DATA PROTECTION INFORMATION

(Date 01/01/2020)

Table of contents

1. Overview
2. Name and contact details of the data controller responsible for processing and the company data protection officer
3. Purposes of data processing, legal basis and legitimate interests pursued by Ultimate Skin Aesthetics GmbH or a third party and categories of recipients
3.1. Accessing our website or application
3.2. Online presence and website optimisation
4. Recipients outside the EU
5. Your rights
5.1.Overview
5.2.Right to object
6. Changes to this policy

1. Overview

The following privacy policy informs you about the nature and extent of the processing of ‘personal data’ by Ultimate Skin Aesthetics GmbH. Personal data is information that can be directly or indirectly attributed to you or can be attributed to you.

When you access the Ultimate Skin Aesthetics GmbH website/application, various information is exchanged between your end device and our server. This may also concern personal data. The information collected in this way is used, among other things, to optimise our website.

Our website and services are not meant for children under the age of 16.

In accordance with the provisions of the GDPR, you have various rights that you can assert against us. This includes the right to object to selected data processing, in particular data processing for advertising purposes. The option to object is highlighted in print.
If you have any questions about our privacy policy, please feel free to contact us at any time using the controller’s contact details below.

2. Name and contact details for the controller

This privacy policy applies to data processing by Ultimate Skin Aesthetics GmbH, Luise-Rainer-Strasse 7-11, 40235 Düsseldorf, Germany; managing directors: Christoph Honnefelder, Susanne Cornelius, Dr. Christian Korte (‘controller’), and for the following websites or applications: www.dr-schmiedeberg.de.

3. Purposes of data processing, legal basis and legitimate interests pursued by Ultimate Skin Aesthetics GmbH or a third party and categories of recipients

3.1. ACCESSING OUR WEBSITE/APPLICATION

When you access our website/application, information is automatically sent to the server of our website/application by the browser used on your end device and temporarily stored in a ‘log file’. We have no control over this. The following information is also collected without any intervention by you and is stored until automated deletion:

  • the IP address of the requesting Internet-enabled device;
  • the date and time of access;
  • the name and URL of the file retrieved;
  • the website/application from which access was made (referrer URL); and
  • the browser you are using.

The legal basis for the processing of the IP address is Article 6 (1) (f) GDPR. Our legitimate interest is based on the purposes of data collection listed below. At this point, we would like to point out that we are not able to draw any direct conclusions about your identity from the data collected, nor will we be able to do so.

The IP address of your end device and the other data listed above are used by us for the following purposes:

  • to ensure that a smooth connection is established;
  • to ensure that the use of our website/app is convenient; and
  • to evaluate system security and stability.

The data is stored for a period of 10 days and then the IP address is automatically deleted. The data in the log files is stored separately from other data concerning you.

Furthermore, we use ‘cookies’ and tracking tools for our website/application. The exact procedures involved and how your data is used for this purpose are explained in further detail below under point 3.2.

3.2. ONLINE PRESENCE AND WEBSITE OPTIMISATION

3.2.1. Cookies and technologies similar to cookies – general information

We use ‘cookies’ on our website. Cookies are small files that are automatically created by your browser and are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device and do not contain viruses, Trojans or other malware. Information is stored in the cookie that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity. The purpose of using cookies is to make the use of our offering more pleasant for you. We use ‘session cookies’ to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site. We also use temporary cookies for the purpose of user-friendliness, which are stored on your end device for a set period of time. If you visit our site again to use our services, it is automatically recognised that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

Another purpose of using cookies is to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you as well as displaying information specially tailored to you. These cookies allow us to automatically recognise that you have already visited us when you visit our site again. These cookies are automatically deleted after a set period of time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely disabling cookies may mean that you cannot use all of the functions of our website. The storage period for cookies depends on their purpose and this is not the same for all cookies.

In addition, some of the services integrated into this website use ‘pixel tags’ (also called web beacons). These are small, usually invisible graphics that are integrated into websites and other services in order to be able to carry out statistical evaluations.

If, in the context of the use of cookies and technologies similar to cookies to provide this website, personal data is processed by Ultimate Skin Aesthetics GmbH, this is done on the basis of Article 6 (1) (f) GDPR. Our legitimate interest in this respect is to be able to offer our website in a needs-based and secure manner.

3.2.2. Google Analytics for web analysis (with anonymisation feature)

For the purpose of needs-based design and the continuous optimisation of our pages, we use Google Analytics, a web analysis service of Google Inc (‘Google’), on the basis of Article 6 (1) (f) GDPR. In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as your:
• browser type/version;
• operating system used;
• referrer URL (the page previously visited);
• host name of the accessing computer (IP address); and
• time of the server request

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, compile reports on website activity and provide other services associated with website and Internet use for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. IP addresses are anonymised so that association is not possible (‘IP masking’).

You can object to the use of cookies either by configuring your web browser in such a way that cookies are generally not stored or by clicking here.

Alternatively, you can also use a browser add-on which you can download and install here: https://tools.google.com/dlpage/gaoptout

The installation of the browser add-on constitutes an objection. If your device is deleted, formatted or reinstalled at a later date, you will have to reinstall the browser add-on again.

Further information and the applicable Google privacy policy can be found at r https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail via this link: https://www.google.com/intl/de_de/analytics/.

We have configured Google Analytics so that the data on which the reports are based are deleted after 36 months at the latest.

4. Recipients outside the EU

With the exception of the processing operations set out in section 3.2, we do not share your data with recipients located outside the European Union or the European Economic Area. The processing operations mentioned in section 3.2. result in the transmission of data to the servers of the providers of tracking and targeting technologies commissioned by us. These servers may be located in the USA. The data transfer takes place in accordance with the principles of the ‘Privacy Shield’ and on the basis of the EU Commission’s standard contractual clauses.

5. Your rights

5.1. OVERVIEW

In addition to the right to withdraw the consent you have given to us, you have the following further rights if the respective legal requirements are met:

  • right of access regarding your personal data stored by us pursuant to Article 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period and the origin of your data if it has not been collected directly from you;
  • right to have inaccurate data rectified or correct data completed in accordance with Article 16 GDPR;
  • right to have your data stored by us erased in accordance with Article 17 GDPR insofar as no legal or contractual retention periods or other legal obligations or rights to further storage are to be complied with;
  • right to restrict the processing of your data in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed by you or the processing is unlawful, but you object to its erasure, the controller no longer requires the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR;
  • right to data portability according to Article 20 GDPR, i.e. the right to have selected data stored by us about you transferred in a commonly used, machine-readable format, or to request the transfer to another controller; and
  • right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority where you have your usual place of residence or place of work or where our company headquarters are based for this purpose.

5.2. RIGHT TO OBJECT

Under the conditions of Article 21 (1) GDPR, data processing may be objected to for reasons arising from the particular situation of the data subject.

The above general right to object applies to all processing purposes described in this privacy policy which are processed on the basis of Article 6 (1) (f) GDPR. Unlike the specific right to object to data processing for advertising purposes, under the GDPR we are only obliged to implement such a general objection if you give us reasons of overriding importance for doing so (e.g. a possible risk to life or health). You can also contact the supervisory authority responsible for Ultimate Skin Aesthetics GmbH or info@ultimateskinaesthetics.com.

6. Changes to this policy

The above general right to object applies to all processing purposes described in this privacy policy which are processed on the basis of Article 6 (1) (f) GDPR. Unlike the specific right to object to data processing for advertising purposes, under the GDPR we are only obliged to implement such a general objection if you give us reasons of overriding importance for doing so (e.g. a possible risk to life or health). You can also contact the supervisory authority responsible for Ultimate Skin Aesthetics GmbH or info@ultimateskinaesthetics.com.