Data Protection Statement
cosnova GmbH (hereinafter referred to as “we”) welcomes your interest in our company and our Catrice products. It is therefore our concern that you feel safe with respect to the protection of your personal data when visiting our website catrice.eu (hereinafter referred to as “website”).
Please click on the following links in order to directly access the corresponding topics.
- Information on the responsible data protection controller, data protection officer
- Collection of personal data when visiting our website
- Use of Google Analytics
- Usage of Content Square
- Usage of Tealium
- Use of our web shop
- Integration of YouTube videos
- Integration of Google Maps
- Information regarding Notes on our e-mail newsletter
- Our presence in social media
- Your rights as data subject
- Your contact with us, data processing when you contact us
1. Information on the responsible data protection controller, data protection officer
(a) The controller as defined by the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:
Am Limespark 2
Telephone: +49(0) 6196 / 76156-0
Fax: +49(0) 6196 / 76156-1298
More information about us is available in the imprint under https://catrice.eu/en/catrice-make-up-imprint.html
(b) The data protection officer of the controller is:
Telephone: 06154 - 57605-0
Fax: 06154 - 57605-29
2. Collection of personal data when visiting our website
(a) When visiting our website purely for information purposes, i.e. if you do not otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary in order to display the pages of our website on your computer and to ensure the stability and security (the legal basis is Article 6 (1) S.1 lit. f) GDPR (General Data Protection Regulation, in German: DS-GVO):
– IP address
– Date and time of the request
– Content of the request (specific page)
– Website making the request
– Operating system
The above mentioned data will immediately be deleted when they are no longer required for the aforementioned purposes, no later than 30 days after we have collected them.
(b) In addition to the previously specified data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive allocated to the Internet browser and provide the entity that sets the cookie (in this case, us) with certain information. Cookies cannot execute programs or transmit viruses to your computer. They serve the purpose of making our Internet offer more user-friendly and effective.
aa) This website uses the following types of cookies, their extent and function are described as follows:
– Transient cookies (please refer to bb)
– Persistent cookies (please refer to cc).
bb) Transient cookies are automatically deleted when you close your browser. In particular, these include session cookies. These store a so-called session ID, which allows various requests of your browser to be allocated to the respective session. This way, your computer will automatically be recognized the next time you visit our website. This type of cookie can be used, for example, to store the content of your shopping cart in an online shop or your log-in status.
cc) Persistent cookies are automatically deleted after a specific, pre-defined period of time, which may vary depending on the cookie. You can delete the cookies via the security settings of your browser at any time.
dd) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Stored cookies can be deleted in the system settings of your browser. However, please note that this may prevent you from being able to make use of all functionalities of our website.
3. Use of Google Analytics
(a) This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses what are known as "Cookies", text files that are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie about your use of this website will generally be transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within Member States of the European Union or in other States party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities and to provide in respect of the website owner further services associated with site usage and Internet usage.
(b) The IP address reported by your browser as part of Google Analytics will not be combined with other data by Google.
(c) You can prevent the storage of cookies by selecting the appropriate settings in your browser software. However, please note that if you do this, you may not be able to make use of the full functionality of this website. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser-Plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(d) This website uses Google Analytics with the extension “_anonymizeIp()” and consequently, IP addresses are only processed in shortened form in order to prevent direct personal references. If the data collected concerning you contains a personal reference, these will immediately be excluded and the personal data as such immediately deleted.
(e) We use Google Analytics to be able to analyze the use of our website and regularly improve it. The statistics collected allow us to improve our service and to make it more interesting to you as the user. In the exceptional cases in which personal data is transferred to the USA, Google has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6 (1) S. 1 lit. f) GDPR.
4. Usage of Content Square
(a) This website uses ContentSquare S.A.S. technology to collect pseudonymised interaction data from website visitors for marketing purposes and to optimise the user-friendliness of the website using cookies. The information generated by the cookie about your use of the website is usually transferred to a ContentSquare server and stored there. The IP address transmitted by your browser is not merged with other ContentSquare data. ContentSquare guarantees the shortening of your IP address so that all data is collected anonymously. The following cookies are stored by ContentSquare:
– cs_id to recognize returning website users (up to 13 months)
– cs_s, a session cookie created at the beginning of a web page visit and deleted 30 minutes after the last page visit.
(c) Transfer of Data to Third Countries? - No.
(d) If applicable, adequacy decision (Art. 45 GDPR) - If applicable, suitable guarantees (Art. 46 GDPR)
5. Usage of Tealium
Tealium Audience Stream. Within our website, we use "Tealium Audience Stream" a product of Tealium Inc., which has a business address at Sovereign House, Second Floor, Vastern Road, Reading, RG1 8BT, United Kingdom (Tealium), which collects and stored data, which is used to create pseudonymous user profiles. On our behalf, Tealium will use this information to automatically adjust our website to your interests and needs and to display advertising. For this, the following information will be collected: e.g. viewed and clicked ads, articles, advertising, user numbers, topic of the respective webpage.
The pseudonymous user profiles will not be linked to personal data without user consent. Also, the IP address transmitted by your browser will not be stored together with the user profiles.
Cookies will be used for purposes of creating user profiles, as well as comparable technologies for mobile devices. The information gathered through the cookies will be stored in a data centre in Germany. You can avoid the placing of cookies in your browser settings; in this case, not all features of this website may properly function.
You can object to the collection and storage for analytics purposes at any time, with effect for the future, by following the instructions at http://tealium.com/privacy.
Legal basis for the processing are legitimate interests in the meaning of Art. 6(1)(f) GDPR, namely our interest to conduct our business operations.
Tealium iQ (Tag Management System). This website uses a tag management system (TMS), a service provided by Tealium Inc., which has a business address at Sovereign House, Second Floor, Vastern Road, Reading, RG1 8BT, United Kingdom (Tealium), to dynamically adjust web pages. To enable this, a cookie named utag_main will be used. The TMS is necessary for providing our services and therefore can't be deactivated. This cookie has a duration of 12 months.
There is a transfer of your IP address to Tealium in the USA, a country outside the European Union. This transfer is possible based on Art. 45 GDPR, as Tealium is certified under the Privacy Shield, resulting in an adequate level of protection (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be reviewed at https://www.privacyshield.gov/participant?id=a2zt0000000TSaYAAW&status=Active.
Legal basis for the processing are legitimate interests in the meaning of Art. 6(1)(f) GDPR, namely our interest to conduct our business operations.
6. Use of our web shop
(a) You can order from our web shop as a guest without registering. You also have the option of creating an account. This has the advantage that you can log directly into your account by entering your e-mail address and password for any future orders without having to reenter your contact details again. There are also other benefits, for example, you can retrieve your order history at any time. The following provides information on the data processing in connection with an order placed as a guest as well as the data processing in connection with an account.
(b) If you would like to place an order in our web shop as a “guest”, you must provide the personal data required for the processing and handling of your order. The mandatory data required for the processing of the contracts are marked clearly. In detail, these are as follows:
* Title, first name, last name,
* E-mail address,
Additional details such as your phone number are optional. Optional data can help us improve our customer service, for example, by allowing us to contact you in case of questions about your order.
(c) In addition, you have the option of creating an account, which allows us to store your data for future purchases. When creating an account, we request the same data as for orders as a guest (see above under (b)). To allow us to identify you, you are furthermore required to establish a password of your choosing. The accounts are not public and cannot be indexed by search engines. If you have created an account, you can delete it at any time.
(d) When you place an order, we will process the contract data (e.g., ordered goods, payment information, etc.) in addition to the requested personal data. We will only process the data provided by you as well as the contract data once you place the order or, in case of an account, upon your registration and only for the purpose of the appropriate processing of your order and for the fulfillment of both parties of the obligations arising from the purchase contract. The legal basis is Article 6 (1) S. 1 lit. b) GDPR.
(e) Due to commercial and tax regulations, we are obliged to store your address, payment and order data for the duration of ten years, the legal basis is Article 6 (1) S. 1 lit. c) GDPR. However, we restrict the processing of the data after two years, which means that your data will only be used to comply with the legal stipulations after this time. If you have terminated your account, the data regarding your account will be deleted subject to their storage for the purpose of compliance with the commercial and tax regulations in accordance with Article 6 (1) S. 1 lit. c) GDPR.
(https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE), Klarna (https://www.klarna.com/uk/privacy-notice/), Visa (https://www.visa.co.uk/legal/privacy-policy.html), Mastercard (https://www.mastercard.co.uk/en-gb.html). In cases of disclosure of your personal data to third parties, the scope of the disclosed data is limited to the required minimum.
7. Integration of YouTube videos
(a) We have integrated YouTube videos in our online offer on the basis of our legitimate interests in accordance with Article 6 (1) S. 1 lit. f) GDPR. They are saved on http://www.YouTube.com and can be accessed directly from our website. The videos are integrated in such a way that no data about you as a user are transmitted to YouTube if you do not play the videos. Only when you press play will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission.
(b) By visiting the website, YouTube obtains your IP address and the information that you have accessed the corresponding subpage of our website. This applies regardless of whether YouTube provides a user account through which you are logged into or not. If you are logged into Google, your data will directly be allocated to your account. If you do not wish the allocation to your YouTube account, you must log-out before activating the button. YouTube stores your personal data as user profiles and uses them for advertising, market research and/or for a requirement-specific design of the website. This type of evaluation is carried out in particular (also for users that are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, however, you must direct your objection directly to YouTube.
8. Integration of Google Maps
(a) This website uses Google Maps on the basis of our legitimate interests (i.e., in the interest of optimizing our online offer in accordance with Article 6 (1) S. 1 lit. f GDPR. This allows us to display interactive maps directly on our website and provide you with a user-friendly usage of the map function, e.g., when using our store finder. This function is integrated in such a way that no data about you as a user is transmitted to Google when you do not use Google Maps. Only when you carry out the corresponding function that is linked to Google Maps (e.g., the store finder) will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission.
(b) By visiting the website, Google obtains your IP address and the information that you have accessed the corresponding subpage of our website. This applies regardless of whether Google provides a user account that you are logged into or not. If you are logged into Google, your data will directly be allocated to your account. If you do not want an allocation to your Google account, you must log-out before activating the button. Google stores your personal data as user profiles and uses them for advertising, market research and/or for a requirement-specific design of the website. This type of evaluation is carried out in particular (also for users that are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, however, you must direct your objection directly to Google.
9. Information regarding Notes on our e-mail newsletter
(a) With the following information, we would like to inform you about the content of our newsletter, the subscription and dispatch procedures as well as your rights of objection. We will only send newsletters as e-mails with advertising information (hereinafter referred to as “newsletter”) with the explicit consent of the recipient or if we are legally authorized to do so. Insofar as the content of the newsletter has specifically been described during the subscription to said newsletter, it is decisive for the consent provided by the user. Our newsletters also contain information about our products, offers, promotions and our company.
(b) To subscribe to our newsletter, all you have to do is provide your e-mail address. The subscription is carried out in a so-called double opt-in process. This means that once you subscribe, you will receive an e-mail asking you to confirm your subscription. This confirmation is required so that nobody can subscribe to our newsletters with third-party e-mail addresses.
(c) The subscriptions to our newsletter are protocolled in order to be able to prove the subscription process in accordance with the legal requirements. This includes recording the time of subscription and confirmation, as well as the IP address used for the subscription. Changes to your data stored at MailChimp are also logged.
Furthermore, according to its own information, the shipping service provider may use this data in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. for the technical optimization of the shipping and display of the newsletter or for statistical purposes, in order to determine from which countries the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or pass them on to third parties.
(e) To subscribe to the newsletter, it is sufficient to provide your e-mail address.
(f) The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used to technically improve the services on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined with the help of the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our nor Mail Chimp’s aim to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
(g) Consent to the dispatch of the newsletter is given on the basis of your consent pursuant to Art. 6 Para. 1 lit. a) and Art. 7 GDPR as well as § 7 Para. 2 No. 3 and Para. 3 UWG. The use of the MailChimp dispatch service provider, the performance of statistical surveys and analyses as well as the logging of the registration procedure are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of the users.
(h) You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. The revocation of your consent does not affect the legality of the newsletter sent on the basis of your consent until you revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. When you unsubscribe from the newsletter, your personal data will be deleted, unless their storage is legally required or justified, in which case their processing will only be limited to these exceptional purposes. In particular, we may
We will store your deleted e-mail addresses for up to three years on the basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. f) GDPR before we delete them for the purpose of sending you newsletters in order to be able to prove that you have previously given your consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.
10. Our presence in social media
(a) We also maintain a company presence on social media sites such as Facebook and Instagram, which we link to via our website. This occurs on the basis of our legitimate interests in order to provide information on our offerings on these sites and to communicate with active customers, interested parties and users there. The legal basis is Article 6 (1) lit. f) GDPR. When accessing the respective social media networks or platforms, the terms and conditions and the data handling policies of the respective provider apply, upon which we have no influence whatsoever. This means that the data may be handled outside of the European Union.
(b) When you use a social network, your data is usually processed for market research and advertising purposes. The user behavior and the interests of the users resulting thereof can be used to create usage profiles. The usage profiles in turn can be used, for example, to place advertisements within or outside of the platforms, which presumably correspond to the interests of the user. Cookies that save the usage behavior and the interests of the user are generally stored on the computers of the users for these purposes. Furthermore, data may also be stored in the usage profiles independent of the devices used by the user (especially if the user is a member of the respective platform and is logged in).
(c) For a detailed overview of the respective data processing and the opt-out options, please refer to the following links to access information provided by the provider.
Please also note that requests for information and the assertion of user rights are most effective if they are addressed directly to the provider. Only the providers have access to the data of the user and can take the appropriate action and provide information. However, should you still require help, please do not hesitate to contact us.
11. Your rights as data subject
(a) Right of access by the data subject
You have the right to request information from us regarding the processing of data in relation to your person within the scope of Article 15 GDPR) at all times. For this purpose, you may send your request via post or e-mail to the address indicated below.
(b) Right to the rectification of incorrect personal data
You have the right to request the immediate rectification of your personal data insofar as these data is incorrect. In this case, please contact the addresses indicated below.
(c) Right to erasure
According to the prerequisites specified in Article 17 GDPR, you are entitled to demand the erasure of your personal data. These requirements particularly stipulate the right of erasure if the personal data is no longer necessary for the purpose for which they were originally stored or processed in any way, as well as in cases of unlawful processing, dispute or appeal or the obligation for erasure according to Union law or the law of the Member State that we are subject to. In order to assert your rights, please contact the addresses listed below.
(d) Right to restriction of processing
You have the right to request the restriction of processing pursuant to Art. 18 GDPR. This right in particular applies if there is a dispute between the user and us about the accuracy of the personal data for the duration necessary to verify the accuracy, as well as in the event that the user requests a restricted processing instead of erasure of these data in the case of an existing right to erasure; also in the event that the data is no longer necessary for the purposes pursued by us but the user requires them to assert, exercise or defend their rights, as well as in the event that a conflict between us and the user is still disputed. To exercise your right to restriction of processing, please contact the addresses indicated below.
(e) Right to data portability
You have the right to obtain the personal data that you have provided us with in a structured, commonly used and machine-readable format in accordance with Article 20 GDPR. In order to exercise your right to data portability, please refer to the contact addresses indicated below.
(f) Right of objection
According to Article 21 GDPR, you have the right to lodge an objection to the processing of your personal data for reasons arising resulting from your special situation, among other based on Article 6 (1) lit. e) or f) GDPR. In this case, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, or if the processing serves to exercise or defend legal claims.
(g) Right to withdraw (in the case of previously provided consent)
According to Article 7 (3) GDPR, you are entitled to withdraw your granted consents effective for the future at any time. The withdrawal of consent shall not affect the legitimacy of the processing carried out on the basis of the consent until withdrawal.
(h) Right to lodge a complaint
You are furthermore entitled to contact the supervisory authority in case of complaints. The supervisory authority responsible for us is:
Der Hessische Datenschutzbeauftragte (The Hessian data protection officer)
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
Postfach 31 63, 65021 Wiesbaden
Telefon: 0611 14080
Telefax: 0611 1408 – 900
13. Your contact with us, data processing when you contact us
(1) Should you have any questions regarding the handling of your personal data in association with the use of this app, please do not hesitate to contact.
(2) In the event that you contact us by e-mail (e.g., at the address indicated above), the personal data transmitted by e-mail will be stored. The data will not be passed on to third parties. The data is used exclusively for processing the conversation.
(3) The legal basis for the handling of data transmitted along with an e-mail is Article 6 (1) lit. f) GDPR. These data serve purely to process your contact inquiry; therein also lies the necessary legitimate interest in the processing of these data in accordance with Article 6 (1) lit. f) GDPR. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection, which is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.