Privacy policy

1. data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally

The operator of this website takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

Data collection on this website

The controller responsible for data processing on this website is:

simply hairless GmbH
Salzstraße 53
48143 Münster
Represented by the managing director: Rüdiger Winter

E-mail: ruediger.winter@hairlesslifemuenster.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

How we collect your data

Your data is collected when you visit this website. The data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view).

What we use your data for

The data is collected in order to ensure the error-free provision of the website.

2. hosting

We host the content of our website with the following provider:

External hosting

This website is hosted externally. The personal data collected on this website is stored on the host's servers. This may include IP addresses, meta and communication data, website access and other data generated via our website.

The external hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.

We use the following hoster:

profihost GmbH
Hildesheimer Straße 25
30880 Laatzen

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

3. general notes and mandatory information

What rights do you have with regard to your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time, Art. 15 GDPR. You also have the right to request the rectification or erasure of this data, Art. 16, 17 GDPR. If you have given your consent to data processing, you can revoke this consent at any time for the future, Art. 7 para. 3 GDPR. You also have the right to request the restriction of the processing of your personal data under certain circumstances, Art. 18 GDPR. You also have the right to data portability, Art. 20 GDPR. Furthermore, you have the right to lodge a complaint with the competent supervisory authority, Art. 77 GDPR.
You can contact us at any time regarding this and other questions on the subject of data protection.
General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Section 25 (1) TDDDG. Consent can be revoked at any time. If your data is required to fulfill the contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

Storage period

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

4. data collection on this website

Inquiry by e-mail, telephone or fax

If you contact us by email, telephone or fax, we will store and process your request, including all resulting personal data (name, request) for the purpose of processing your request. We will not pass on this data without your consent

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures.

In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR)

The data you send to us via contact requests will remain with us until you request us to delete it or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

If you send us personal data for application purposes, such as your CV, letter of motivation, certificates and other relevant documents as well as any other information that you include in your application, the processing is based on Art. 88 GDPR in conjunction with Section 26 BDSG. Your data will be used exclusively for the purpose of reviewing and processing your application. If you are not hired, your application data will be deleted within six months after completion of the application process, unless you have consented to longer storage for future job offers (Art. 6 para. 1 lit. a GDPR).

5. Instagram

We operate an official Instagram page alongside this website in order to get in touch with interested parties and provide information. We are jointly responsible with Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland; hereinafter: Meta) for processing the data that is generated when you use our Instagram page. This means that we and Meta jointly determine the purposes and means of data processing on our Instagram page. This is based on the joint responsibility agreement in accordance with Instagram's terms of use and Meta's joint responsibility agreement.

When you visit our Instagram page, Meta automatically collects data such as your IP address, information about your device, your interactions on Instagram (e.g. likes, comments) and possibly other information that Meta stores using cookies and similar technologies. This data is used by Meta to create usage profiles and to display personalized advertising. We ourselves receive anonymized statistics from Meta on the use of our Instagram page (so-called "Insights"), which enable us to analyze the reach and interactions of our content. However, this data cannot be traced back to individuals.

Meta may also process your data outside the European Union, in particular in the USA. The transfer takes place on the basis of the EU-US Data Privacy Framework (DPF), an adequacy decision of the Commission to ensure an adequate level of data protection. Nevertheless, we would like to point out that in the event of access by US authorities, there is a risk that you will not be informed of this and will not have sufficient legal protection options. Meta's privacy policy applies to the processing of data by Meta on our Instagram page.

The processing of your data is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in effective communication with you and the provision of up-to-date information.

You have the right to information, correction, deletion and restriction of the processing of your personal data as well as the right to data portability and objection to data processing. Due to the agreement on joint responsibility (see above), it follows that the rights of data subjects with regard to processing in the context of Instagram should be asserted against Meta. The corresponding form can be found here https://www.facebook.com/help/contact/612141586937373. If you require assistance in asserting your rights, you can contact us using the contact details above.

6. cookiebot

We use the "Cookiebot" service of Usercentrics A/S (Havnegade 39, 1058 Copenhagen, Denmark; hereinafter referred to as Cookiebot) to manage your consent to the use of cookies and similar technologies in compliance with data protection regulations. When you visit our website, Cookiebot collects information about your consent, your IP address, information about the browser used, the operating system and the date and time of your visit. This data is stored on Usercentrics servers in the EU and automatically deleted after 12 months.

The processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR in order to comply with our legal obligations to provide evidence of your consent and on the basis of Art. 6 para. 1 lit. f GDPR in order to provide you with transparent and legally compliant cookie management. Further information on data processing by Cookiebot can be found in Cookiebot's privacy policy.

7. communication via WhatsApp

We offer you the opportunity to communicate with us via the messenger service "WhatsApp" from WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Personal data such as your telephone number, message content and metadata of the communication (e.g. time and duration of the message transmission) are processed. The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR or, if the communication serves to initiate or fulfill a contract, on the basis of Art. 6 para. 1 lit. b GDPR.

We would like to point out that WhatsApp may also process the transmitted data on servers in the USA. The data transfer to the USA is based on the EU-US Data Privacy Framework (DPF). WhatsApp Ireland Limited is certified under the DPF and is committed to ensuring a level of data protection equivalent to that in the EU. Nevertheless, there may be fewer control options for data subjects in the USA. To protect your privacy, we recommend that you do not transmit any sensitive or confidential data via WhatsApp, despite the possibility of end-to-end encryption. Further information on data processing by WhatsApp and DPF certification can be found in WhatsApp's privacy policy.

8. ProvenExpert

We use the rating service "ProvenExpert" of Expert Systems AG (Quedlinburger Straße 1, 10589 Berlin; hereinafter ProvenExpert) to collect, display and evaluate customer reviews. When you submit a review via ProvenExpert, personal data such as your name, your e-mail address, your review and the time of submission are processed. The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and our legitimate interest in a transparent and independent presentation of our services in accordance with Art. 6 para. 1 lit. f GDPR.

ProvenExpert stores and processes the data on servers within the European Union. We ourselves do not have access to your e-mail address or other data that you provide to ProvenExpert, unless this is explicitly published. Further information on data processing by ProvenExpert can be found in their privacy policy.

9. Services from Google

Our website uses various services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter: Google) to improve website functionality, provide services, analyze user behavior and optimize our advertising measures.

By visiting our website, Google receives the information described below. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

In detail, we use the following Google services:

Google Tag Manager: Google Tag Manager is used to manage tracking codes (tags) on our website. With this service, tracking tags can be centrally integrated and managed without directly processing personal data. Google Tag Manager itself does not access the data collected by the tags.

The processing of the above-mentioned data for the use of the respective services is based on your consent in accordance with Section 25 (1) TDDDG and Art. 6 (1) lit. a GDPR, which you can give individually via our cookie banner.

We would like to point out that your personal data may be transferred from Google to the USA when you use the above-mentioned services. Data is transferred to the USA on the basis of the EU-US Data Privacy Framework (DPF). Google is certified under the DPF and is committed to ensuring a level of data protection equivalent to that in the EU. Nevertheless, we would like to point out that there may be a lower level of data protection in the USA due to national security laws and that US authorities may have access to your data. Further information on data processing by Google and DPF certification can be found in Google's privacy policy.

We use the "Microsoft Advertising" service (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; hereinafter: Microsoft) to display personalized advertisements. Microsoft Advertising enables us to display targeted advertisements in the search results of Bing, Yahoo and on Microsoft partner websites. Personal data such as your IP address, browser information, search queries and usage behavior are processed in order to show you personalized advertising that may be relevant to you. For this purpose, Microsoft Advertising uses cookies and similar technologies to analyze your interactions with the advertisements and to measure the success of the campaigns, for example by recording clicks and conversions. Microsoft may also use this data for its own purposes, such as improving its services and personalizing advertising.

Since Microsoft is based in the USA, personal data may be transferred to the USA. The data transfer takes place on the basis of the EU-US Data Privacy Framework (DPF). Microsoft is certified under the DPF and is committed to ensuring a level of data protection equivalent to that in the EU. However, we would like to point out that there may be a lower level of data protection in the USA due to national security laws and that US authorities may have access to your data. Further information on data processing by Microsoft Advertising and DPF certification can be found in Microsoft's privacy policy.

We use various advertising services from Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland; hereinafter: Meta) to optimize our advertising measures and display targeted advertising. The following services are used:

Meta pixel: With the meta pixel, we can track the behavior of users on our website after they click on one of our Facebook or Instagram ads. Personal data such as your IP address, information about your device, interactions with the website and pages visited are collected in order to measure the effectiveness of our advertising and deliver personalized advertising.

Meta may also process your data outside the European Union, in particular in the USA. The transfer takes place on the basis of the EU-US Data Privacy Framework (DPF). Meta is certified under the DPF and is committed to ensuring a level of data protection equivalent to that in the EU. Nevertheless, we would like to point out that in the event of access by US authorities, there is a risk that you will not be informed of this and will not have sufficient legal protection options. Further information on data processing by Meta and DPF certification can be found in Meta's privacy policy.

12. rapidmail

We use the "Rapidmail" service provided by Rapidmail GmbH (Kaiserstraße 24, 76133 Karlsruhe, Germany) to send newsletters and other information emails. When using Rapidmail, personal data such as your email address, first name, surname and any other information you provide will be processed. This data is used exclusively for sending and analyzing the emails we send.