Catrice Privacy Notice

Data Protection

cosnova GmbH (referred to below as “we”) appreciates your interest in our company and our products. It is important to us that you feel safe when you visit the websites operated by us (referred to below as: “website”), also in terms of the protection of your personal data.

This Privacy Policy is intended to inform you about the nature, scope and purpose of the personal data that we process when you use our website and any sub-pages. If you wish to use certain services on our website, e.g. the evaluation of our products or the wish list, personal data will be processed. Personal data are any data that can be attributed to you personally, such as your name, address, e-mail addresses and user behaviour.

This Privacy Policy also contains information about the processing of personal data in connection with our social media sites.

To find out how we process your personal data, you can navigate directly to the relevant topics via the following links. You can also read, save and print this Privacy Policy as a complete document.

1. Information about the controller, data protection officer

(a) Controller

The controller as defined in the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States as well as other data protection legislation is:

cosnova GmbH
Am Limespark 2
65843 Sulzbach, Germany
Telephone: 00496196761560
e-mail: info@cosnova.com

You can find more information about us in the imprint.

(b) The controller’s data protection officer is:

Moritz Görmann
CTM COM GmbH
Marienburgstraße 27
D-64297 Darmstadt
Telephone: 00496151394272
Fax: 00496151394277
www.ctm-com.de

2. Collection and Processing of Personal Data

When you use the website for information purposes only (i.e., when you do not send us information in any other way), we generally only collect the personal data that your browser sends to our server. We collect the following data that are technically necessary in order to display our website in the version and language that are appropriate for you, to ensure stability and security, and to create general reports about the use of our website (the legal basis is Art. 6 para. 1 S. 1 lit. f of the GDPR):

  • IP address

  • Date and time of the request

  • Content of the request (specific page)

  • Website from which the request originates

  • Browser

  • Operating system

The above data will be deleted promptly once it is no longer required for the above purposes, and no later than 30 days after we have collected it.

If you provide us with further personal data, such as in the context of a registration, contact form, survey, competition or for the execution of a contract, we will use these data for the purposes specified, for the purpose of customer administration, and, where necessary, for the purpose of processing and invoicing any business transactions, in each case to the extent required for the given purpose.

When you use our digital tools such as our Foundation Shade Finder or SkinCam, we may collect information such as your skin tone and contact information. The legal basis for this is your consent, Art. 6 para. 1 sentence 1 lit. f of the GDPR, or Contract Fulfilment, Art. 6 para. 1 sentence 1 lit. b of the GDPR.

If you use our digital testers, we determine your approximate location (to an accuracy of approx. 50km) by means of an IP address that has been anonymised by shortening it and if you scan the QR code, we determine which version of our point of sale you are facing. This data is used exclusively for statistical purposes and is not combined with other data.

In order to show you the local version of the website or the version in your preferred language setting, we will use the location feature of your device to determine where you are, provided that you give your consent for this in the corresponding pop-up.

In the event of contact by e-mail (e.g. to the address indicated above) or other means (e.g. messenger), the personal data transmitted with your message will be stored and used for the processing of the conversation.

The legal basis for the processing of data transmitted in the course of sending a message are Art. 6 para. 1 S. 1 lit.1 b and lit. f of the GDPR. This data will be used solely for processing the contact request; this also includes our necessary legitimate interest in processing the data within the meaning of Art. 6 para. 1 S. 1 lit. f of the GDPR. The data will be deleted as soon as it is no longer required for the purpose for which it was collected, which is the case when the respective conversation with the user has ended. The conversation ends when it is clear from the circumstances that the matter in question has been conclusively clarified.

3. Cookies and Similar Technologies

In addition to the data mentioned above, cookies are stored on your computer and comparable technologies are implemented when you use our website. Cookies are small text files that are stored on your hard drive via the browser you are using and provide the entity that sets the cookie (in this case, us) with certain information. Cookies cannot be used to run programs or transmit viruses to your computer. They serve the purpose of making the Internet offer more user-friendly and effective as a whole.

The vast majority of cookies are only set with your consent (Art. 6 para. 1 S 1 lit. a of the GDPR). For other cookies, the legal basis is our legitimate interests (Art. 6 para. 1 S 1 lit. f of the GDPR). Our cookie banner informs you which cookies fall into which category.

(a) General

This website uses the following types of cookies and their scope and function are explained below:

  • Transient cookies: Transient cookies are automatically deleted when you close your browser. In particular, these include session cookies. They store what is known as a session ID, which allows various requests from your browser to be allocated to the respective session. This way, your computer will automatically be recognised the next time you visit our website. Session cookies are deleted when you log out or close your browser. This type of cookie can be used, for example, to store the contents of your shopping cart in an online shop or your log-in status.

  • Persistent cookies: Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies via the security settings of your browser at any time.

(b) Browser settings

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Stored cookies can be deleted in the system settings of your browser. Please note that this may prevent you from being able to use all functionalities of this website.

(c) List of cookies

A list of cookies and comparable technologies used can be found at the end of this Privacy Policy.

(d) Cancelling cookies

You can change your settings at any time by using the Cookie Settings link located at the bottom of our website.

4. Sharing personal data in general

(a) Sharing with service providers

For certain data processing activities, we sometimes employ service providers who are bound by our instructions and who, without exception, process the data on our behalf and as instructed by us (processing by contract).

(b) Disclosure to public authorities, injured parties and for legal prosecution

If it is required for the clarification of an illegal or fraudulent use of our website or for legal prosecution, personal data will be forwarded to the prosecution authorities and, where applicable, to injured third parties. However, this only occurs if there are indications of illegal or fraudulent behaviour.

Disclosure may also take place if this serves to enforce the terms of use or other agreements. We are also legally obliged to provide information to certain public authorities upon request. These are criminal prosecution authorities, authorities that pursue administrative offences that are subject to fines as well as the tax authorities.

The legal basis for this is Art. 6 para. 1 S. 1 lit. b, Art. 6 para. 1 S. 1 lit. c, Art. 6 para. 1 S. 1 lit. d and Art. 6 para. 1 S. 1 lit. d and Art. 6 para. 1 S. 1 lit. f of the GDPR.

(c) Disclosure in the context of company transactions

In the course of the further development of our business, the structure of our company may change due to changes in the legal form, or due to the establishment, purchase or sale of subsidiaries, parts of the company or components. In case of such transactions, the customer information may be shared with the acquirer or legal successor, together with the part of the business that is to be transferred.

Whenever personal data is disclosed to the extent described above, we ensure that this is done in accordance with this Privacy Policy and the applicable data protection laws.

(d) Disclosure to recipients outside the EU

It is possible that we might disclose personal data to countries outside the EU (“third countries”). Any disclosure of data to a recipient in a third country only takes place in accordance with the applicable data protection laws. Insofar as the European Commission has not determined that an adequate level of protection exists in a third country, we will provide the appropriate safeguards to ensure that your data is adequately protected. This can be done in particular by entering into data processing agreements that contain standard EU data protection clauses and provide appropriate safeguards in accordance with the decision of the European Commission (available at Standard Contractual Clauses (SCC) (europa.eu)). Please contact us for further details, such as the text of the EU Standard Contractual Clauses.

(e) Consentmanager

We have integrated the consent management tool “consentmanager” (www.consentmanager.net) by Jaohawi AB, Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net, on our website in order to request consent for data processing, the use of cookies or comparable functions. With the help of the “consentmanager”, you have the option of providing or refusing your consent to certain functionalities on our website, e.g. for the purpose of integrating external elements, statistical analysis, range measurement and personalised advertising. With the help of the “consentmanager”, you can provide or refuse your consent to all functions, or provide your consent for individual purposes or individual functions. You can also change the settings you have made retrospectively. The purpose of the integration of a “consentmanager” is to allow the users of our website to decide on the things referred to above and, in the context of the further use of our website, to offer the possibility of changing settings that have already been made. In the course of the use of the “consentmanager”, personal data is processed as well as information about the devices used, such as the IP address.

The legal basis for the processing is Art. 6 para. 1 S. 1 lit. c in conjunction with Art. 6 para. 3 S. 1 lit. a in conjunction with Art. 7 para. 1 of the GDPR.

(f) Qualtrics

On our website, we use the services of Qualtrics LLC, 333 W. River Park Drive, Provo UT 84604, USA to conduct customer, product, and brand satisfaction surveys. We conduct satisfaction surveys to continuously develop and improve our products and services. When you participate in a satisfaction survey, only so-called “Iog data” (date and time stamp/information about your browser and your browser settings/information about your device/usage data) is processed. Participation in a satisfaction survey is voluntary. If you do not want to participate in a satisfaction survey, you can simply close the survey pop-up. The legal basis for this data processing is your consent, Art. 6 para.1 lit. a of the GDPR.

To learn more about Qualtrics LLC and how Qualtrics processes personal data, please visit https://www.qualtrics.com/privacy-statement/.

5. Social plug-ins, integration of third-party content

(a) General

Our website may also contain offers from third parties. If you click on such an offer, we will transfer data to the respective provider to the extent required (e.g., the information that you found this offer on our site and, if applicable, additional information that you have already provided for this purpose on our website).

(b) Social Plug-Ins

When we use so-called “social plug-ins” from social networks like Meta Platforms Ireland Limited or Twitter on our website, we integrate them as follows:

When you visit our website, the social plug-ins are disabled, meaning there is no transmission of any data to the operators of these networks. If you wish to use one of the networks, click on the respective social plug-in in order to establish a direct connection with the server of the respective network.

If you have a user account with the network and are logged in when you enable the social plug-in, the network can correlate your visit to our website with your user account. If you want to prevent this, please log out of the network before enabling the social plug-in.

When you enable a social plug-in, the network transfers the content that becomes available as a result directly to your browser, which incorporates it into our website. In this situation, data transfers that are initiated and controlled by the respective social network can also take place. Your connection to a social network, the transmission of data between the network and your system and your interactions on this platform are governed solely by the privacy policy of the network in question.

When you click on the link to an offer or enable a social plug-in, personal data may be transferred to providers in countries that are not part of the European Economic Area and that, in the view of the European Union (“EU”), do not guarantee an “adequate level of protection” that meets the EU standards for the processing of personal data. Please bear this in mind before clicking on a link or enabling a social plug-in and thereby initiating a transfer of your data.

The social plug-in remains enabled until you disable it or delete your cookies.

(c) YouTube Videos

We have integrated YouTube videos into our online offer on the basis of our legitimate interests (i.e. interest in optimising our online offer within the meaning of Art. 6 Para. 1 S. lit. f of the GDPR), which are stored on http://www.youtube.com and can be played directly from our website. These are all included in the “extended data protection mode”, which means that no data about you as a user are transferred to YouTube unless you play the videos. The data specified in the following paragraph will only be transmitted when you play the videos. We have no influence on this data transfer.

When you visit the website, YouTube receives your IP address and the information that you have visited the relevant sub-page of our website. This occurs irrespective of whether you are logged in to a user account provided by YouTube or no such user account exists. If you are logged in to Google, your personal data will be correlated directly with your account. If you do not wish a correlation to be established with your YouTube profile, you must log out before activating the button. YouTube stores your personal data as user profiles and uses it for the purpose of advertising, market research, and/or the demand-oriented design of its website. Such an analysis is performed, in particular (even for users who are not logged in), in order to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and must contact YouTube in order to exercise this right.

Further information about the purpose and scope of the collection of data and their processing by YouTube can be found in the privacy policy. Here, you can also find further information about your rights and settings options to protect your privacy: https://www.google.de/intl/en/policies/privacy.

(d) Google Maps

On our websites, we use the offer of Google Maps on the basis of our legitimate interests (i.e. interest in the optimisation of our online offer as defined in Art. 6 para. 1 S. 1 lit. f of the GDPR). This allows us to display interactive maps directly on the website and enables you to use the map function conveniently, e.g. when using our storefinder.

When you visit the website, Google receives your IP address and the information that you have visited the relevant sub-page of our website. This occurs irrespective of whether you are logged in to a user account provided by Google or whether no such user account exists. If you are logged in to Google, your personal data will be correlated directly with your account. If you do not wish a correlation to be established with your Google profile, you must log out before activating the button. Google stores your data as user profiles and uses it for the purpose of advertising, market research, and/or the demand-oriented design of its website. Such an analysis is performed, in particular (even for users who are not logged in), in order to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and must contact Google in order to exercise this right.

Further information about the purpose and scope of data collection and its processing by the plug-in provider can be found in the privacy policy of the provider. Here, you can also find further information about your rights and settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

(e) Use of Google reCAPTCHA

On this website, we also use the reCAPTCHA function by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This feature is designed to protect our website against attacks based on state-of-the-art technology, in particular to distinguish whether an entry is made by a natural person or is carried out fraudulently by means of machine and automated processing. The service includes processing the web request, IP address, browser type, browser language, date and time of your request, and one or several cookies that may identify your browser. The processing is carried out in accordance with Art. 6 para. 1 lit. f of the GDPR on the basis of our legitimate interest in determining individual responsibility on the Internet, avoiding abuse and spam and protecting our website against attacks. As part of the use of Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC. in the USA and the other companies of the Google Group worldwide.

Further information on Google reCAPTCHA and Google’s privacy policy can be found at:  https://www.google.com/intl/en/policies/privacy/. You can contact Google’s Data Protection Officer at: data-access-requests@google.com.

(f) Social plug-ins from Meta Platforms Ireland Limited and Google Ireland Limited

Our websites may use social plug-ins from Meta Platforms Ireland Limited (Ireland).

When you visit a page that contains such a plug-in and it is activated, your browser connects to the provider of the plug-in and the content is loaded from these pages. Your visit to this website may therefore be tracked by Meta Platforms Ireland Limited and Google Ireland Limited, even if you do not actively use the social plug-in feature. If you have a Facebook or Google account, you can use such a social plug-in to share information with your friends. We have no influence on the content of the plug-ins and the transmission of information.

Meta Platforms Ireland Limited provides detailed information on the scope, nature, purpose, and further processing of your data at https://www.facebook.com/about/privacy. Here, you can also find further information about your rights and setting options for protecting your privacy.

(g) Instagram

This website also integrates plug-ins from the social network Instagram (“Instagram”). Instagram is a service offered by Meta Platforms Ireland Limited (Ireland). You can recognise the Instagram plug-in by the “Instagram button” on our page. If you click on the “Instagram button” while you are logged in to your Instagram account, you can link the content on our pages to your Instagram profile. This allows Instagram to correlate your visit to our pages with your account. Please note that we have no knowledge of the content of the transmitted data or their use by Instagram. For more information, please refer to the Privacy Policy of Instagram: https://instagram.com/about/legal/privacy.

(h) Commerce Connector

Content from Commerce Connector may be integrated into our online offer. We do so on the basis of Art. 6 para. 1 S. 1 lit. f of the GDPR, namely on the basis of our interest in making our site attractive by integrating third-party content. For more information, please refer to the Commerce Connector Privacy Policy: https://www.commerce-connector.com/web/policy-cco/

6. Evaluation of usage data (“tracking”) and usage-related information (“(re)targeting“)

(a) General

We wish to tailor the content of our website as closely as possible to your interests and thus improve our service for you. We use so-called tracking technologies to identify usage preferences and particularly popular areas of the website.

We use so-called (re)targeting technologies so that we can tailor our online marketing (e.g., banner advertising) more specifically to your usage-based interests. When you visit other websites that collaborate with the providers of these (re)targeting technologies, these are read and used in order to provide you with information that is as interest-related as possible.

When the above technologies are used, cookies on our website and (in the case of retargeting) on third-party websites record your interest in our products and services. This involves the use of random identifiers (so-called cookie IDs) and similar technologies, which we do not connect with your name, address, or similar information even when this information is known to us (e.g., from an existing contractual relationship), unless you have consented to this.

(b) Google Analytics (basic version)

For the purpose of designing the website in line with requirements and continuously optimising it on the basis of Art. 6, para. 1, S. 1 lit. f of the GDPR, we use the basic version of Google Analytics, a web analysis service of Google Ireland Limited. ("Google"). Google Analytics uses cookies (text files) which are stored on your computer and allow us to analyse your use of the website. Google will use this information on our behalf to evaluate your use of the website and to compile reports about website activity. Google processes the data collected through the use of the “basic version” of Google Analytics exclusively on our instructions and for our purposes. Insofar as data collected via Google Analytics is used for Google’s advertising technologies (e.g. Google Remarketing) and in this case is also processed by Google for its own purposes and/or the purposes of third parties, such processing will only take place if you have given your consent to the use of such advertising technology on the website.

This website uses Google Analytics with the extension “_anonymizeIp()”. This enables IP addresses to be further processed in a shortened form, thus excluding the possibility of the shortened addresses being personally identifiable. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do so, you may not be able to use the full functionality of this website. You can also prevent the collection by Google of data generated by the cookie and relating to your use of the website (including your IP address), and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout.

For the exceptional cases in which personal data is transferred to the USA, Google Ireland Limited has agreed the so-called standard data protection clauses with Google. The legal basis for the use of Google Analytics is Art. 6 para. 1 S.1 lit. f of the GDPR.

(c) Google Marketing

We only use Google Marketing products (e.g., Search Ad and Display & Video 360) with your express consent, which you can declare by clicking on the “Agree” button in the website’s cookie banner. We store your consent in a cookie on your device so that you are not asked for your consent every time you visit our website, and we also store it on our servers, together with the IP address and time, for legal reasons; we will erase this information or restrict its processing if you withdraw your consent. Google uses personal data to personalise advertisements, and cookies can be used for both personalised and non-personalised advertising. Further information is available at https://policies.google.com/technologies/partner-sites.

(d) Content Square

This website uses ContentSquare S.A.S. technologies to collect interaction data of the website visitor in pseudonymised form for marketing purposes and to optimise the user-friendliness of the website by using cookies. The information generated by the cookie about your use of the website is usually transferred to a ContentSquare server and stored there. The IP address transmitted by your browser is not merged with other data of ContentSquare. ContentSquare guarantees the shortening of your IP address.

You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all functions of our services to their full extent.

(e) Tealium

Tealium Audience Stream. Within our website, we use “Tealium Audience Stream”, a service provided by Tealium Inc., which has a registered office at Sovereign House, Second Floor, Vastern Road, Reading, RG1 8BT, United Kingdom (Tealium); this service processes data from which user profiles are created using pseudonyms which can follow a person across different devices. For example, the following information is collected: ads viewed and clicked, articles, advertising, number of visitors, subject of the page, etc.

The legal basis is your consent, Art. 6 para. 1 S. 1 lit. a of the GDPR. You can also object to data collection and storage for the purpose of web analysis and advertising at any time via http://tealium.com/privacy/.

Tealium iQ (Tag Management System). This website uses a Tag Management System (TMS), a service provided by Tealium Inc., which has a registered office at Sovereign House, Second Floor, Vastern Road, Reading, RG1 8BT, United Kingdom (Tealium), in order to dynamically adjust parts of the website. The TMS is necessary for the provision of our services and therefore cannot be disabled. The cookie has a duration of 12 months. The legal basis is a legitimate interest under Art. 6 para. 1 S. 1 lit. f of the GDPR, namely the pursuit of our business purposes.

(f) Pinterest

Within our online offer, the so-called "Pinterest Tag" (individual code snippet) of Pinterest Inc., 635 High Street, Palo Alto, CA, USA, ("Pinterest") is integrated into our website on the basis of Art. 6 para. 1 S. 1 lit. f of the GDPR, due to our legitimate interest in the analysis and optimisation of our online offer as well as the demand-oriented use of our Pinterest campaigns. If a Pinterest user sees or clicks on the advertisement, further actions and target groups that have shown interest are tracked. By using this information, we can ensure that Pinterest advertisements are only displayed to Pinterest users who have already shown an interest in our services, and that they match the user's potential interest. This data helps us to measure the conversion of each campaign. This data is used for statistical purposes and helps us to optimise the campaigns.

The data collected does not allow any conclusions about the identity of the respective user. Data is collected on the device information, the operating system used, the IP address of the device used, the time of the call, the type and content of the campaign, the reaction to the respective campaign as well as device IDs consisting of individual features of the device. This enables us to recognise your device on our website.

The data is stored in accordance with the legal retention periods and then automatically deleted. If you log into your Pinterest account after visiting our website or visit our website while logged in, it is possible that this data will be stored and processed by Pinterest. Pinterest may link this data to your Pinterest account and may also use it for its own advertising purposes. For more information, see Pinterest’s Privacy Policy: https://policy.pinterest.com/en/privacy-policy. You can object to this specific data processing at any time by either deactivating https://help.pinterest.com/en/article/personalization-and-data the relevant settings under "Customisation" in your Pinterest account or by clicking on Opt-Out.

(g) The Trade Desk

We use the retargeting technology of The UK Trade Desk Ltd. 10th Floor, 1 Bartholomew Close London EC1A 7BL United Kingdom (“The Trade Desk”). This feature serves to present interest-based ads to visitors to the website as part of The Trade Desk’s advertising network. If consent has been given through the cookie banner, when you visit our website, your browser will store cookies and similar technologies that allow you to be recognised when you visit websites that are part of The Trade Desk’s advertising network. These pages may then show you ads related to content you have previously viewed on websites using The Trade Desk’s retargeting technology. According to its own information, The Trade Desk collects pseudonymized data in this process.

If you still do not want to use this retargeting feature, you can disable it. Please note that the deactivation must be done separately for each browser or device using one of the following methods: (i) via the AdChoices icon in the ad banner, (ii) via https://www.youronlinechoices.com, (iii) directly at The Trade Desk at https://www.adsrvr.org, (iv) for mobile apps: https://www.networkadvertising.org/mobile-choice and https://www.aboutads.info/choices. In addition, you can revoke your consent to the set cookies in the future under the following link Cookie settings.

For more information on The Trade Desk retargeting technology, The Trade Desk privacy policy and the opt-out options, please visit: https://www.thetradedesk.com/us/privacy.

(h) Dynamic Yield

We use the services of Dynamic Yield Ltd. (Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, England, RG7 1NT). With the Dynamic Yield recommendation tool, our web offer is optimised based on your consent in accordance with Art. 6 para. 1 lit. a of the GDPR in order to turn your visit to the website into a personalised experience through customised recommendations and content. We use the page content that you view to recommend equivalent or thematically related products or other content relevant to you.

Dynamic Yield collects pseudonymized information about your usage activities on our site. This uses cookies, which store only pseudonymized information under a randomly generated ID (pseudonym). Your IP addresses will only be stored anonymously. A direct personal connection is therefore not possible.

The consent given with regard to the use of Dynamic Yield can be revoked here at any time by deselecting the category "Personalisation cookies". Revoke here: Cookie settings. In addition, you can find more information about the tracking technology used via the following link: https://www.dynamicyield.com/platform-privacy-policy/.

In particular, we evaluate the data for the following purposes:

Conducting performance or profitability comparisons of our websites, count visitors, track awareness of, for example, online advertising posted on the website, partner and affiliated programs, rich media content or special campaigns, measure the areas of the website that are particularly attractive to you, evaluate the origin of online users to optimise our offer locally

(i) Interactive Digital Assistant (Zoovu)

This website offers an Interactive Digital Assistant. This service is provided by Zoovu (Germany) GmbH, Skalitzer Str. 104, 10997 Berlin, Germany. We use this tool on our own responsibility and have entered into a data protection agreement with Zoovu that our customers’ data may only be processed on the basis of our instructions, must not be shared with third parties and must be adequately protected technically.

When you use the service and if you have given us permission to do so, e.g. by giving us your consent via the tracking banner, we collect the following usage data:

  • Usage Data: (Services of the Digital Assistant, answering questions, navigation, product recommendations, purchases)

  • Browser / Operating System / Device Used

  • Reference Source

The usage data collected (using a cookie ID) is used to improve the Digital Assistant experience, for technical purposes and to improve the service. Your IP address is not collected. It is therefore not possible to determine the identity of the user from the ID used.

If you have not given us permission to do so, e.g. by refusing consent via the tracking banner, only those cookies will be set that are necessary to provide the service, but there will be no tracking of usage as described above.

(j) Bazaarvoice

In addition, we use services provided by Bazaarvoice Inc., Austin, United States to provide evaluation functions and to evaluate the findings. The evaluation is voluntary and can be done by providing a nickname. You do not have to provide your name. We also use other features offered by Bazaarvoice: To research social media content that is tagged with our content, websites and social media presences, to check whether certain content is worth sharing there, to contact post authors, and to upload content and to integrate it in our social media presences. Our service provider, Bazaarvoice, may also process your personal data in the United States. We have entered into standard data protection clauses with Bazaarvoice in this regard. For more information about how Bazaarvoice processes your data, please refer to the Privacy Notice at https://www.bazaarvoice.com/legal/privacy-policy/.

(k) Linkster

We use the tracking technology of Linkster GmbH, Colonnaden 5, 20354 Hamburg on this page to measure, visualise and invoice insights in partnerships and advertising channels.

If you have provided your consent via the cookie banner, cookies are set in your browser, which will be read out in the event of a transaction. Information submitted includes the URL of the website, on which an advertising material is placed (referrer URL), the browser identifier (user agent) of your device (including information about the device type and operating system), the IP address of the device (this IP address is hashed by us before storage), HTTP header (data packet automatically transmitted by your browser with various technical information), the time of the request and, if previously stored on the device, the cookie with its content. If necessary, the stored touch points can be compiled into a sequence chain (user journey). In the case of an action request, the order number and the cart value of your order are usually also transmitted and saved by us. In addition, the following values can be transmitted and saved: Your account number, new customer information, age and gender as well as the information you provided in a customer survey.

The collection and processing of tracking data can also be deactivated by clicking on this tracking opt-out link: https://trck.linkster.co/privacy-optout.do.

Viewing your data: https://trck.linkster.co/privacy-mydata.do.

The legal basis for our processing is Art. 6 para. 1 S. 1 lit. a of the GDPR.

(l) Snapchat

On our website, we use the “Snapchat Pixel” of Snap Inc., 63 Market Street, Venice, CA 90291, USA (“Snapchat”). If you have provided consent via the cookie banner, this will track user behaviour to evaluate the effectiveness of Snapchat ads for statistical and market research purposes and to optimise advertising measures. The data is stored and processed by Snapchat so that a connection to the respective user profile may be possible and Snapchat can use the data for its own advertising purposes in accordance with the Snapchat data usage policy. You can enable Snapchat and its partners to run ads on and off Snapchat. These processing operations take place exclusively when providing consent in accordance with Art. 6 para. 1 lit. a) of the GDPR. For more information, please see Snapchat's privacy policy at https://www.snap.com/de-DE/privacy/privacy-policy/.

(m) Facebook Business Tools and Facebook Ads Manager, sharing of event data

We use Facebook Business Tools and the Facebook Ads Manager, which are provided by Meta Platforms Ireland Limited (Ireland). These allow us to define when and where ads should be placed on Facebook, Instagram and on websites as well as to track how successful our ad campaigns are. In this context, we disclose so-called "event data" for the targeting of our advertising campaigns with the consent you have granted via our cookie banner, Article 6 para. 1 S. 1 lit. f of the GDPR. These data are shared in hashed form only. They include, in particular, your e-mail address, postcode and city.

Third parties, including Meta Platforms Ireland Limited, may use cookies, web beacons, and other storage technologies via Facebook Business Tools in order to record or obtain information from our websites and other sites on the Internet and then use this information to provide measurement solutions and ad targeting.

(n) Meta Platforms Ireland Limited Retargeting (Website Custom Audience)

A Meta Platforms Ireland Limited pixel is integrated into this website (website custom audience pixel). If you have provided your consent, this pixel collects information about the use of this website (e.g., information about items viewed) by us and Meta Platforms Ireland Limited in joint responsibility and transmits it to Meta Platforms Ireland Limited. This information may be attributed to you personally with the help of other information about you that Meta Platforms Ireland Limited has stored based on an account you own on the social network “Facebook”, for example. The information collected via the pixel can be used to display interest-related advertising for our offers in your Facebook account (retargeting). The information collected via the pixel may also be aggregated by Meta Platforms Ireland Limited and the aggregated information may be used by Meta Platforms Ireland Limited for its own advertising purposes and for the advertising purposes of third parties. In this way, Meta Platforms Ireland Limited can determine certain interests from your browsing behaviour on this website, for example, and may also use this information to promote third-party offers. Meta Platforms Ireland Limited may also combine the information collected via the pixel with other information that Meta Platforms Ireland Limited has collected about you through other websites and/or in connection with your use of the social network “Facebook” so that a profile about you can be stored at Meta Platforms Ireland Limited. This profile may be used for advertising purposes. Meta Platforms Ireland Limited is solely responsible for the permanent storage and the displayed further processing of tracking data collected via the website custom audience pixel used on this website. The legal basis for this data processing is Art. 6 para. 1 S. 1 lit. a of the GDPR.

For more information on data protection at Meta Platforms Ireland Limited, please click here: https://www.facebook.com/policy.php. Here you will also find information about asserting your rights (e.g. right to erasure) against Meta Platforms Ireland Limited. You can withdraw consent to the transfer of the data to Meta Platforms Ireland Limited by using the pixel on this website at https://www.youronlinechoices.com/.

(o) Twitter

This website incorporates functions of the Twitter service. These functions are provided by Twitter International Limited (Ireland) ("Twitter"). By using Twitter and the "Retweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter during this process. For this purpose, your Internet browser establishes a direct connection to the Twitter servers and transmits data to Twitter. We would like to point out that we have no knowledge of the content of the transmitted data or its use by Twitter.

For more information, please refer to Twitter’s Privacy Policy: https://twitter.com/privacy. You can change your privacy settings on Twitter at https://twitter.com/account/settings.

(p) TikTok

We use a pixel by the provider TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, together with TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn, London, WC2B 6NH, United Kingdom) on this website. This is a code that we have implemented on our website. With the help of this code, providing that you consent, a connection to the TikTok servers will be established when you visit our website in order to track your behaviour on our website. Personal data such as the IP address and other information such as the device ID, device type and operating system can also be transferred to TikTok. TikTok uses e-mail or other login or device information to identify users of our website and to assign their actions to a TikTok user account.

TikTok uses this data to display advertising to its users in a targeted and personalised manner and to create interest-based user profiles. The data collected will only be used by us as part of the measurement of the effectiveness of advertising placements.

In principle, your data will be processed within the EU or the EEA. A corresponding data protection agreement has been concluded with TikTok for this purpose. If personal data are transferred to countries outside the EU or the EEA, TikTok implements the so-called Standard Contractual Clauses unless the personal data is transferred to countries for which an adequacy decision has been adopted by the European Commission.

TikTok’s Privacy Policy can be found here: https://www.tiktok.com/legal/privacy-policy-eea.

(q) TikTok Business Tools and TikTok Ad Manager, sharing of event data

We also use the TikTok Business Tools and the TikTok Ads Manager of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. These allow us to define when and where ads should be placed and to track how successful our ad campaigns are. To this end and with the consent you provide via our cookie banner, Art. 6 para. 1 S. 1 lit. f of the GDPR, we share so-called “event data” for the targeting of our ad campaigns. These data are shared in hashed form only. They include, in particular, your e-mail address, postcode and city.

Third parties, including TikTok Business Tools, may use cookies, web beacons, and other storage technologies via TikTok Technology Limited in order to record or obtain information from our websites and other sites on the Internet and then use this information to provide measurement solutions and ad targeting.

7 . Our presence on social media, influencers

We also maintain corporate presences on social networks such as Facebook and Instagram, to which we provide links on our website. When you access the relevant networks and platforms, the terms and conditions as well as the data processing guidelines of the respective operators apply, over which we have no influence. When you do so, data may also be processed outside the European Union. Meta Platforms Ireland Limited and we are “joint controllers” for certain processing operations on Facebook. Our data protection notices on the respective social network will provide you with more information.

The data protection notices in the respective networks apply to the activities of cosnova corporate influencers.

8. Your rights as a data subject

(a) Right of access to information

You have the right to request information at any time about the personal data we process to the extent that they concern you and to obtain this information upon request at any time within the scope of Art. 15 of the GDPR. To do so, you can send a request by post or e-mail to the contact address provided.

(b) Right to rectification of incorrect data

You have the right to demand that we rectify, without undue delay, the personal data that concerns you in accordance with Art. 16 of the GDPR if it is incorrect. Please contact us at the address provided to do so.

(c) Right to erasure

You have the right, under the conditions described in Art. 17 of the GDPR, to demand that we erase the personal data concerning you. These conditions provide in particular for a right of erasure if the personal data is no longer required for the purposes for which it was collected or otherwise processed, and in cases of unlawful processing, withdrawal or the existence of an obligation to erase the data under European Union law or the law of the member state to which we are subject. To exercise your right of erasure, please contact us at the address provided.

(d) Right to restriction of processing

You have the right to demand that we restrict our processing in accordance with Art. 18 of the GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period of time required to verify its accuracy, and if the user requests restricted processing instead of erasure if there is an existing right to erasure; also if the data is no longer required for the purposes we pursue, but the user needs it to assert, exercise or defend legal claims, and if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the address provided.

(e) Right to data portability

You have the right to obtain from us the personal data that concern you and that you provided to us and to receive these data in a structured, commonly used, and machine-readable format in accordance with Art. 20 of the GDPR. To exercise your right to data portability, please contact us at the address provided.

(f) Right to object

You have the right to object at any time on grounds arising from your particular situation to the processing of personal data relating to you which is carried out, amongst other things, on the basis of Art. 6 para. 1 S. 1 lit. e or lit. f of the GDPR in accordance with Art. 21 of the GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defence of legal claims.

(g) Right to withdraw consent (in the event of consent having been provided)

You have the right to withdraw consent in accordance with Art. 7 para. 3 of the GDPR with effect for the future. Withdrawal of consent does not affect the lawfulness of the processing carried out until its withdrawal on the basis of the consent.

(h) Right to lodge a complaint

You also have the right to address complaints to the supervisory authorities for data protection. Our competent supervisory authority is:

Der Hessische Datenschutzbeauftragte (The Hessian Data Protection Commissioner)
Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany
P.O. Box 3163, 65021 Wiesbaden, Germany
Telephone: 004961114080
Fax: 00496111408900
e-mail: poststelle@datenschutz.hessen.de
Internet: http://www.datenschutz.hessen.de

9. Update of the Privacy Policy

This Privacy Policy was last updated in August 2024. Changes to our offer may also make it necessary to amend this Privacy Policy. Therefore, please regularly check the contents of our Privacy Policy. We will also let you know as soon as your cooperation (e.g., consent) or another individual notification becomes necessary as a result of changes.

10. List of cookies used

Cookie NameSample ValueExpireTypeDomainVendor