CSRF Token||2 Stunden||Unbedingt erforderliche Cookies|
|-||la-manufacture.shop||nopopup||Dieser Cookie erlaubt die Deaktivierung des Newsletter-Pop-up Fensters.||1 Jahr||Unbedingt erforderliche Cookies|
|Tik Tok||la-manufacture.shop||tt||Wird von Tik Tok genutzt, um eine Reihe von Werbeprodukten anzuzeigen, zum Beispiel Echtzeitgebote dritter Werbetreibender.||1 Jahr||Social Media-Cookies|