Data protection

How is data processed and stored?

General note and compulsory information - Designating the controller

The controller for the processing of data on this website is:
Haarpigmentierung MHS UG (limited liability)
Managing Director: Jacob Mahr
Katzbachstr. 7
10965 Berlin
The controller decides, either on its own or jointly with third parties, on the purposes for and means of processing personal data (e.g. names, contact details, etc.).

Revocation of your consent to the processing of data

Some data processing procedures are only possible with your explicit consent. You may revoke any consent already granted at any time. An informal e-mail notification is sufficient for the revocation. The lawfulness of the data processing carried out prior to the revocation will not be affected by the revocation.

The right to complain to the competent supervisory authority

You are, as a data subject, moreover, entitled to lodge a complaint with the competent supervisory authority in the event of an infringement under data privacy law. The competent supervisory authority in matters relating to data privacy law is the State Data Protection Supervisor of the Federal State in which our company has its registered office. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Right of data portability

You are entitled to have any data that we process in an automated manner based on your consent or in fulfilment of a contract handed over to you or a third party. It will be provided in a machine-readable format. Should you request that the data be transferred to another controller, the latter will only be done if it is technically feasible.

The right to information, rectification, blocking and erasure

Within the scope of the applicable statutory regulations, you are entitled, at any time, to receive information, free of charge, on any data stored relating to you personally, as well as on the origin of it, the recipients of it and the purpose of the data processing. You will also be entitled to the rectification, blocking or erasure of such data. In this respect, and also if you have any further questions on the topic of personal data, you can contact us at any time using the contact options listed in the legal notice.

SSL or TLS encryption

For security reasons, and in order to protect the transmission of confidential content that you send to us, as the website operator, our website deploys SSL or TLS encryption. That means that any data that you transmit to us via this website cannot be read by third parties. You can recognise an encrypted link in the “https://” address line of your browser and in the key icon in the browser line.

Server log files

The provider of the website automatically gathers and stores information that your browser automatically transmits to us, in server log files. This includes:

1

Information on the browser type and the version used

2

The user’s operating system

3

The user’s Internet Service Provider

4

The user’s IP address

5

Date and time of access

6

Websites from which the user’s system accesses our website

7

Websites that are accessed by the user’s system via our website

This data is not merged with any other data sources. The basis for the data processing is Art. 6(1)(b) GDPR, which permits the processing of data in order to fulfil an agreement or pre-contractual measures.

Hosting and distribution

The website is hosted, and website content delivered, using the products "S3", “SNS”, “Lambda”, “DynamoDB” and “Cloudfront” of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA (“AWS”). AWS processes and stores our web content on our behalf.
In that respect, the hosting is exclusively carried out via the German AWS computing centre in Frankfurt am Main.
AWS is certified under the “Privacy Shield” US/European data privacy convention, and thereby undertakes to comply in full with the EU data protection requirements. The certification can be inspected at the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
. AWS is involved based on our legitimate interest in secure and efficient provisions and optimisation of our website pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (contract data processing).

Contact form

Any data transmitted via a contact form, including your contact details, is stored in order to be able to process your enquiry or be prepared to answer any follow-up questions which you may have. Said data will not be passed on without your consent.
The data entered into the contact form is exclusively processed based on your consent (Art. 6(1)(a) GDPR). You may revoke any consent already granted at any time. An informal e-mail notification is sufficient for the revocation. The lawfulness of the data processing carried out prior to the revocation will not be affected by the revocation.
Any data transmitted via the contact form will remain in our possession until such time as you request its erasure, revoke your consent to its being stored, or it is no longer necessary to store the data. Mandatory statutory regulations – in particular archival periods – shall not be affected thereby.

Contact forms/Advice forms

We will process any data from our contact forms, and store in in the “Zoho CRM” CRM system of the provider ZOHO Corporation B.V., Churchilllaan 11 (17th Floor), 3527 GV Utrecht, The Netherlands (hereinafter referred to as “Zoho”).
The data entered on the contact form will be processed exclusively based on your consent (Art. 6(1)(a) GDPR), and serves the purpose of improving and expediting our customer and user service. You may revoke any consent already granted at any time. An informal e-mail notification is sufficient for the revocation. The lawfulness of the data processing carried out prior to the revocation will not be affected by the revocation.
Zoho is certified under the “Privacy Shield” US/European data privacy convention, and thereby undertakes to comply in full with the EU data protection requirements. The certification can be inspected at the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TOJbAAO&status=Active
. The use of the Zoho CRM is optional. If you are not in agreement with your data being gathered and stored in external systems of the Zoho CRM, we can offer you the following alternative contact options for service enquiries: e-mail, telephone, telefax or the post.
Users can obtain further information in Zoho CRM's data privacy statement at https://www.zoho.com/privacy.html.

Push notifications

Our website uses push-services (push notifications) of the operating system manufacturers and browser manufacturers. These are short messages which may be shown on the display of your terminal, and with which you are informed about new content relating to your project, provided that you have previously granted the corresponding consent on the terminal. We will not send you any advertisements via push notifications.
Should push services be used, a device token will be assigned by Apple, or a registration ID by Google. The nature of the latter consists in encrypted, anonymised device IDs. The purpose for which these are used is solely to provide push services. It is not possible to trace a device ID back to the individual user.
You can deactivate the receipt of push notifications via the operating system of your smartphone.

Telephony via Sipgate

In order to handle our incoming and outgoing telephone conversations with our prospects or customers, we use sipgate, a service of sipgate GmbH, Gladbacher Str. 74, 40219 Düsseldorf (hereinafter referred to as "sipgate"). The legal basis for the latter is Art. 6(1)(1)(b) GDPR. Sipgate stores the telephone numbers and call data (time and date of the call and its duration) until such time as we delete the data on the sipgate server.
You can inspect the data privacy provisions of sipgate here: https://www.sipgate.de/datenschutz

Sending of e-mail and newsletter via Amazon Web Services (AWS)

All our e-mails (registration, confirmation of account deletion, newsletter registration, confirmation of newsletter registration, newsletter e-mail, password recovery, order confirmation, confirmation of shipping, contact form, any other sales and website e-mails) relating to this website are routed via the Amazon Simple Email Service (Amazon SES), a service provided by the technical service provider Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, United States (https://aws.amazon.com/), to which we will temporarily transmit your e-mail address, as well as the e-mail content (during despatch) to a server of AWS (located within the EU). Said information is passed on pursuant to Art. 6(1)(F) GDPR, and serves to achieve our legitimate interest in using a promotionally-effective, secure and user-friendly form of despatching e-mails.
In order to protect your data, which may partially be stored in the USA, we have concluded a data processing contract with Amazon Web Services Inc. (hereinafter referred to as “Data Processing Agreement”) based on the standard contractual clauses of the European Commission, in order to enable your personal data to be transmitted to Amazon Web Services Inc.. Said Data Processing Agreement can be inspected at the following link: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
. Amazon Web Services Inc. is, moreover, certified under the “Privacy Shield” US/European data privacy convention, and thereby undertakes to comply in full with the EU data protection requirements. The certification can be inspected at the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4
. Further information on Amazon Simple Email Service, as well as on the use and processing of data by Amazon Web Services Inc., can be inspected at http://aws.amazon.com/de/ses/, as well as at http://aws.amazon.com/de/privacy/.

Erasure of data and duration of storage

The personal data of the data subject is erased or blocked once the purpose of storing it no longer exists. It may, moreover, be stored beyond that time if this has been stipulated by the European or national legislative authority in EU ordinances, laws or other regulations to which the Controller is subject. The data may also be blocked or deleted if a storage period stipulated by said standards expires, unless the necessity for further storage of the data for concluding an agreement or fulfilling an agreement exists.

Newsletter data

To send our newsletter, we need an e-mail address from you. It is necessary to verify the e-mail address given, and consent to receiving the newsletter is to be granted. No supplementary data will be gathered, or is voluntary. The data is exclusively used to despatch the newsletter.
The data provided when registering for the newsletter will exclusively be processed based on your consent (Art. 6(1)(a) GDPR). You may revoke any consent already granted at any time. An informal e-mail notification will be sufficient for the revocation, or you can unsubscribe via the “Unsubscribe” link in the newsletter. The lawfulness of the data processing procedures that have already been carried out will not be affected by the revocation.
Any data entered in order to set up the subscription will be deleted once you unsubscribe. Should said data have been transmitted to us for other purposes and elsewhere, we will continue to archive it.

Cookies

Our website uses cookies. These are small text files that your web browser saves on your terminal. The purpose of cookies is to make our online services more user-friendly, effective and also safer.
Some cookies are “session cookies.” Such cookies are automatically deleted once your browser session has ended. Other cookies, on the other hand, remain on your terminal until you delete them yourself. Such cookies help us to recognise you again if you return to our website.
With a modern web browser, you can monitor or restrict cookies, or prevent them from being placed. Many web browsers can be configured in such a way that cookies are automatically deleted once the software is closed. Deactivating cookies may lead to restricted functionality of our website.
Cookies that are necessary in order to implement electronic communication procedures or provide certain functions desired by you (e.g. a shopping cart function) are placed based on Art. 6(1)(f) GDPR. As the operator of this website, we have a legitimate interest in storing cookies in order to provide technically fault-free and smoothly running services. Should any other cookies be placed (e.g. for analysis functions), the latter will be dealt with in this data privacy statement separately.

Web analysis services

Google Analytics

Our website uses functions of the web analysis service Google Analytics. The provider of the web analysis service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses cookies. Those are small text files that your web browser stores on your terminal in order to enable an analysis of website usage. The information generated by the cookie on your use of our website is transmitted to a server of Google, and stored there. The server is generally located in the USA.
Google Analytics cookies are placed based on Art. 6(1)(f) GDPR. As the operator of this website, we have a legitimate interest in analysing usage patterns, in order to optimise our website, and possibly also our advertising.
IP anonymisation
We deploy Google Analytics in conjunction with the function of IP anonymisation. It ensures that your IP address is truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area prior to being transmitted to the USA. There may be exceptions, where Google transmits the full IP address to a server in the USA, and truncates it there. On our behalf, Google will use such information to evaluate your use of the website, in order to compile reports on the website activities, and in order to provide further services associated with the use of the website and the Internet to us. The IP address transmitted by Google Analytics is not merged with other data of Google.
Browser plug-in
The placing of cookies by your web browser can be prevented. Some functions of our website could, however, be restricted as a result. You may likewise prevent data from being gathered in regard to your website use, including your IP address, along with subsequent processing by Google. You can do this by downloading the browser plug-in accessible via the following link, and installing it: https://tools.google.com/dlpage/gaoptout?hl=de
. Objecting to the gathering of data
You can prevent your data from being gathered by Google Analytics by clicking the following link. An opt-out cookie is placed, which prevents your data from being recorded when you visit this website in future. Disabling Google Analytics.
You can find details on how Google Analytics handles user data in Google’s Privacy Policy at https://support.google.com/analytics/answer/6004245?hl=de
Contract data processing
In order to entirely fulfil the statutory data privacy requirements, we have concluded a contract with Google on contract data processing.
Demographic features at Google Analytics
Our website uses the “Demographic Features” function of Google Analytics. This allows reports to be produced containing statements on the age, sex and interests of the website visitors. Such data originates from interest-related advertising of Google, as well as visitor data of third-party providers. It is impossible to allocate the data to a particular person. You can disable this feature at any time. This is possible via the display settings in your Google account, or through you generally prohibiting your data from being gathered by Google Analytics, as explained in the clause “Objecting to your data being gathered.”

Use of tools, etc.

Google Tag Manager

Our website uses features of Google Tag Manager. The provider of Google Tag Manager is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Tag Manager is a solution enabling us to administer website tags using an interface on the Google website. The Google Tag Manager tool itself implements these website tags, and is a “cookie-less” domain, which does not gather any personal data. Google Tag Manager ensures that other tags are triggered, which, for their part, gather data in certain circumstances. Google Tag Manager does not access such data.
Details on Google Tag Manager’s Guidelines for Use can be found at the following link: http://www.google.de/tagmanager/use-policy.html

Google Maps

Our website uses Google Maps, a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
By using the Google Maps web service, we can interactively present to you maps of Google on our website, and visually display geographic information. This is done by accessing Google Maps from a server of Google in the USA and the associated passing on of your data to Google. This concerns information on your use of our website (such as your IP address). Google Maps is deployed based on Art. 6(1)(f) GDPR, and this is already done when the sub-pages where Google Maps is integrated are accessed. As the operator of this website, we have a legitimate interest in presenting you with Google Maps on our website in an interactive format.
If you are not in agreement with the future transmission of your data to Google within the scope of using Google Maps, it is also possible to fully deactivate Google Maps in your browser, by disabling the use of JavaScript and Iframes in there. Google Maps, and thus also the calendar display on this website, can then no longer be used.
Google is certified under the US/European “Privacy Shield” data privacy convention. Said data privacy convention is supposed to guarantee compliance with the level of data protection applicable in the EU.
You will find further information on how user data is handled by Google in its data privacy policy at https://www.google.de/intl/de/policies/privacy .

Google Web Fonts

Our website uses Web Fonts by Google. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By deploying these web fonts, it becomes possible to present you with our website, as we wish to display it to you, irrespective of what fonts are available to you locally. This is done by accessing the Google web fonts from a server of Google in the USA and the associated passing on of your data to Google. This concerns your IP address and which page of our website you have visited. Google Web Fonts are deployed based on Art. 6(1)(f) GDPR. As the operator of this website, we have a legitimate interest in optimally displaying and transmitting our website.
Google is certified under the US/European “Privacy Shield” data privacy convention. Said data privacy convention is supposed to guarantee compliance with the level of data protection applicable in the EU.
You can find details on Google Web Fonts at: https://www.google.com/fonts#AboutPlace:about and further information in Google’s data privacy policy: https://policies.google.com/privacy/partners?hl=de

Ausgezeichnet.org

Our website uses the services of Ausgezeichnet.org, a rating service that is operated by the provider AUBII GmbH, Alsterufer 34, 20354 Hamburg, Germany (hereinafter referred to as “Ausgezeichnet.org”).
The services of Ausgezeichnet.org are shown on the website in the form of a button. The button loads a JavaScript code of Ausgezeichnet.org on our website. We use the button in order to be able to display customer ratings of Ausgezeichnet.org on our website. By clicking the button, you reach the Ausgezeichnet.org site, to which personal data, such as your IP address, may be transmitted.
The legal basis for the processing of the data of Ausgezeichnet.org is Art. 6(1)(f) GDPR. If you are not in agreement with the future transmission of your data to Ausgezeichnet.org within the scope of using Ausgezeichnet.org, it is also possible to fully deactivate Ausgezeichnet.org in your browser, by disabling the use of JavaScript. The ratings of Ausgezeichnet.org on this website can then no longer be displayed.
You can obtain further information in the data privacy statement of Ausgezeichnet.org at: https://www.ausgezeichnet.org/datenschutz/

Integration of videos

YouTube

To integrate and display video content, our website uses plug-ins by YouTube. The operator of the video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you access a page with an integrated YouTube plug-in, a connection to the servers of YouTube is established. In this way, YouTube finds out which of our pages you have accessed.
Should you be logged into your YouTube account, YouTube may allocate your surfing patterns directly to your personal YouTube profile. By logging out in advance, you have the opportunity to prevent this.
YouTube is deployed in the interests of ensuring an appealing display of our online services. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
You will find further information on how user data is handled by YouTube at: https://www.google.de/intl/de/policies/privacy .

Online marketing - Promotional and Conversion Cookies

Google AdWords and Google conversion tracking

Our website uses Google AdWords. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
AdWords is an online advertising programme. Within the scope of the online advertising programme, we make use of conversion tracking. If you click on an advertisement shown by Google, a cookie for the conversion tracking is placed. Cookies are small text files that your web browser saves on your terminal. Google AdWords cookies expire after 30 days, and do not serve to personally identify users. We and Google can discern from the cookie that you have clicked on an advertisement and have been re-directed to our website.
Every Google AdWords customer is assigned a different cookie. Cookies cannot be tracked via the websites of AdWords customers. Conversion Cookies serve to create conversion statistics for AdWords customers who make use of conversion tracking. AdWords customers find out how many users have clicked on their advertisement and have been re-routed to pages containing a conversion tracking tag. AdWords customers do not, however, receive any information that makes it possible to identify users. If you would prefer not to take part in conversion tracking, you can object to the use of it. The Conversion Cookie is to be disabled in the user settings of the browser in this case. This means that no information will be recorded in the conversion tracking statistics.
Conversion cookies are stored based on Art. 6(1)(f) GDPR. We, as website operators, have a legitimate interest in analysing usage patterns, in order to optimise our website, and our advertising.
Details on Google AdWords and Google Conversion Tracking can be found in Google’s data privacy policy: https://www.google.de/policies/privacy/
. With a modern web browser, you can monitor or restrict the placing of cookies, or prevent them from being placed. Deactivating cookies may lead to restricted functionality of our website.

Facebook re-targeting

Our website uses the “Website Custom Audience” re-targeting technology of Facebook, of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter referred to as “Facebook”).
Facebook’s re-targeting technology enables us to also display advertisements and offers relevant to our website visitors who have already visited our website in the past and are Facebook members via the Facebook ad network on Facebook.
You can find further information on data protection and your configuration options in this respect at: https://www.facebook.com/settings/?tab=ads, as well as at: https://www.facebook.com/about/privacy
. You can object to the use of Facebook Website Custom Audiences for the future using the link https://www.facebook.com/settings/?tab=ads , as well as the link http://www.youronlinechoices.com/de/praferenzmanagement/.

Twitter re-marketing

Our website uses the Twitter re-marketing technology of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (hereinafter referred to as “Twitter”).
The re-marketing function of Twitter enables us to appeal to the visitors to our website using advertising on the Twitter platform that is tailored to their interests. For this purpose, Twitter deploys tags. Using said tags, visits to our website and data about the use of the website are recorded in pseudonymised, non-personal form. If you visit Twitter at a later date, advertisements based on your interests will be displayed to you on Twitter. If you would prefer Twitter not to appeal to you with targeted advertising, you can disable this function on Twitter at the following link: https://support.twitter.com/articles/20171528. Twitter also supports the “Do Not Track (DNT)” option, which can be activated at the following link: https://support.twitter.com/articles/20171372.
You can find further information on the topic of Twitter data privacy and Twitter advertising here: https://business.twitter.com/de/help/troubleshooting/how-twitter-ads-work.html