Data Protection Declaration

The protection of personal data is important to Vaia Beauty GmbH. We therefore inform you in this data protection declaration about your rights and the processing of personal data by us. Vaia Beauty GmbH ensures compliance with the European General Data Protection Regulation (GDPR), the regulations of the Federal Data Protection Act (BDSG-new) and the Swiss Data Protection Act with appropriate technical and organizational measures. This general data protection declaration applies to all online offers from Vaia Beauty GmbH (websites, social media presences, etc.).

1 Responsible Party

Responsible according to Art. 4 Para. 7 GDPR is

Vaia Beauty GmbH
Gartenweg 5
CH-8310 Grafstal
CHE-290.999.584MWST
E-Mail: contact@vaia-beauty.com
Tel.: +41 76 732 05 09

2 Data Protection Officer

For questions, suggestions or comments on the subject of data protection and to enforce your rights, please contact our data protection officer:

Wasithee Schnur
Vaia Beauty GmbH
Gartenweg 5
CH-8310 Grafstal
E-Mail: contact@vaia-beauty.com
Tel.: +41 76 732 05 09

3 General Information on Data Processing

3.1 Scope and Purpose of processing Personal Data

Your personal data will generally only be processed to the extent necessary to provide our online offers, content and services. The collection and use of personal data generally only takes place after consent or if the processing of the data is permitted by law.

3.2 Legal Basis for the Processing of Personal Data

The processing of personal data takes place on the following basis:

  • Consent on your part (Art. 6 Para. 1 a GDPR),
  • Necessity to fulfill a contract between you and us (Art. 6 Para. 1 b GDPR),
  • Necessity to carry out pre-contractual measures (also Art. 6 Para. 1 b GDPR),
  • Necessity to fulfill a legal obligation (e.g. statutory retention and storage obligations) (Art. 6 Para. 1 lit. c GDPR),
  • safeguarding the vital interests of the data subject or another natural person (Article 6 (1) (d) GDPR),
  • Necessity to safeguard our or the legitimate interests of a third party (Art. 6 Para. 1 lit.f GDPR).

3.3 Disclosure of Personal Data to Third Parties and Processors

In principle, no personal data will be passed on to third parties without your express consent.

We provide our services in cooperation with external providers, whereby the transmission to external providers is in any case based on the above legal bases. As part of this so-called order processing, personal data is passed on on the basis of Art. 28 GDPR.

3.3.1 Fulfillment

Vaia Beauty GmbH fulfills its obligations from the purchase contract through MAIL BOX Direkt-Marketing Service GmbH, Zitadellenweg 24a, 13599 Berlin (“MAIL BOX” for short).

For this purpose, the order details and delivery details of the customers are forwarded to MAIL BOX. An order data processing contract was concluded with MAIL BOX.

In this context, MAIL BOX is not considered a third party, but is a processor.

You can find information on data protection at MAIL BOX here:

https://www.mailbox-online.de/impressum/as well
https://www.mailbox-online.de/mailbox/cookies/

3.3.2 Hosting

Vaia-beauty.com ​​is hosted by artcom venture GmbH Zitadellenweg 26c, D-13599 Berlin (short “ACV)”. An order data processing contract was concluded with ACV.

In this context, ACV is not considered a third party, but is a processor. Information on ACV’s data protection can be found here:
https://www.artcom-venture.de/gdpr

3.3.3 Newsletter

Newsletters are sent via Newsletter2Go. See section 5.5.

3.4 Data Transfer to Third Countries

Vaia Beauty GmbH is based in Switzerland, which means that there is a third country relationship with the EU. The EU has assessed the Swiss data protection regulations as adequate (Art. 44 ff. GDPR) and vice versa.

As part of the provision of services, personal data are transmitted to Switzerland for further processing and vice versa. The further processing includes in particular clarifications on creditworthiness, invoice processing or address handling for the delivery of the goods.

3.5 Deletion of Data and Storage Period

Your personal data will be deleted or blocked as soon as the purpose for storage no longer applies.

Insofar as there are documentation obligations (accounting, tax evidence), such data are not covered by deletion.

3.6 Existence of Automated Decision Making

We do not use automatic decision-making or profiling.

4 Rights of Data Related Persons

Since your personal data are processed, you are considered a data subject within the meaning of the GDPR.

4.1 Right to Withdraw a Declaration of Consent

You have the right to withdraw your consent to the processing of your personal data at any time. The other grounds for justification are not affected.

4.2 Right to Information

Upon your request, we will inform you whether we process data about you or not.

Upon your request, we will provide you with the following information regarding processed personal data:

  • the processing purposes;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed;
  • when transmitting to a third country or an international organization, additional information regarding the appropriate guarantees in accordance with Art. 46 GDPR;
  • the planned duration (as far as possible) for which the personal data is stored or the criteria for determining this duration (if the planned duration cannot be determined);
  • the existence of the right to correction or deletion of your personal data, the right to restrict processing by us or the right to object to this processing;
  • the right to lodge a complaint with a supervisory authority;
  • all available information about the origin of the data, unless the personal data is collected directly from you;
  • the existence of automated decision-making, including profiling, in accordance with Article 22 paragraphs 1 and 4 GDPR and, if these exist, meaningful information about the logic involved and the scope and intended effects of such processing for you.

You will receive a copy of the personal data within one month of receiving the request for information. This copy is usually delivered electronically.

4.3 Right to Rectification

If your personal data is incorrect, you have the right to request that it be corrected immediately. If personal data are incomplete, you have the right to request their completion.

4.4 Right to Deletion

You have the right to request the deletion of your personal data.
The deletion will be carried out immediately in the following cases:

  • The data are no longer necessary for the purpose of the survey;
  • You revoke your consent to data processing and there is no other legal basis for processing;
  • You object to the processing and there are no overriding legitimate reasons for the processing;
  • the personal data were processed unlawfully;
  • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states.
  • The personal data was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

The right to erasure does not exist insofar as the processing is necessary to assert, exercise or defend legal claims.

4.5 Right to Restriction of Processing

You can request the restriction of the processing of personal data if:

  • the accuracy of personal data is contested for a period of time that enables the accuracy of the personal data to be checked;
  • the processing is unlawful and instead of deletion the restriction on the use of personal data is requested;
  • an objection to the processing has been filed as long as it is not certain whether legitimate reasons outweigh your reasons;

If processing has been restricted for the aforementioned reasons, this personal data will only be obtained with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest in the EU, Switzerland or a member state.

You will be informed before the restriction is lifted.

4.6 Right to Data Portability

You have the right to receive your personal data in a structured, common and machine-readable format, provided that the processing is based on consent or on a contract and is carried out using automated processes.

4.7 Right to Object

You have the right to object at any time to the processing of your personal data based on Article 6 paragraph 1 letters e or f for reasons arising from your particular situation; this also applies to profiling based on these provisions. The controller no longer processes the personal data unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.

If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

4.8 Automated Decisions in Individual Cases and Profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effect on you or similarly significantly affects you.

The above does not apply if the decision:

  • is necessary for the conclusion or performance of a contract between you and Vaia Beauty GmbH,
  • is permissible on the basis of legal provisions of the EU or the member states to which Vaia Beauty GmbH is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests or
  • with your express consent.

Vaia Beauty GmbH takes appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to have the person responsible intervene, to state your own point of view and to contest the decision.

4.9 Right to Lodge a Complaint with a Supervisory Authority

Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR violates.

5 Use of our Online Offers

In principle, you can use our online offers without revealing your identity.

In this section we explain to you when and in what context we process data when using our online offers, which offers from service providers and cooperation partners we have implemented, how they work and what happens to your data.

5.1 Data Collection when Visiting our Website

If you use our website for information purposes only (there is no registration, contract, etc.), we only collect the personal data that your browser transmits to our servers. These are the following data, which are technically necessary (not exhaustive):

  • date and time of the request,
  • IP address of the user,
  • content of the request (specific page),
  • access status / HTTP status code,
  • website from which the request comes,
  • user’s operating system,
  • Language and version of the browser software.

Such data is stored on the server side for a year and then automatically overwritten.

5.2 Use of Cookies

Different types of cookies are used.

Temporary Cookies (e.g. “session cookies”, language settings, shopping cart content) are deleted after you leave our online offer and close the browser.

Permanent Cookies (e.g. for login etc.) remain stored even after the browser is closed. They have an expiry date and can be deleted at any time in the security settings of your browser. Such cookies are also used for range measurement or marketing purposes.

In addition to so-called “First-Party Cookies”, which are set by Vaia Beauty GmbH in their capacity as data controller, “third-party cookies” are also used. These ‘Third Party Cookies’ are offered by other providers.

Vaia Beauty GmbH relies on Art. 6 Para. 1 lit. for the processing of personal data using “First-Party Cookies”. f GDPR; for the processing of personal data using “Third-Party Cookies” on Art. 6 Para. 1 lit. a GDPR.

5.3 Customer Account, Contact Forms and Email Contact

The input mask in the registration process shows which information is processed. This information is used for the purpose of using our offers and for rendering services.

You have the option to terminate your user account at any time. In this case, your data will be deleted, unless we are obliged to keep it for commercial or tax reasons.

To contact us, you will find contact forms and email links (mailto) on our online offerings, which can be used to contact us electronically.

5.4 User Comments and Contributions

As a registered user, you have the option of leaving comments on our products and online offers. Vaia Beauty GmbH then saves your IP addresses and the time of publication based on legitimate interests in accordance with Art. 6 Para. 1 lit. f. GDPR. This storage is carried out for security reasons if the rights of third parties are violated in comments and contributions or illegal content is left behind (insults, defamation, content inciting the people, etc.). In this case we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author. This data is not passed on to third parties, unless such a transfer is required by law or serves to enforce the rights of Vaia Beauty GmbH.

Keep in mind that comments and posts are accessible to everyone. Before posting, you should carefully review your posts to see if they contain information that is not intended for the public. You have to expect that your contributions will be recorded in search engines and can be called up worldwide even without specifically calling up our offer.

5.5 Newsletter

‘Newsletter2Go’ from Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, https://www.newsletter2go.ch is used to send a newsletter. An order data processing contract was signed with Newsletter2Go GmbH.

Newsletters are only sent after you have given your consent and can be unsubscribed at any time. A double opt-in procedure is used for registration.

Your information will only be used in the context of the purpose of this data protection declaration.

5.6 Social Media Buttons

The content of this website is linked using social media buttons so that you can share the content on the corresponding platforms. These are the buttons from Pinterest, Instagram and Facebook.

The buttons offered directly by the operators of social networks inadmissibly transmit personal data such as the IP address or entire cookies when loading a website on which they are integrated and thus pass on precise information about your surfing behavior to the social services. You do not have to be logged in or be a member of the respective network.

To protect your privacy, Vaia Beauty GmbH therefore uses “c’t Shariff”. A c’t Shariff button does not establish direct contact between you and the social network until you actively click on the share button. This prevents Shariff from leaving a digital trace on every page you visit and improves data protection. By using Shariff, Vaia Beauty GmbH can protect your personal data and still integrate buttons for social sharing.

Further information on c’t Shariff can be found at:
https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
such as
https://github.com/heiseonline/shariff

5.6.1 Facebook Share Button

Facebook claims to collect information when you visit third-party websites that use Facebook services (such as the “Share” button). This includes information about the websites you visit and your use of Facebook services on such websites. If you are logged in to Facebook when you visit this website, Facebook will receive your user ID, the website you visited, the date and time and other browser-related information.

The purpose and scope of the data collection and the further processing and use of the data by Facebook can be found in Facebook’s notes on social plug-ins:

https://de-de.facebook.com/help/443483272359009/
For more information about Facebook, see Chapter 6 Marketing.

5.6.2 Instagram Follow Button

Instagram is a product of Facebook Inc.

Instagram claims to collect information when you visit third-party websites that use Instagram / Facebook services (such as the “Share” button). This includes information about the websites you visit and your use of Instagram / Facebook services on such websites.

For the purpose and scope of the data collection and the further processing and use of the data by Facebook, please refer to Instagrams / Facebook’s information on social plug-ins:

Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland
Privacy Policy: https://help.instagram.com/519522125107875

5.6.3 Pinterest Save Button

When you click the “Save” button, your browser sends data to Pinterest. Vaia Beauty GmbH therefore has no influence on the amount of data Instagram collects with the button.

Provider: Pinterest Europe Ltd. Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
Data protection declaration: https://policy.pinterest.com/en/privacy-policy
Opt-out:https://policy.pinterest.com/en/privacy-policy#section-choices-you-have-about-your-info

5.7 Online Offers on Social Media Platforms

Vaia Beauty GmbH offers online offers on the social media platforms Facebook, Pinterest and Instagram, provides information there and contacts you.

Vaia Beauty GmbH has no influence on the processing of personal data by these platform operators. The processing of personal data when visiting one of the social media offers is based on the conditions of use of the platform operators and is based on your consent, which results from the use of the platforms.

Further information can be found in the links in the preceding sections: Facebook (section 5.6.1), Instagram (section 5.6.2) and Pinterest (section 5.6.3).

5.7.1 Facebook

Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland
Data protection declaration: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads

Data processing is based on an agreement on the joint processing of personal data in accordance with Art. 26 GDPR.

5.7.2 Instagram

Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
Privacy policy: http://instagram.com/about/legal/privacy
Opt-out: http://instagram.com/about/legal/privacy

5.7.3 Pinterest

Provider: Pinterest Europe Ltd. Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
Data protection declaration: https://policy.pinterest.com/en/privacy-policy
Opt-out: https://policy.pinterest.com/en/privacy-policy#section-choices-you-have-about-your-info

5.8 Adobe Typekit

The website of vaia-beauty.com ​​is designed visually with Adobe Typekit. Adobe Typekit is a service of Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland. To integrate the fonts used, your browser must establish a connection to an Adobe server in the USA and download the font required for our website. This gives Adobe the information that our website has been accessed from your IP address.

Provider: Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland
Data protection declaration: https://www.adobe.com/de/privacy/policy.html

5.9 External Links

It is possible that the online offer of Vaia Beauty GmbH links to external sites. Vaia Beauty GmbH has no influence on whether the respective operators comply with the data protection regulations.

Marketing

6.1 Facebook Pixel, Facebook Custom Audience and Facebook Remarketing

Facebook Pixel, Facebook Custom Audience and Facebook Remarketing are services of the US Facebook Inc. For people in the European Economic Area (EEA) and in Switzerland, the Irish Facebook Ireland Ltd. responsible.

The data processing takes place on the basis of an agreement on the joint processing of personal data according to Art. 26 GDPR: ‘order data processing contract’ as well as ‘add-on for Facebook page operators’.

Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland
Data protection declaration: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads

6.2 Google Analytics, Google Adwords and Google Remarketing

Google Analytics, Google Adwords and Google Remarketing are services of the American Google LLC. Irish Google Limited Ireland is responsible for people in the European Economic Area (EEA) and Switzerland.

These Google services use cookies, among other things. Data can be transferred to Google in the USA. Vaia Beauty GmbH assumes that there is no personal tracking in this context solely through the use of its websites. Google is committed to ensuring adequate data protection in accordance with the Privacy Shield between the USA and the EU and the USA and Switzerland. Further information can be found in Google’s data protection declaration.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data protection declaration: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated
Opt-out for Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de
Google settings for data use for marketing purposes: https://adssettings.google.com/
Deactivation of third-party cookies: https://www.networkadvertising.org/choices

A data processing contract has been concluded with Google:https://support.google.com/analytics/answer/3379636?hl=de

6.3 Microsoft Bing Ads

Microsoft Bing Ads are services provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft does not process any personal information about the identity of the user.

Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Data protection declaration: https://privacy.microsoft.com/de-de/privacystatement
Opt-out: https://choice.microsoft.com/de-DE/opt-out

7 Payment Options

7.1 Credit Card Payments via Wirecard

When paying by credit card, we pass your payment details on to Wirecard AG, Einsteinring 35, 85609 Aschheim, Germany (hereinafter “Wirecard”). The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing. Information that you provide to Wirecard is not under our control and is subject to Wirecard’s privacy policy.

Wirecard’s privacy policy is available here: https://www.wirecardbank.de/datenschutz/

7.2 PayPal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal, we pass your payment details on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal. For this purpose, your payment details may be processed in accordance with Art. 6 Para. 1 lit. f GDPR passed on to credit agencies on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values ​​(so-called score values). As far as score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is included, but not exclusively, in the calculation of the score values.

For more information on data protection law, including information on the credit agencies used, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

8 Children

Our offer is aimed primarily at adults. Persons under the age of 16 are not permitted to transmit personal data to us without the consent of their parents or legal guardians.

Entry into force of this data protection declaration: 01.11.2020