1. General Information
1.1 Personal Data
Privacy law protects personal data (hereinafter referred to as data). Personal data means any information relating to an identified or identifiable natural person. Therefore, personal data can be names, addresses, profession, e-mail addresses, state of health, income, marital status, genetic traits, phone numbers and even user data as IP-addresses.
The Controller of the data processing of your data on the website www.sebamed.de (hereinafter referred to as website) is the Sebapharma GmbH & Co. KG (hereinafter referred to as the controller or operator). The contact details are:
Sebapharma GmbH & Co. KG
Represented by Sebapharma Verwaltungs GmbH,
that in turn is represented by Thomas Maurer and Dr. Rüdiger Mittendorff
Binger Str. 80
56154 Boppard, GERMANY
Phone: + 49 (0) 6742-9000
Fax: +49 (0) 6742-900176
1.3 Data Protection Officer
The controller has appointed a data protection officer (DPO). The DPO can be contacted under firstname.lastname@example.org.
2. Scope and Processing of Personal Data, Legal Basis and Provision of Data, Duration of Storage
2.1 Access and Use of the Website
Any time you access the website, your user data will be transferred via your web browser and stored in server logfiles. These logfiles contain the following data:
- Date and time of access
- Name of the website
- Quantity of transferred data
- Information about your web browser
The legal justification is based on Art. 6 Para. 1 b), f) GDPR (legitimate interest), which requires the data processed by the operator to enable you to access and use the Website. The legitimate interest of the operator also involves the provision of a website with informs and offers services to its customers and the optimisation of website operation. Those data must necessarily be processed during the use of tele media. Otherwise you will not be able to access the website.
The log files are evaluated by the operator anonymously for the improvement of the website and in order to design it more user-friendly, to find and correct errors more quickly and to control server capacities. For example, the controller is able to trace the time of access the website is particularly popular and the operator can provide appropriate data volume.
Your IP address will be deleted or anonymised after the termination of use. In the case of anonymisation, the IP addresses are modified, so that they can no longer be assigned to a specific or identifiable or identified or identifiable natural person, or only with a disproportionate amount of time, cost and effort.
2.2 Contact Form
If you would like to get in touch with the operator, a contact form is available on the website. In the context of this form you must make the following data:
- Salutation (Mr, Mrs, Family), First Name, Last Name, Street, Postcode, City, E-mail Address, Message
Additionally, you may provide to following information:
- Group of age group, skin type, skin sensitivity, hair type, mobile phone number
The operator processes your data for communication purposes, e.g. to respond to a contact request. The justification of this processing is based on Art. 6 Para. 1 b) GDPR (pre-contractual measure). Provision of data is necessary, otherwise you are unable to send any message to the operator.
The personal data processed within the scope of communication will be deleted after expiry of the statutory storage obligations, unless the controller claims legitimate interest in a further storage. In any case, only those data will continue to be stored that are absolutely necessary to achieve the corresponding purpose. As far as possible, the personal data will be anonymised
In order to receive additional information about the operator and the companies offers, you can subscribe to an e-mail newsletter. The so-called double opt-in procedure is used to opt in to the newsletter, i.e. you will only receive a newsletter by e-mail if you have expressly confirmed beforehand, that the newsletter service is to be activated. After you have activated the newsletter, you will receive a notification e-mail with an activation link. Only you activate this link will you receive the newsletter. You can deactivate the Newsletter at any time. For this purpose, please contact the operator or use the unsubscribe link provided in every newsletter.
The permissibility of this processing is governed by Art. 6 Para. 1 a) GDPR (consent). The provision of your data is necessary for the receipt of the newsletter. The non-availability has the consequence that you cannot subscribe to the newsletter and receive no information from the operator.
Your data will be deleted after revocation of your consent, unless the controller has a legitimate interest in further storage. This may be the case if the operator must continue to store your data due to a contract with you. In any case, only those data will to be stored that are absolutely necessary to achieve the corresponding purpose.
2.4 Test Club
The operator regularly runs a test club via the website, where participants can win products and have to evaluate them in return. The only way to get to the corresponding subpage of the website is via a link provided by the operator on one of his other websites. In order to participate in the Test Club, the following data will be requested on the website:
- Salutation, first name, surname, street, e-mail address, postcode, city, country
Participants will receive their prizes and an evaluation form by post. The admissibility of this processing is based on Art. 6 Para. 1 b) GDPR (contract). The provision of your data is required for the participation in the Test Club. If you do not provide your data, you will not be able to participate.
Participants data are used by the operator only for the purpose of the participation in the product test and are deleted after providing the evaluation.
The runs a Facebook fanpage, through which he regularly hosts competitions. Participation in these contests generally require the publication of user’ s comments under the operator's corresponding post on the fanpage. Once the winners have been chosen, the operator will inform them by using the "Send message". In order to hand out eventual prizes, winners will have to provide the following information:
- Salutation, first name, surname, street, postcode, city
The requested data of the participants will only be used for the duration of the contest. The legal justification of the processing is based on Art. 6 Para. 1 b) GDPR (contract). The provision of your data is necessary for the participation in the contest. If you do not provide your data, you are excluded from the contest.
After the end of the competition the participant’s data including communication data obtained via Facebook will be deleted. Any user`s comments under posts of the operator's Facebook page will not be deleted.
2.6 Become a skin-researcher
The operator offers users the opportunity to participate in a comprehensive survey under "Become a skin researcher". The subject of this survey is general information, the skin type, the care products used by the user, the living conditions and other habits of the users. The operator stores the user data in a database. Those data are used to determine suitable subjects for product tests carried out by the operator. Furthermore, the operator evaluates the information provided by the user in order to obtain information for product development. The data of the users are stored by the operator without time limitation.
In order to participate, users have complete a multi-page contact form, in which the following general information must first be provided:
- Salutation, first name, surname, street, house number, postcode, city, e-mail address
Further information about your skin appearance and other health-related attributes in the contact form are voluntary.
If the user is selected for a product test, he will be notified via e-mail and the product to be tested will be sent to him by post. The e-mail contains a link to a questionnaire for evaluating the product. The answers to the questions are anonymous and do not allow any conclusions to be drawn about the person of the user.
The admissibility of this processing is based on Art. 6 Para. 1 f) GDPR (legitimate interest).
The operator can claim legitimate interest in the storing and evaluation information on the use of his products for the purpose of product development and to have product tests carried out by suitable persons. The provision of your data and storage in the operator's database are necessary for participation in the product tests carried out by the operator. The (partial) non-availability of your data means that you will not be selected for a product test and therefore will not receive any products.
The operator stores the provided data without time limitation. The user can request deletion from the operator's database at any time.
2.7 Platform for Applicants
Users have the possibility to apply via the website for job offers advertised by the operator. The operator therefor uses a software application of the rexx systems GmbH, Süderstr. 75-79, 20097 Hamburg, Germany.
The operator collects a number of personal data via an application platform. Specifically, the following information is requested:
Person master data
- Salutation, first name, last name, street, postcode, city, country, telephone, e-mail
- Information about how users know about the job offer
School, Trainings, Education, Profession
- School-leaving certificate, Completed studies, Completed vocational training
In addition, the user has the opportunity to apply with their own XING or LinkedIn profile. For this purpose, a corresponding profile is required.
If the user chooses the "Apply with XING Profile" or "Apply with LinkedIn Profile" option, he will be redirected to the website of the corresponding network, where he can log in with his user profile. During this process, the user is linked to his corresponding profile. This procedure automatically transmits user data to the operator. The transmitted data is mandatory for the application.
The user also has the possibility to create own files and to transmit them to the operator:
- Photo, cover letter, curriculum vitae, references, confirmations / certificates, other attachments
All data disclosed to the operator during the use of the platform are transmitted via a secure, i.e. encrypted connection. The admissibility of this processing is based on § 26 BDSG (application procedure). The provision of your data is necessary for participation in the application procedure and the conclusion of a contract with the controller. If you fail to provide any or in case you provide incomplete information, the operator will reject your application.
Received application documents will be stored for 3 months after the rejection of your application, unless the you have given consent for eventual longer storage.
The operator uses so-called cookies. These are small data packages which normally consist of letters and numbers and which are stored on a browser when you visit certain websites. Cookies allow the website to recognise your browser, follow you through different sections of the website and identify you upon your return to the website. Cookies do not contain data that personally identifies you, but the information about you stored by the operator may be associated with the data received and stored in cookies.
- Recognition of the user computer when visiting the website
- Tracking the user's browsing activities on the website
- Improvement of the user-friendliness of the website
- Evaluation of the use of the website
- Website operation
- Prevention of fraud and improvement of website security
- Individual design of the website taking according to the user requirements
Cookies do not harm your browser. They do not contain viruses and do not allow the operator to spy on you. 2 types of cookies are used:
- Temporary cookies are automatically deleted when you close your browser (session cookies).
- Permanent cookies, on the other hand, have a maximum lifespan of up to 20 days. This type of cookie enables you to be recognised upon a return to the website.
Using cookies enables the operator to track user behaviour for the above-mentioned purposes and to the corresponding extent. They are also intended to enable you to surf the operator's website in an optimised performance. This data is also obtained in an anonymised form. The legal justification of this processing is based on Art. 6 Para. 1 f) GDPR, according to which the processing is lawful if it is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject (you), which require the protection of personal data, prevail. The legitimate interest of the operator involves the optimised representation of his website. The provision of data is necessary in order to be able to use the website of the operator without errors. If you do not accept cookies or delete cookies that have already been set, this may lead to functional limitations of the website.
Temporary cookies are deleted automatically when you close your browser (session cookies). Permanent cookies, on the other hand, have a maximum lifespan up to 20 days. This type of cookie enables you to be recognised again upon your return to the.
2.9 Analytical Tools
The operator uses etracker, a technology from etracker GmbH, Erste Brunnenstr. 1, 20459 Hamburg, Germany, to collect and store data for marketing and optimisation purposes. This data can be used to create pseudonymised user profiles. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of your browser. Those cookies enable the recognition of the browser upon a return to the website. Data obtained by using etracker technologies will not be used to identify you personally without your consent and will not be merged with other personal data about the respective pseudonym. The justification of this processing is based on Art. 6 Para. 1 a) GDPR (consent). The provision of your data is voluntary. The non-availability has no effect on the use of the website.
The personal data collected during the use of tracking tools will be deleted unless the controller can claim legitimate interests in further storage. In any case, only those data are stored that are absolutely necessary to achieve the corresponding purpose. As far as possible, the personal data will be anonymised.
2.10 Google Maps
The legal admissibility of this processing is governed by Art. 6 Para. 1 f) GDPR (legitimate interest). The use of data for purpose of Google Maps in order to provide convenient routes represents a legitimate interest according to Art. 6 Para. 1 f) GDPR. Thereby the access to the controller`s business premises is facilitated. The provision of your data is voluntarily. Non-provision will result in malfunctions of Google Maps on the website of the operator.
Personal data obtained through the use of Google Maps will be deleted unless the can claim a legitimate interest in the further retention. In any case, only those data will continue to be stored that are absolutely necessary to achieve the corresponding purpose. As far as possible, the personal data will be anonymised.
2.11 Media Pool
Publishers and journalists have can request to enter the Media Pool. For this purpose, following data has to be provided:
Additionally, you may voluntarily provide the following information:
- Publishing House
- Editorial Office
- Position / Area of responsibility
- Request to enter the Media Pool (distribution list)
This information will be used to inform you about product innovations and news regarding our company.
The legal justification of the processing is based on Art. 6 Para. 1 a) GDPR (consent). The provision of your data is necessary to provide you information via the media pool. Failure to provide personal data will make us unable to provide you information via the media pool.
Your data will be deleted after revocation of your consent, unless the controller can claim a legitimate interest in further storage. This may be the case if the operator must continue to store your data due to a contract with you. In any case, only those data will continue to be stored that are absolutely necessary to achieve the corresponding purpose.
3. Right to Access, Rectification, Erasure, Restriction, Objection and Data Portability
You as the subject to the data processing on this website have the following rights: Right to access (Art. 15 GDPR), Rectification (Art. 16 GDPR), Erasure (Art. 17 GDPR), Restriction of the Processing (Art. 18 GDPR) as well as to Data Portability (Art. 20 GDPR). We make every effort to process your respective enquiry as quickly as possible.
If your personal data was processed on the basis of Art. 6 para. 1 f) GDPR, you have a right to object if there are reasons for this which result from your particular situation or if your objection is directed against direct advertising (Art. 21 GDPR). If you object to direct advertising, we will not send you any more advertising messages.
Please use the contact address given in the imprint for your message.
4. Withdrawal of Consent
If you have given your consent to the processing of your personal data and revoke it, the processing carried out up to the time of this revocation remains unaffected by this.
5. Right to Appeal
You have the right at any time to complain to the competent supervisory authority (e.g. The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz).
Data obtained while using the website and the information you provide when contacting us will be transmitted to the server of the operator and stored there. Additionally, your data may be transmitted to the following categories of recipients:
- Internal bodies and departments involved in the processing of your personal data (e.g. HR department, marketing department, product research)
- Data processors (e.g. IT service providers, providers of tracking tools, software manufacturers, marketing agencies, newsletter providers)
- Shipping companies (e.g. when shipping of samples)
7. Links to Third Party Websites