PRIVACY POLICY
PRIVACY POLICY
Last changed: May 2021
Introduction
Hans Conzen Kosmetik GmbH takes the protection of your privacy very seriously. Data protection and data security are of fundamental importance to us and we would like to inform you in the following about the personal data we collect and how we use it. Under current data protection law, personal data is defined as information that can be used to directly or indirectly identify an individual. This policy applies if you:
· purchase products or services directly from us, our agents or through our websites;
· take part in our events and seminars;
· contact our customer services;
· visit our head office;
· use our web pages; or
· interact with us via social media or advertising and content on third-party websites.
Our Privacy Policy explains who we are, details the information we collect and explains how we use it. It further describes our use of cookies and your options and rights in relation to your personal data.
We have taken technical and organisational measures to ensure that both we and our external service providers comply with the data protection regulations in line with applicable data protection laws. Processing is always carried out in accordance with the legal requirements and principles outlined below.
We occasionally change this Privacy Policy to ensure that it is compliant with the latest legal requirements and to ensure that it covers all of our services. Your statutory right of access and rights to rectification, restriction, erasure and objection remain unaffected by any such change.
Contents
II. What information is collected?
1. Information provided directly
2. Information collected automatically
3. Information from third-party sources
III. How is your personal data used?
IV. What is the legal basis for data collection?
VI. Is data transferred to other countries?
VII. How long will my data be stored for?
VIII. What are my data protection rights?
X. How are cookies and other technologies used?
XI. What happens when you access pages on social networks??
XII. What happens when you access third-party content?
XIV. What data is collected during visits to the company’s head office?
XV. How do I stop receiving advertising material?
XVI. How do I contact your Data Protection Officer?
I. Who are we?
Hans Conzen Kosmetik GmbH (hereinafter referred to as HCK GmbH) is a company in the cosmetics industry with the core brands GLYNT and GRAHAM HILL. The family-run company is represented by the managing director Stephan Conzen.
When the company was founded over 50 years ago, it initially produced special products to care for and maintain a healthy scalp. Over the course of time, a full range of premium hair cosmetics was developed.
II. What information is collected?
The personal data collected can be classified into one of the following categories:
1. Information provided directly
When you contact HCK GmbH in person or online, we may ask you for personal information. For example, we need your contact details if you would like additional information and samples of our products, to subscribe to our newsletter or customer magazine, or to interact with us on social media and other platforms. We will explain the personal data required and the reasons for the request when information is provided. This data essentially includes the following:
§ Information in connection with the performance of a contract, for example necessary data required to draft sales contracts or employment contracts;
§ Identification and demographic information, such as first name, last name, e-mail address, postal address, occupation, date of birth, telephone number, gender, password;
§ Transaction information, for example, regarding purchases made as well as the date and time of purchase, payment method;
§ Information if you visit our head office;
§ Images and photos, for example if you submit images on social media and tag HCK GmbH or one of our brands in them, or if you would like to be included in our model file;
§ We only collect health information with explicit consent, for example regarding medical history (scalp condition and other features), which may be provided as part of quality checks;
§ Your opinions or other information, for example in the case of product reviews, information about products and/or hair treatment issues, or if you apply to us with your CV.
2. Information collected automatically
When you visit HCK GmbH’s web pages, interact with our content or contact us digitally, we automatically collect certain information from your device, for example your computer, tablet or mobile phone. In the European Economic Area and some other countries, this data is considered to be personal data.
Data that your browser or mobile device automatically transmits to us is recorded. In particular, this may include: your IP address, device type, device identification number, browser type and version, time zone setting, time and other technical information. You can change your preferences by adjusting the settings on your end device.
Interaction data may also be collected, for example how you navigated to, on and from HCK GmbH’s websites, what content you viewed, what products or services you searched for, potential crashes, download times or how you navigated the social media through which you contacted us.
Some of this information is collected using cookies or similar tracking technologies. You can find more information on these topics in the section X. How are cookies and other technologies used?.
3. Information from third-party sources
HCK GmbH may receive personal data from third party sources. In this case, we check whether these third parties are legally authorised or obliged to share your data, or have your consent.
For example, if you sign into a social network through the HCK GmbH website and use the social media plugins such as ‘Like’ or ‘Share’, that social network may share any information with us that is permitted under the privacy policy for that website. This usually includes the user ID for that third-party website, the name, e-mail address and location associated with the user ID. We may also share information about you with this social network regarding your sign-in. For more information about this, see the chapter XI. What happens when I access pages on social networks?.
As far as is necessary for the provision of our service, we also process personal data that we gain from publicly available sources—such as debtor directories—or that are transmitted to us by other third parties—such as a credit reference agency.
III. How is your personal data used?
HCK GmbH uses your personal data for the following purposes:
§ To provide products or services that you (or your employer) have requested. This includes the establishment, implementation and termination of business relationships as well as the fulfilment of the associated duties. This includes the processes of technical processing, for example for our sales and accounting, payment processing or also management of a customer account.
§ For identity verification, for example, your e-mail address to check whether you already have a customer account, your date of birth to check your age, or your employer and job title to confirm that you are authorised to purchase products or services on its behalf. Individuals under the age of 18 should not use the online services without the consent of their parents or guardians, and therefore should not submit any personal data to us.
§ To provide a personalised service, we use the information on our websites to provide you with a seamless user experience and to recommend products and services that we think you will like or find useful.
§ For analytics purposes, we use your information including your location, time zone, IP address, URL visited, products and/or services requested for internal business purposes, to compile statistics and marketing plans, and to improve our products and services.
§ To provide promotional offers that you may be interested in, for example, about new products, services, announcements about upcoming events, competitions and/or contests. We use our customer magazine UPDATE, newsletters, e-mails and other communications for this purpose. If you no longer wish to receive our promotional communications, please refer to the unsubscribe section for details XV. How do I stop receiving advertising material?.
§ For technical communications, for example, to provide you with important information about your account, requested products or services, or other non-promotional communications for identity verification, password resets, maintenance information, or changed terms of use.
§ To process contact requests in order to answer and process your questions or application for a position with HCK GmbH.
§ For the optimisation of our websites in order to improve our digital offerings, to carry out technical optimisation with regard to loading times and the rectification of software errors and to provide services for the analysis of website use.
§ For the purposes of fraud prevention and detection, and to safeguard your and HCK GmbH’s property rights.
IV. What is the legal basis for data collection?
The Data Protection Act regulates when and under what circumstances data collection and processing is permitted.
HCK GmbH only collects, processes and uses such data to the extent permitted by law or insofar as you have given your consent. As a rule, we refer to the following basics:
· Fulfilment of contract (Article 6 [1] [b] of the GDPR): as part of our business relationship, you must provide the personal data necessary to begin, conduct and terminate a business relationship and to fulfil its contractual obligations and technical performance. Without this data, we are generally unable to conclude, execute or terminate a contract with you. As an example, this includes creating a customer account, ordering and delivering requested products and services or relevant information for the establishment and performance of an employment relationship.
· Legal obligations (Article 6 [1] [c] of the GDPR): we collect personal data in order, for example, to be able to comply with our legal obligations to provide you with information or to verify your identity and carry out due diligence checks in the case of business customer systems.
· Pursuit of our legitimate interests (Article 6 [1] [f] of the GDPR): if processing is not restricted by your rights, we are entitled to use your personal data to pursue our legitimate interests, for example, to run Hans Conzen Kosmetik GmbH’s web pages, as well as our other digital offerings, and to improve our products.
· Consent (Article 6 [1] [a] of the GDPR): in some cases we rely on your consent for processing. For example, when you use our contact or booking forms, register with GLYNT Academy, take part in seminars, competitions or surveys, sign up to our newsletter and other communications, or provide us with sensitive personal data in relation to employment opportunities, such as ethnicity, religion or even disability. You can withdraw your consent to data processing at any time by contacting us or using the automatic mechanism provided for this purpose. Data processing is lawful until consent is withdrawn.
· Essential interests (Article 6 [1] [d] of the GDPR): we need to use your personal data to protect the vital interests of you or other parties.
You do not always have to provide us with all of the personal data requested. You may be unable to use some of our services if you choose not to provide all of the information requested. All information that is absolutely required is marked as mandatory. If you do not want us to process certain personal data that concerns you, please do not provide us with such information or please refuse to consent to its provision.
V. Who are data recipients?
The personal data we collect may be disclosed to the categories of recipients listed below:
§ Within HCK GmbH: only those entities which require your data to process your request or to fulfil our contractual and legal obligations shall have access to your data.
§ To service providers: HCK GmbH engages third-party service providers to perform tasks on behalf of HCK GmbH. This includes, but is not limited to, the disclosure of information to companies in the following categories:
o providers of web hosting and application development;
o web analysis tools and IT services;
o providers of IT infrastructure and related services;
o providers for e-mail delivery and newsletter tools;
o payment processing service providers;
o tax, audit and professional services providers;
o agencies;
o logistics service providers;
o print service providers; and
o credit reference agencies.
These are carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
§ To comply with laws: your personal data may be disclosed to law enforcement agencies, courts, government authorities or other third parties as required by the applicable law, to exercise our rights or to protect your essential interests or the interests of others.
§ Disclosure to other persons with your verifiable consent.
VI. Is data transferred to other countries?
HCK GmbH generally does not process personal data in third countries.
However, if it is necessary to process a contract, for example in the case of deliveries of goods outside the European Union, reporting requirements under tax law or international customer trips, data is transferred to service providers there for the purpose of fulfilling the contract or on the basis of your consent.
VII. How long will my data be stored for?
We store your personal data for as long as this is necessary to achieve the respective storage purpose. We will then erase your data unless we are obliged to store it for a longer period of time due to tax, commercial or other legal storage and documentation obligations, or if you have consented to a longer storage period.
VIII. What are my data protection rights?
You have the following rights under the General Data Protection Regulation:
§ Access: You have the right to request access to the personal data we store that concerns you.
§ Rectification: You have the right to have inaccurate personal data amended and/or corrected.
§ Erasure: You have the right to request erasure of your personal data in certain circumstances.
§ Restriction: You have the right to request the restriction of your personal data. This means that the data will be blocked for further processing.
§ Objection: You have the right to object to the processing of your personal data by us. This also includes processing based on consent for direct marketing purposes. For more information on how to stop receiving advertising, see chapter XV. How do I stop receiving advertising material?. The processing of the data remains lawful until the withdrawal is received. This also applies to the withdrawal of declarations of consent that we were informed of before the GDPR came into effect, i.e. before 25 May 2018.
§ Portability: You have the right to request the portability of your personal data.
With regard to the right of access and the right to erasure, the restrictions under Sections 34 and 35 BDSG (German Federal Data Protection Act) shall apply.
If you believe that the processing of your personal data by us is not in line with the applicable law, you may lodge a complaint with a supervisory authority.
IX. Is my data secure?
Our web pages use the widespread SSL or TLS procedure, together with the highest encryption level supported by your browser. SSL stands for ‘Secure Socket Layer’, and TSL for ‘Transport Layer Security’, which are encryption methods that are successfully used throughout the World Wide Web. A symbol (closed padlock) in the address bar of your browser indicates that you are in a secure area. Alternatively, you can select unencrypted transmission if, for example, a secure area is not possible for technical reasons. In addition, all payment service providers are PCI-DSS (Payment Card Industry Data Security Standard) certified.
We also use appropriate technical and organisational security measures to protect your data against manipulation, loss, destruction, and unauthorised access by third parties. Through careful selection and regular monitoring, we ensure that our service providers also take all measures necessary to protect your data.
X. How are cookies and other technologies used?
To improve the use of our online services, we and our partners use cookies on our website. Cookies are small text files that are stored on the user’s computer by the browser used. Cookies cannot run programs or transmit viruses to your computer. They are used to collect and use personal information about you. This also includes the technical implementation of interest-based advertising. If you would like to refuse consent to the use of cookies for online marketing in general, please visit http://www.youronlinechoices.com.
We use cookies to track visitors’ preferences on our websites and to make the navigation and use of our websites as user-friendly as possible. This does not mean, however, that we are directly aware of your identity.
To learn more about cookies and other similar technologies, including how to give your consent to data protection in line with your preferences, please visit our Cookie Notice. (INSERT LINK) Our Cookie Notice groups cookies into specific purpose-related categories. The category of cookies required is pre-filled and cannot be deselected. For necessary cookies, the legal basis for data processing is our legitimate interest in ensuring the functionality of our website. You can also change your browser settings so that it informs you about the cookie settings and only allows cookies in individual cases. You can change the browser settings to accept cookies in certain cases or generally exclude them and enable the automatic deletion of cookies when you close the browser. We would like to point out, however, that you will not be able to use all the features of these websites in full if cookies are disabled.
If you access HCK GmbH’s web pages via a social network or other website, access social networks or other websites via our web pages, and/or submit content to social networks or other websites via our web pages, these social networks or other websites may use cookies and similar technologies to collect usage behaviour data for their own purposes. HCK GmbH has no control over the use of cookies and this will be covered by the third party’s cookie policy.
XI. What happens when you access pages on social networks?
We have additional web pages on the social networks Facebook and Instagram, via which we regularly publish and share content. Both of these are services from Facebook Ireland Ltd, 4 Grand Canal Square, Dublin, Ireland.
When you interact with our profiles or other Facebook or Instagram websites, the operators of the social networks collect your usage behaviour via cookies and similar technologies. We have no control over this and this procedure is also not covered by HCK GmbH’s Privacy Policy. Further information on the data collected can be found in the privacy policies for the respective social network.
HCK GmbH may view general statistics on user interests and demographic characteristics, such as age, gender and region, for its profile pages on social networks (known as ‘Page Insights’). The selection and preparation of data is determined exclusively by Facebook. This information allows us to better understand how our profile pages are used, what interests visitors have and what topics/content are particularly popular. This allows us to offer content that is relevant.
There is an agreement between HCK GmbH and Facebook that specifies which company fulfils which data protection obligations in line with the GDPR with regard to the processing of Page Insights data. Facebook has summarised the main contents of this agreement (including a list of Page Insights data) here: https://www.facebook.com/legal/terms/information_about_page_insights_data.
If you have consented to Facebook in relation to the creation of Page Insights described above, the legal basis is your consent. Otherwise, the legal basis is our legitimate interest arising from the aforementioned purposes.
XII. What happens when you access third-party content?
Within the scope of our website, we use offers from third-party providers to integrate their content and services, such as videos or fonts, on the basis of your consent or our legitimate interest in a uniform, functional website.
This may require the respective third-party providers to be aware of your IP address, as they would not be able to send the content to your browser without the IP address. Your IP address is therefore necessary in order to display this content.
YouTube
Our website uses plugins from YouTube, which is run by Google. The site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our sites enabled with a YouTube plugin, a connection will be established with YouTube servers. The YouTube server will receive information on which of our pages you have visited. If you are signed into your YouTube account, you are enabling YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by signing out of your YouTube account.
The use of YouTube is in the interest of displaying our online services in an attractive manner. Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy
Facebook and Instagram
HCK GmbH’s websites may provide easy access to services with user-generated content features such as Facebook and Instagram. We have no control over these services and we are not liable for the way they are run. Please refer to the privacy policies of Facebook and Instagram for information on how your data is used and how you can change your privacy settings. You can completely prevent the plugins from loading even with add-ons for your browser, for example with the script blocker ‘NoScript’ (http://noscript.net/).
The following functionalities may be offered to you on our websites:
- Access to social networks, for example access to the Instagram account of one of our brands or activating third-party websites when you ‘comment’, ‘share’ or ‘like’ something via a social network plugin. In these cases, the privacy policy of that third party applies to your interaction.
- Submission of content to social networks for reviews, discussions, photos and other public features. We do not impose any restrictions on the dissemination of personal data that you publish there. Any information that you voluntarily provide there may be collected and used by HCK GmbH or other parties. HCK GmbH cannot prevent third parties from using such information in a way that could violate this policy.
- Visit to our web pages via a social network for a harmonised user experience, for example. Signing in via a social network or another third party account may allow us to access information that you have allowed the social network to share. The sign-in feature may transmit information to the social network or third parties, such as your username, to authenticate you. The social network or third parties will then also automatically receive information such as your IP address, browser and device information as well as information about the HCK GmbH web page you are currently on. The sign-in feature may place and read cookies from this third party, which may contain an identifier assigned to you. The functionality and your use of the application is governed by the third party’s privacy policy and terms.
We may use any personal data you provide to us on our websites and apps to identify you on social networks so that we can show you relevant advertisements. The social networks do not pass on your personal data to others and erase the data immediately after the synchronisation process has been completed.
Salon Finder/Google Maps
Our GLYNT and GRAHAM HILL brand websites offer the user a Salon Finder functionality. You can use this tool to find the nearest business partner selling our respective product lines. Salon Finder uses the Google Maps service to display interactive maps. The data processed may particularly include users’ IP addresses and location data which, however, will not be collected without users’ consent (usually managed in their mobile device settings); the service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you want to plan a route, you will be redirected to Google Maps.
The purpose and scope of data collection and the further processing and use of the data by Google, as well as your rights in this regard and settings options for protecting your privacy, can be found in Google’s privacy policy (https://policies.google.com/privacy?hl=de).
By using the Salon Finder functionality on our web pages and consenting to location finder, you are consenting to the processing of data concerning you by Google in the manner and for the purposes outlined above.
XIV. What data is collected during visits to the company’s head office?
If you visit our head office in Tangstedt, we collect your personal data for the following purposes:
- Visitor information: for health and safety reasons, we maintain a guest list that can be viewed by all office staff. The guest list includes the first and last name, the company and appointment details. We ask all visitors to sign in at the entrance and may ask our visitors to identify themselves if necessary.
- Guest WLAN: we provide a guest WLAN for our visitors. For this purpose, we will provide you with a username and password for signing in. We record the device address and automatically assign you an IP address while you are on site. Please note that all traffic information including web pages visited, duration and date sent/received will be logged. If you use our guest WLAN, we ask you to agree to the terms and conditions of HCK GmbH and to not visit any inappropriate websites. The purpose of processing the information is to provide access to the Internet. We only process this data if it is likely to be necessary to protect our legitimate interests.
- Accidents and incidents: HCK GmbH collects personal information from anyone who has been injured or whose property has been damaged while on the company’s premises. We may collect the name, address, age, next of kin and details of the incident including relevant medical history. There is a legal obligation for this documentation. The data may be shared with insurance companies or competent authorities.
XV. How do I stop receiving advertising material?
To do so, please send your request by post to Hans Conzen Kosmetik GmbH, Lehmkoppel 2, 25499 Tangstedt or by e-mail to:
• info@grahamhill-cosmetics.com
As a result, you will incur costs only for the use of the respective contact medium.
XVI. How do I contact your Data Protection Officer?
If you have any questions about this Privacy Policy or general questions about data protection at HCK GmbH, you can contact our company Data Protection Officer at:
Hans Conzen Kosmetik GmbH
Data Protection Officer
Lehmkoppel 2, 25499 Tangstedt, Germany
E-mail to: datenschutz@glynt.com
Our security measures mean that we may occasionally ask you to provide proof of your identity before we disclose information to you. This serves to protect your data by preventing unauthorised data requests.