1. Privacy policy according to the GDPR
We at Janssen Cosmetics GmbH take the protection of your personal data very seriously and strictly adhere to the rules of data protection laws. Personal data is only collected on this website to the extent strictly necessary. Under no circumstances will the collected data be sold or passed on to third parties for any other reason.
The following policy gives you an overview of how we guarantee this protection and what kind of data is collected for what purpose.
2. Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of EU Member States, as well as other provisions of data protection law is:
Janssen Cosmetics GmbH
Pontsheide 36
5076 Aachen
Germany
Tel.: +49 2408 70460
Email: info@janssen-cosmetics.com
Website: www.janssen-cosmetics.com
Manager: Ulrich Janssen
3. Name and address of the data protection officer
The data protection officer of the data controller is:
Data Organisation Engineering Office
Dragan Stanković
Lütticher Straße 7
52064 Aachen, Germany
Tel.: +49 241 5903360
Email: d.stankovic@ido-stankovic.de
Website: www.ido-stankovic.de
4. General Data Processing
4.1 Scope of processing of personal data
We process the personal data of our users only insofar as it is necessary to provide an operational website, as well as content and services. The processing of our users’ personal data is subject to the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for genuine reasons and the processing of the data is permitted by statutory provisions.
4.2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
Art. 6 (1) (b) of the GDPR serves as a legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This will also apply to processing operations necessary for the implementation of pre-contractual measures.
If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) (b) of the GDPR serves as the legal basis.
In the event that overriding interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) (b) of the GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the aforementioned interest, Art. 6 (1) (b) of the GDPR serves as the legal basis for processing.
4.3 Data deletion and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose for storage no longer applies. Storage may also take place if the EU or domestic legislator has provided for this in EU regulations, laws or other provisions to which the data controller is subject. The data will also be blocked or deleted if the storage period prescribed by the above standards expires, unless it is necessary for further storage of the data for the conclusion or fulfilment of a contract.
5 Provision of the website and creation of log files
5.1 Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the user.
The following data is collected:
The data is also stored in our system log files. These data are not stored together with other personal data of the user.
5.2 Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) of the GDPR.
5.3 Purposes of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user shall remain stored for the duration of the session.
The data is stored in log files in order to ensure the smooth functioning of the website. The data is also used to optimise the website and to ensure the security of our IT systems. No assessment of the data for marketing purposes takes place in this context.
These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) (f) of the GDPR.
5.4 Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of data collection to ensure the website provision, this is the case when the respective session is terminated.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or removed so that data allocation to the visiting client is no longer possible.
5.5 Objection and removal options
Data collection for the provision of our website and data storage in log files is necessary for operating the website. Consequently, the user may not object.
6 Use of cookies
6.1 Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in an Internet browser or by the user's computer system browser. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.
We use cookies to ensure our website is user-friendly. Some of our website features require that the requesting browser can be identified even after the user has changed to another page.
The following data is stored and transmitted in the cookies:
We also use cookies on our website which enable us to analyse our users’ browsing habits. This enables the following data to be transmitted:
Required cookies
|
Cookie |
Purposes |
Process |
|
ASP.NET_SessionID |
This cookie stores data during your visit. For example, the cookie remembers a selection you made or which page you have previously viewed
|
Session |
|
_GRECAPTCHA |
This cookie assigns an ID to the site visitor and determines statistical data on website visits |
6 months |
|
OGPC |
These cookies are used by Google to store settings and user information each time you visit websites that contain geographical information from Google Maps. |
1 year |
|
NID |
The NID cookie contains a unique ID that Google uses to store your preferred settings and other information. |
6 months |
Preference cookies
|
Cookie |
Purposes |
Process |
|
defaultCulture |
|
1 month |
|
Culture |
Language |
3.5 months |
|
id_cart_token_ShoppingCart |
|
1 month |
|
id_cart_token_WishlistCart |
|
1 month |
|
cookieCheck |
Cookie placed if the user accepts the cookie policy. Requested by the cookie bar/banner at the foot of the page. |
1 year |
|
__RequestVerificationToken |
|
Session |
|
messagesUtk |
Chatflow tool |
13 months |
Statistics
|
Cookie |
Purposes |
Process |
|
_cf_bm |
to maximise network resources, manage web traffic, and protect our customers’ sites from malicious web traffic. |
1 day |
|
hubspotutk |
Visitor identity |
1 month |
|
_hstc |
Visitor tracking |
1 month |
|
_gid |
These cookies tell us how you use our website and how you found our website. |
2 days |
|
_gid |
These cookies tell us how you use our website and how you found our website. |
2 years |
|
_gcl_au |
Information in ad clicks |
3 months |
|
_gat_gtag_UA_51161952_2 |
These cookies tell us how you use our website and how you found our website. |
1 day |
|
_hssrc |
Whenever the HubSpot software changes the session cookie, this cookie is also set. This determines whether the visitor has restarted the browser. |
Session |
Marketing
|
Cookie |
Purposes |
Process |
|
NID |
These cookies track how you use our website to show you advertising that may be of interest to you. |
6 months |
|
1P_JAR |
These cookies track how you use our website to show you advertising that may be of interest to you. |
1 month |
|
DV |
These cookies track how you use our website to show you advertising that may be of interest to you. |
1 day |
|
CONSENT |
These cookies track how you use our website to show you advertising that may be of interest to you. |
2 years |
|
newscheck |
News banner |
5 months |
|
IDE |
These cookies track how you use our website to show you advertising that may be of interest to you. |
1 month |
|
AID |
ADS |
10 months |
|
_fbp |
Facebook Pixel |
3 months |
|
test_cookie |
Remarketing |
1 day |
Not classified
|
Cookie |
Purposes |
Process |
|
.ASPXAUTH |
|
3 days |
|
_hssluid |
For management automation
Source: QA Madness Cookies Policy | QA Madness Help Center Software testing company |
1 month |
|
_stripe_mid |
|
8 months |
|
_pdst |
|
7 months |
|
NPS_61a7bd63_last_seen |
|
2 weeks |
When accessing our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.
6.2 Legal basis for data processing
The legal basis for the processing of personal data using ‘strictly required’ cookies is Art. 6 (1) (f) of the GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) of the GDPR if the user has given his or her consent.
6.3 Purposes of data processing
The purpose of using ‘strictly required’ cookies is to simplify users’ website experience. Some website features cannot be made available without the use of cookies. For these features, it is necessary that the browser is recognised also after the user switches pages. The user data collected by ‘strictly required’ cookies are not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality of our website and its content. By using analysis cookies, we can learn how the website is used and therefore constantly improve our offer.
These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) (f) of the GDPR.
6.4 Storage duration, objection and removal option
Cookies are stored on the user’s computer and transmitted to our website by the user. Accordingly, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all features of the website can be used to the fullest extent possible.
7 Advertising and marketing services
7.1 Description and scope of data processing
We use the following advertising and marketing services on our website:
|
Tool |
Description |
|
Google Tag Manager |
Google Tag Manager is a solution that allows marketers to manage website tags through an interface. The tool itself (which deploys the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags which may in turn collect data. Google Tag Manager does not access this data. |
|
OpenStreetMap |
Umap is an open-source mapping tool based on the French OpenStreetMap (https://openstreetmap.fr). To show you the map, your IP address will be forwarded to OpenStreetMap. |
|
Google reCAPTCHA |
This function primarily serves to distinguish whether an input is made by a natural person or abusively by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. |
|
Google APIs |
We use this data to ensure the full functionality of our website. In this context, your browser will transmit personal data to Google APIs. |
|
DoubleClick remarketing |
DoubleClick uses cookies to place ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. |
|
Doubleclick advertising |
DoubleClick Floodlight cookies enables us to understand whether you perform certain actions on our website after you have accessed or clicked on one of our display/video ads on Google or on another platform via DoubleClick (conversion tracking). DoubleClick uses this cookie to understand the content you have interacted with on our websites in order to send you targeted advertising later. |
7.2 Legal basis for data processing
The legal basis for the processing of users’ personal data is Art. 6 (1) (f) of the GDPR.
7.3 Purposes of data processing
|
Tool |
Purposes |
|
OpenStreetMap |
Displays the route to our organisation or our events |
|
Google reCAPTCHA |
Prevents abuse and spam |
|
Google APIs |
error-free operation of the website |
|
DoubleClick remarketing |
Show user relevant ads, that improve campaign performance reports or prevent |
|
Doubleclick advertising |
a user from seeing the same ads several times. |
7.4 Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.
7.5 Objection and removal options
You can prevent participation in this tracking process in several ways: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving any ads from third-party providers; b) by disabling the cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", whereby this setting https://www.google.de/settings/ads is deleted when you delete your cookies; c) by disabling the interest-ads of the providers that are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies; d) by permanently disabling them in your Firefox, Internet Explorer, or Google Chrome browser at http://www.google.com/settings/ads/plug-in. We would like to point out that in this case you may not be able to use all the website features to their fullest extent.
8 Social plug-ins
8.1 Description and scope of data processing
Social plug-ins (“plug-ins”) from social networks are used on our websites, in particular from Facebook, Twitter, and LinkedIn.
Therefore, when you visit our websites, no data is automatically transmitted to social networks such as Facebook or Twitter. Only when you actively click on the respective button does your Internet browser establish a connection to the servers of the respective social network, meaning that, by clicking on the respective button, you consent to your Internet browser establishing a connection to the servers of the respective social network and transmitting usage data to the respective operator of the social network.
8.2 Legal basis for data processing
The legal basis for the processing of data after a user has signed up for our newsletter is Art. 6 (1) (f) of the GDPR if the user has given his or her consent.
8.3 Purposes of data processing
The purpose of data processing can be found in the data protection regulations of Facebook and Twitter.
8.4 Duration of storage
The storage period for data processing can be found in the data protection regulations of Facebook and Twitter.
8.5 Objection and removal options
If you do not want Facebook and Twitter to collect data about you via our website, you must log out of Facebook and/or Twitter before visiting our website.
9 Email marketing
9.1 Description and scope of data processing
We use the HubSpot service to carry out our online marketing measures. The provider is HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141. HubSpot is also available within the European Union, and the current, relevant contact details can be found here: https://www.hubspot.com/company/contact. You can find more information about data protection by this provider here: https://www.hubspot.de/data-privacy/gdpr and https://legal.hubspot.com/de/privacy-policy.
With this tool, we carry out various online marketing measures described in this privacy policy, including:
9.2 Legal basis for data processing
In this regard, we refer to the respective statements regarding the detailed online marketing measures, which we supplement by the following information:
We only send newsletters and automated mailings (“mailings”) after your corresponding subscription, i.e. with your consent, on the basis of Art. 6 (1) (a) of the GDPR. If the content of the mailings (i.e. the advertised goods and services) is specifically described in the context of the registration, it is decisive for the scope of the consent. In addition, our mailings contain information about our products, offers, promotions, and/or our company.
You can subscribe via the so-called double opt-in procedure, i.e. you will receive an email after your subscription, in which you will be asked to confirm your subscription, in order to prevent any misuse of your email address. Subscription to our mailings is logged by us, in order to prove the subscription process complies with legal requirements, and to prevent or clarify any misuse of your personal data. The logging of the subscription process takes place on the basis of our legitimate interests in accordance with Art. 6 (1) (f) of the GDPR within a user-friendly and secure mailing system, in order to be able to prove the subscription process and the consent given at a later date.
You can revoke your consent to receiving our mailings at any time, notably by unsubscribing. An unsubscribe link to exercise this right can be found at the end of each email.
If we obtain your consent for certain online marketing measures, the legal basis for data processing is Art. 6 (1) (a) GDPR. Insofar as the data processing is carried out for the fulfilment of a contract with you, the legal basis is Art. 6 (1) (b) of the GDPR. Furthermore, data processing is based on the legal basis of Article 6 (1) (f) of the GDPR, according to which the processing of personal data is also possible without the consent of the data subject if the processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. Here we invoke our interest in direct advertising in accordance with Recital 47 of the GDPR. Our legitimate interest derives from the fact that we can ensure the effectiveness of the campaigns we create and the effective use of the resources deployed for this purpose through specific online marketing measures. In addition, you will only receive advertising that is potentially relevant and of interest to you.
9.3 Purposes of data processing
Our mailings contain so-called tracking pixels (web bugs), which enable us to see if and when an email was opened, and which links in the email were followed by the personalised recipient. This information is used for the technical improvement of our newsletter on the basis of technical data or the target groups and their reading behavior, based on their location (which can be determined with the help of the IP address) or access times. The evaluations also serve to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The data collected in this way is used to send personalised marketing emails to the respective recipient.
For individual email campaigns, we also use a selection from the recipient’s circle on the basis of data and information determined and qualified by us (such as your expressed interest in individual topics, your address/region, etc.) in order to be able to offer you goods and services that match your interests. You will then only receive advertising that is potentially relevant and of interest to you.
9.4 Duration of storage
The data collected and otherwise processed in this way will be stored and processed on the servers of this provider until you revoke your consent. HubSpot acts as our processor and processes the data exclusively in accordance with our instructions. You can find more information about the various possible applications here: https://www.hubspot.de/.
9.5 Objection and removal options
Your rights are protected by the fact that we have made the processing operations here transparent and that you can object to any processing by HubSpot. If you do not want HubSpot to collect your data, you can prevent the storage of cookies at any time through your browser settings or by using the following opt-out link: HubSpot opt-out link.
We have carefully selected this provider and have contractually bound them accordingly. This commissioning does not prevent the provider from processing the data outside the European Union or from being headquartered outside of it. The contractual instruments governing the commissioning of HubSpot contain the EU standard contractual clauses so that the commissioning is possible in accordance with Article 46 of the GDPR. You can find the contract document here: https://legal.hubspot.com/en/dpa.
10 Newsletter
10.1 Description and scope of data processing
Users can subscribe to receive our free newsletter via our website. When subscribing to receive the newsletter, the data from the input screen is transferred to us.
First name, surname
Your consent will be obtained for the processing of your data during the subscription process and reference will be made to this data protection statement.
No data will be passed on to third parties in connection with data processing for the sending of newsletters. The data will be used exclusively for sending the newsletter.
10.2 Legal basis for data processing
The legal basis for the processing of data following subscription to our newsletter by the user is Art. 6 (1) (a) of the GDPR if the user has given his or her consent
10.3 Purposes of data processing
The collection of the user's email address is used to deliver the newsletter.
The collection of other personal data as part of the subscription process serves to prevent misuse of the services or the email address used.
10.4 Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. The user's email address will therefore be stored if the newsletter subscription is active.
The other personal data collected in the course of the subscription process are usually deleted after a period of seven days.
10.5 Objection and removal options
Subscription to the newsletter can be cancelled by the user at any time. For this purpose, there is a relevant link contained in every newsletter sent.
This also enables the revocation of consent to the storage of personal data collected during the subscription process.
11 Contact form
11.1 Description and scope of data processing
A contact form is available on our website. If a user makes use of this option, the data entered in the input screen will be transmitted to us and stored. These data are:
When the message is sent, the following data will also be stored:
Your consent will be obtained for the processing of the data when the message is sent, and reference will be made to this data protection statement.
Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.
The data will not be passed on to third parties in this context. The data will be used exclusively for the purpose of the conversation.
11.2 Legal basis for data processing
The legal basis for the processing of the data is Art. 6 (1) (a) of the GDPR if the user has given his consent.
The legal basis for processing the data transmitted in the course of sending an email is Art. 6 (1) (f) of the GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) of the GDPR.
11.3 Purposes of data processing
The processing of personal data from the input screen serves exclusively for facilitating communication. In the case of contact by email, this also constitutes a necessary legitimate interest in the data processing.
The other personal data processed when the message is sent serve to prevent misuse of the contact form and to ensure the security of our IT systems.
11.4 Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For the personal data collected from the contact form input screen and sent via email, this is the case when the conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been definitively clarified.
The additional personal data collected when the message is sent will be deleted after a period of seven days at the latest.
11.5 Objection and removal options
The user may revoke his or her consent regarding the processing of personal data at any time. If the user contacts us by email, he or she may object to the storage of his or her personal data at any time. In this case, the conversation cannot be continued.
In this case, all personal data stored in the course of establishing contact will be deleted.
12 LinkedIn Analytics
12.1 Scope of processing of personal data
Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages that contains LinkedIn functions, a connection is established to LinkedIn servers. LinkedIn is informed that you have visited our websites with your IP address. If you click on LinkedIn's "Recommend" button and are logged in to your LinkedIn account, LinkedIn can associate your visit to our website to you and to your user account. With the help of LinkedIn Analytics, an evaluation of our profiles on LinkedIn is also possible (e.g. how often registrations have been downloaded).
12.2 Legal basis for the processing of personal data
The legal basis for the processing of your data is Art. 6 (1), sentence 1, (f) of the GDPR. For more information about LinkedIn Analytics, please refer to LinkedIn's Privacy Policy: http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
12.3 Purposes of data processing
The processing of users' personal data enables us to analyse the browsing patterns of our users. By evaluating the data collected, we can compile information about the use of our website's individual features. This helps us to constantly improve our website and its usability. These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) (f) of the GDPR. By anonymising the IP address, the user's interest in protecting their personal data is sufficiently considered.
12.4 Duration of storage
The data is deleted as soon as it is no longer needed for our storage purposes.
In our case, this happens after 30 days.
12.5 Objection and removal options
Cookies are stored on the user's computer with their explicit consent (consent banner) and transmitted to our website by the user. Accordingly, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all features of the website can be used to the fullest extent possible.
We offer our users the possibility of an opt-out from the analysis process on our website. To do this, you must follow the corresponding link. In this way, another cookie is placed onto your system, which signals to our system not to store the user's data. If the user deletes the corresponding cookie from his or her own system at any point afterwards, they must set the opt-out cookie again.
13 Web analysis by Google Analytics
13.1 Scope of processing of personal data
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses ‘cookies’ which are text files placed on your computer to help the website analyse how users use the website. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States of America. However, if IP anonymisation is activated on this website, Google will shorten your IP address within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area in advance. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide other services related to website and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the website features to their fullest extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
13.2 Legal basis for the processing of personal data
The legal basis for the processing of users’ personal data is Art. 6 (1) (a) of the GDPR.
13.3 Purposes of data processing
The processing of users' personal data enables us to analyse the browsing patterns of our users. By evaluating the data collected, we can compile information about the use of our website's individual features. This helps us to constantly improve our website and its usability. These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) (f) of the GDPR. By anonymising the IP address, the user's interest in protecting their personal data is sufficiently considered.
13.4 Duration of storage
The data is deleted as soon as it is no longer needed for our storage purposes.
In our case, this happens after 30 days.
13.5 Objection and removal options
Cookies are stored on the user's computer with their explicit consent (consent banner) and transmitted to our website by the user. Accordingly, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all features of the website can be used to the fullest extent possible.
We offer our users on our website the possibility of an opt-out from the analysis process. To do this, you must follow the corresponding link. In this way, another cookie is placed onto your system, which signals to our system not to store the user's data. If the user deletes the corresponding cookie from his or her own system at any point afterwards, they must set the opt-out cookie again.
14 Rights of the data subject
If your personal data is processed, then you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the data controller:
14.1 Right of access
You can request confirmation from the data controller as to whether your personal data will be processed by us.
In the event of such processing, you may request the following information from the data controller:
You have the right to request information as to whether your personal data will be transferred to a third country or to an international organisation. In this context, you may request that you are informed of the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with the transfer
14.2 Right to rectification
You have the right to have your personal data rectified and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller will rectify the data in question immediately.
14.3 Right to restrict processing
Under the following conditions, you may request that the processing of your personal data be restricted:
If the processing of personal data concerning you has been restricted, this data may only be processed – with the exception of its storage – with your consent, or for the assertion, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest for the Union or a Member State.
If the processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction of processing is lifted.
14.4 Right to deletion
14.4.1 Deletion obligation
You may request that the data controller deletes your personal data immediately, and the data controller is obliged to delete these data immediately if one of the following reasons applies:
14.4.2 Information provided to third parties
If the data controller has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 (1) of the GDPR, he or she shall take reasonable measures, including technical measures, taking into account available technology and the cost of implementation, to inform data controllers who process the personal data that you, as the data subject, have requested the deletion of all links to such personal data or of copies or replications of said personal data.
14.4.3 Exemptions
The right to deletion does not exist if the processing is necessary
14.5 Right to information
If you have asserted your right to rectification, deletion or restriction of processing against the data controller, the data controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this data rectification or deletion or the restriction of its processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of such recipients vis-à-vis the data controller.
14.6 Right to data portability
You have the right to receive your personal data that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to communicate these data to another data controller without being obstructed by the data controller to whom the personal data was provided, insofar as
In exercising this right, you also have the right to request that your personal data be transmitted directly by one data controller to another, insofar as this is technically feasible. Freedoms and rights of third parties shall not be affected by this.
The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
14.7 Right to object
You have the right, for reasons arising from your particular circumstances, to object at any time to the processing of your personal data based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The data controller will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If your personal data are processed for the purpose of direct marketing, you have the right to object at any time; this will also apply to profiling in so far as it is linked to such direct marketing.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You also have the option to exercise your right to object in relation to the use of information society services - notwithstanding the Directive 2002/58/EC - by means of automated procedures using technical specifications.
14.8 Right to revoke the declaration of consent under data protection legislation
You have the right to revoke your declaration of consent under data protection legislation at any time. The revocation of consent does not affect the legitimacy of the processing carried out based on the consent up to the time consent is revoked.
14.9 Automated decisions in individual cases including profiling
You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or affects you significantly in a similar way. This will not apply if the decision
However, these decisions may not be based on special categories of personal data under Art. 9 (1) of the GDPR, unless Art. 9 (2) (a) or (g) of the GDPR applies, and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the data controller shall take appropriate measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the data controller, to a statement of his or her point of view and to contest the decision.
14.10 Right to appeal to a supervisory authority
Without prejudice to any other administrative or legal remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the suspected infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and outcome of the complaint, including the option for a legal remedy under Article 78 of the GDPR.
The supervisory authority responsible for Janssen Cosmetics GmbH:
North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information
Kavalleriestr. 2-4
40213 Düsseldorf, Germany
Tel.: +49 (0)211 38424-0
Fax: +49 (0)211 38424-999
Email: poststelle@ldi.nrw.de
