Privacy Policy

1. General Information

1.1 Personal Data

Privacy law protects personal data (hereinafter referred to as data). Personal data means any information relating to an identified or identifiable natural person. Therefore, personal data can be names, addresses, profession, e-mail addresses, state of health, income, marital status, genetic traits, phone numbers and even user data as IP-addresses.

 

1.2 Processing of personal data

Processing means any operation relating to personal data, such as collection, recording, organisation, filing, storage, adjustment or modification, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, synchronisation or combination, restriction, erasure or destruction.

 

1.3 Cookies

Cookies are small data packets, usually consisting of letters and numbers and stored on a browser when you visit certain websites. Cookies enable the website to recognise your browser, track you visiting various sections of the website and identify you when you return to the website. Cookies do not contain any data that identify you personally, but the information concerning you stored by the operator can be assigned to the data obtained from and stored in the cookies.

 

1.4 Controller

The Controller of the data processing of your data on the website www.sebamed.de (hereinafter referred to as website) is the Sebapharma GmbH & Co. KG (hereinafter referred to as the controller or operator). The contact details are:

 

Sebapharma GmbH & Co. KG
Represented by Sebapharma Verwaltungs GmbH,
that in turn is represented by Thomas Maurer and Dr. Daniel Rothoeft

 

Binger Str. 80
56154 Boppard, GERMANY
Phone: + 49 (0) 6742-9000
Fax: +49 (0) 6742-900176
E-Mail: info@sebamed.de

 

1.5 Data Protection Officer

You can contact our data protection officer at datenschutz@sebamed.de and at +49 151 730 44 032.

 

2. Details on data processing

2.1 Access and Use of the Website

Any time you access the website, your user data will be transferred via your web browser and stored in server log files. These log files contain the following data: Date and time of access, Name of the website, IP-address, Referrer-URL, Quantity of transferred data, Information about your web browser.

 

The legal justification is based on Art. 6 para. 1 b), f) GDPR (legitimate interest), which requires the data processed by the operator to enable you to access and use the Website. The legitimate interest of the operator also involves the provision of a website with informs and offers services to its customers and the optimisation of website operation. Those data must necessarily be processed during the use of tele media. Otherwise you will not be able to access the website.

 

The log files are evaluated by the operator anonymously for the improvement of the website and in order to design it more user-friendly, to find and correct errors more quickly and to control server capacities. For example, the controller is able to trace the time of access the website is particularly popular and the operator can provide appropriate data volume.

 

Your IP address will be deleted or anonymised after the termination of use. In the case of anonymisation, the IP addresses are modified, so that they can no longer be assigned to a specific or identifiable or identified or identifiable natural person, or only with a disproportionate amount of time, cost and effort.

 

2.2 Contact Form

If you would like to get in touch with the operator, a contact form is available on the website. In the context of this form, you must make the following data: Salutation (Mr, Mrs, Family), First Name, Last Name, Street, Postcode, City, E-mail Address, Message.

 

Additionally, you may provide to following information: Group of age group, skin type, skin sensitivity, hair type, mobile phone number. Furthermore, your referrer URL, i.e. the origin URL from which you came to the website, may be processed.

 

The operator processes your data for communication purposes, e.g. to respond to a contact request. The justification of this processing is based on Art. 6 para. 1 b) GDPR (pre-contractual or contractual measure). Provision of data is necessary, otherwise you are unable to send any message to the operator.

 

In some cases, the admissibility of the processing may be based on Art. 6 para. 1 c) GDPR if you provide information that must be forwarded in the context of a complaint due to legal obligations. Furthermore, if you provide data on incompatibilities, processing may be lawful under Art. 9 para. 2 i) GDPR if you provide health data that must be further processed due to preventive health care.

 

 


In addition, the admissibility of the processing may be based on Art. 6 para. f) GDPR. The legitimate interest of the operator lies in particular in the analysis as well as optimisation of marketing measures.

 

 

The personal data processed within the scope of communication will be deleted after expiry of the statutory storage obligations unless the controller claims legitimate interest in a further storage. In any case, only those data will continue to be stored that are necessary to achieve the corresponding purpose. As far as possible, the personal data will be anonymised.

 

2.3 Newsletter

In order to receive additional information about the operator and the companies offers, you can subscribe to an e-mail newsletter. The so-called double opt-in procedure is used to opt in to the newsletter, i.e. you will only receive a newsletter by e-mail if you have expressly confirmed beforehand, that the newsletter service is to be activated. After you have activated the newsletter, you will receive a notification e-mail with an activation link. Only you activate this link will you receive the newsletter. You can deactivate the Newsletter at any time. For this purpose, please contact the operator or use the unsubscribe link provided in every newsletter.

 

The permissibility of this processing is governed by Art. 6 para. 1 a) GDPR (consent). The provision of your data is necessary for the receipt of the newsletter. The non-availability has the consequence that you cannot subscribe to the newsletter and receive no information from the operator.

 

Your data will be deleted after revocation of your consent, unless the controller has a legitimate interest in further storage. This may be the case if the operator must continue to store your data due to a contract with you. In any case, only those data will to be stored that are absolutely necessary to achieve the corresponding purpose.

 

2.4 Test Club

The operator regularly runs a test club via the website, where participants can win products and have to evaluate them in return. The only way to get to the corresponding subpage of the website is via a link provided by the operator on one of his other websites. In order to participate in the Test Club, the following data will be requested on the website: Salutation, first name, surname, street, e-mail address, postcode, city, country

 

Participants will receive their prizes and an evaluation form by post. The admissibility of this processing is based on Art. 6 para. 1 b) GDPR (contract). The provision of your data is required for the participation in the Test Club. If you do not provide your data, you will not be able to participate.

 

Participants data are used by the operator only for the purpose of the participation in the product test and are deleted after providing the evaluation.

 

2.5 Facebook Contest

The operator runs a Facebook page through which he regularly organises contests. Participation in these contests generally requires the publication of a comment under the operator’s corresponding post using the user’s own Facebook account. Once the winners have been determined, they will be contacted by the operator using the “send message” function for the purpose of awarding the prize. The winners will then have to provide the following information: Salutation, first name, surname, street, postcode, city

 

The requested data of the participants will only be used to carry out and process the contest. The legal admissibility of this processing is based on Art. 6 para. 1 f) GDPR (legitimate interest). The operator organises contests to promote his products and attract new customers. The provision of your data is required for participation in the contest. If you do not provide your data, you will not be able to participate and will not win any of the prizes advertised.

 

After completion of the contest, the participants’ data will be deleted, including the communication made via Facebook. The comments under the contest on the operator’s Facebook page will not be deleted.

 

2.6 Contest on the Website

The operator also organises contests directly on the website. Participation usually requires the answer to a question. In addition, the following information must also be provided: Salutation, first name, surname, street, postcode, city, e-mail address

 

The requested data of the participants will only be used to carry out and process the contest. The legal admissibility of this processing is based on Art. 6 para. 1 f) GDPR (legitimate interest). The operator organises contests to promote his products and attract new customers. The provision of your data is required for participation in the contest. If you do not provide your data, you will not be able to participate and will not win any of the prizes advertised.

 

After completion of the contest, your data will be deleted.

 

2.7 Become a skin-researcher

The operator offers users the opportunity to participate in a comprehensive survey under "Become a skin researcher". The subject of this survey is general information, the skin type, the care products used by the user, the living conditions and other habits of the users. The operator stores the user data in a database. Those data are used to determine suitable subjects for product tests carried out by the operator. Furthermore, the operator evaluates the information provided by the user in order to obtain information for product development. The data of the users are stored by the operator without time limitation.

 

In order to participate, users have complete a multi-page contact form, in which the following general information must first be provided: Salutation, first name, surname, street, house number, postcode, city, e-mail address

 

Further information about your skin appearance and other health-related attributes in the contact form are voluntary.
If the user is selected for a product test, he will be notified via e-mail and the product to be tested will be sent to him by post. The e-mail contains a link to a questionnaire for evaluating the product. The answers to the questions are anonymous and do not allow any conclusions to be drawn about the person of the user.

 

The admissibility of this processing is based on Art. 6 para. 1 f) GDPR (legitimate interest).

The operator can claim legitimate interest in the storing and evaluation information on the use of his products for the purpose of product development and to have product tests carried out by suitable persons. The provision of your data and storage in the operator's database are necessary for participation in the product tests carried out by the operator. The (partial) non-availability of your data means that you will not be selected for a product test and therefore will not receive any products.

 

The operator stores the provided data without time limitation. The user can request deletion from the operator's database at any time. 

 

2.8 Platform for Applicants

Users have the opportunity to apply for job vacancies advertised by the operator via the website. The operator uses a software application from Sage GmbH, Franklinstraße 61-63, 60486 Frankfurt am Main, Germany, for this purpose.

 

The operator collects a number of personal data via an application platform. Specifically, the following information is requested:

 

Person master data: Salutation, first name, last name, street, postcode, city, country, telephone, e-mail
Contextual data: Information about how users know about the job offer
School, Trainings, Education, Profession: School-leaving certificate, completed studies, Completed vocational training


In addition, the user has the option of applying for a job using his or her own Finest-jobs or LinkedIn profile. For this purpose, the user needs a corresponding profile on the respective platform.

If the user clicks on the button "Apply with Finest-jobs profile" or "Apply with LinkedIn profile", he will be redirected to the page of the corresponding network, where he can log in with his usage data.


During this process, a link is established with the corresponding profile of the user. This automatically transmits the user's data stored there to the operator (including surname, first name, e-mail address, profile photo, profile and application data). The transmitted data is mandatory for the application. Further information on the processing of personal data in this context can be found at the respective portal operators - LinkedIn (https://www.linkedin.com/legal/privacy-policy) and Finest-Jobs (www.finest-jobs.com/Datenschutz).

 

 

The user also has the possibility to create own files and to transmit them to the operator:
Attachments: Photo, cover letter, curriculum vitae, references, confirmations / certificates, other attachments

 

All data disclosed to the operator during the use of the platform are transmitted via a secure, i.e. encrypted connection. The admissibility of this processing is based on § 26 BDSG (application procedure). The provision of your data is necessary for participation in the application procedure and the conclusion of a contract with the controller. If you fail to provide any or in case you provide incomplete information, the operator will reject your application.

 

Received application documents will be stored for 3 months after the rejection of your application, unless you have given consent for eventual longer storage.

 

2.9 Essential Cookies

The operator uses cookies to improve the user-friendliness, optimise the presentation, prevent fraud and improve the website security.

 

The legal admissibility of this processing is based on Art. 6 para. 1 f) GDPR (legitimate interest). The operator would like to optimise the use of the website, improve its presentation (e.g. on mobile devices) and prevent access by unauthorised persons. In addition, the operator must ensure that data collection requiring consent only takes place if you have actually consented. Therefore, certain technical settings must be logged. 

 

You can find more information about the essential cookies in the Cookiebot description table. There you will find in particular the provider, the specific purpose and the storage period.

 

These cookies are necessary for the operation of the website and cannot be disabled.

Your cookie settings

2.10 Optional Cookies and other Tracking Tools

There are cookies that are only set by the operator with your consent. They process data in order to personalise content and ads, to offer social media features, and to analyse website traffic. Some cookies come from third-party providers, which also receive the generated data and may merge them with other data. However, tracking tools are also used that work without cookies, such as Facebook Pixel. This Facebook Pixel is used to analyse the interactions (page views) and to optimise the website based on this information.

 

The admissibility of the related processing is based on Art. 6 para. 1 a) GDPR (consent), insofar as your data are evaluated, as well as Section 25 (1) German Telecommunications-Telemedia Data Protection Act (“TTDSG”) for access to your end device (setting and reading of cookies and user behaviour). The optional cookies and tracking tools are only set if you have agreed to them and ticked the corresponding boxes in the Cookiebot. 
You can find more information about the necessary cookies and tracking tools in the Cookiebot. You will find there in particular the provider, the specific purpose and the storage period. 

 

These cookies and tracking tools are optional. The provision of your data for the aforementioned purposes is voluntary and has no effect on your visit to the website. Below you can once again access the consent form displayed when you call up the website and view its availability. 

 

2.11 Cookie Preference Management

The operator uses the consent management service Cookiebot of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot) to manage the cookies set. Using Cookiebot, cookies tracking tools are managed on the website. Cookiebot is used to send data from you to Cybot, and Cybot may store and process such data. Further information on the processing by Cybot can be found at www.cookiebot.com/de/privacy-policy/. 

 

The admissibility of this processing is based on Art. 6 para. f) GDPR (legitimate interest). The legitimate interest of the operator lies in the management of consents or objections to also be able to deactivate cookies and tracking tools.

The following data are forwarded to Cybot in this context:

  • IP address (anonymised)
  • date and time of your selection
  • website URL
  • technical browser data 
  • anonymous random key
  • allowed cookies as proof of consent 

 

The data are stored for 12 months in the browser with a cookie to preserve your cookie selection for subsequent page views. There is no legal or contractual obligation to provide the data. However, you cannot use the website without providing the data.  

 

We use cookies and tracking tools to personalise content and ads, provide social media features, and analyse traffic to our website. We also share this information with our social media, advertising, and analytics partners. There, it may be merged with other data that you have provided to our partners. You can decide yourself which data processing you want to allow and set the corresponding checkmarks. You can also withdraw your consent at any time with effect for the future.

 

2.12 Google Maps

The controller implemented Google Maps as a service on the website. This service is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using Google Maps, information on the use of the website (e.g. date and time of access, IP address, etc.) will be transmitted to a Google server in the USA and stored there. 

 

The transfer of your personal data to Google takes place using standard data protection clauses in accordance with Art. 46 para. 2 c) GDPR, which were issued by the European Commission in accordance with Art. 93 para. 2 GDPR. Information on the standard data protection clauses can be found on the website of the European Commission (https://ec.europa.eu/info/index_de). The data will be used by Google for purposes of advertising and market research and / or the improvement of design of the website. If you are logged in into your Google user account, your use of Google Maps on this website may be linked to your Google Account. If you do not wish Google to link to your account, you have to log out from your Google Account before using Google Maps on the website. Google's Terms of Use and Privacy Policy apply. If you disable or block Java Script in your browser settings, the use of Google Maps may be restricted.

 

The legal admissibility of this processing is governed by Art. 6 para. 1 a) GDPR (consent) insofar as your data are evaluated as well as Section 25 (1) German Telecommunications-Telemedia Data Protection Act (“TTDSG”) for access to your end device (setting and reading of cookies). The use of data for the purpose of providing the maps for route finding is important for the operator, as it facilitates access to the operator’s place of business. The provision of your data is voluntarily. Non-provision will result in malfunctions of Google Maps on the website of the operator. You can withdraw your consent at any time with effect for the future via cookie preference management settings. 

 

Personal data obtained through the use of Google Maps will be deleted unless the can claim a legitimate interest in the further retention. In any case, only those data will continue to be stored that are necessary to achieve the corresponding purpose. As far as possible, the personal data will be anonymised.

 

2.13 Friendly Captcha

We use Friendly Captcha (hereinafter referred to as “Friendly Captcha”) on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany. Friendly Captcha is used to verify whether the entry of data into this website (e.g., into a contact form) is being processed by a person or an automated program. For this purpose, Friendly Captcha analyzes the behavior patterns of website visitors based on numerous characteristics. For the analysis, Friendly Captcha examines a wide range of information (e.g., anonymized IP address, referrer, time of the visit, etc.). For more related information please visit: friendlycaptcha.com/legal/privacy-end-users/.
 

Details to the collected information
When you visit a site that includes the Friendly Captcha widget and send a puzzle request, we collect the following log data:
•    the request headers User-Agent, Origin and Referer,
•    the puzzle itself, which contains information about the account and site key it is related to,
•    the version of the widget and
•    a timestamp.


We store an anonymized counter per IP address for dynamic puzzle difficulty on the edge network to detect malicious users and minimize blocking legitimate users. This data is stored entirely separately from the rest of the data and cannot be correlated to specific websites or anything else. We anonymize IP addresses using a one-way hash of certain values so they cannot be personally identified.
We do NOT ask for other information or personal information, such as your name, email, and online profiles.
 

The storage and analysis of the data occurs on basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in protecting the operator’s web presentations against abusive automatic spying and SPAM. In the event that respective consent has been obtained, the data will be processed exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, if the consent comprises the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined in the TTDSG (German Telecommunications Act). Such consent may be revoked at any time.
 

Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
 

 

2.14 Media Pool

Publishers and journalists have can request to enter the Media Pool. For this purpose, following data has to be provided: E-Mail-Address.

 

Additionally, you may voluntarily provide the following information: Publishing House, Editorial Office, Name, Position / Area of responsibility, Address, Phone, Fax, Request to enter the Media Pool (distribution list), Message.

 

This information will be used to inform you about product innovations and news regarding our company.

 

The legal justification of the processing is based on Art. 6 para. 1 a) GDPR (consent). The provision of your data is necessary to provide you information via the media pool. Failure to provide personal data will make us unable to provide you information via the media pool.

 

Your data will be deleted after revocation of your consent, unless the controller can claim a legitimate interest in further storage. This may be the case if the operator must continue to store your data due to a contract with you. In any case, only those data will continue to be stored that are necessary to achieve the corresponding purpose.

 

3. Data subject rights

You as the subject to the data processing on this website have the following rights: Right to access (Art. 15 GDPR), Rectification (Art. 16 GDPR), Erasure (Art. 17 GDPR), Restriction of the Processing (Art. 18 GDPR) as well as to Data Portability (Art. 20 GDPR). We make every effort to process your respective enquiry as quickly as possible.

 

If your personal data was processed on the basis of Art. 6 para. 1 f) GDPR, you have a right to object if there are reasons for this which result from your particular situation or if your objection is directed against direct advertising (Art. 21 GDPR). If you object to direct advertising, we will not send you any more advertising messages.

 

Please use the contact address given in the imprint for your message.

 

4. Withdrawal of Consent

If you have given your consent to the processing of your personal data and revoke it, the processing carried out up to the time of this revocation remains unaffected by this.

 

5. Right to complain

You have the right to lodge a complaint with the competent supervisory authority at any time. You can obtain an overview of the competent supervisory authorities by following this link.

 

6. Recipients

Data obtained while using the website and the information you provide when contacting us will be transmitted to the server of the operator and stored there. Additionally, your data may be transmitted to the following categories of recipients: Internal bodies and departments involved in the processing of your personal data (e.g. HR department, marketing department, product research), Data processors (e.g. IT service providers, providers of tracking tools, software manufacturers, marketing agencies, newsletter providers), Shipping companies (e.g. when shipping of samples).

 

7. Links to Third Party Websites

When visiting the website, content linked to the websites of third parties may be displayed. The operator has no access to the cookies or other functions used by third parties, nor can the operator control them. Such third party sites are not subject to the operator's privacy policy.