Data protection information
of O.C. Hairsystems GmbH, Zollhof 17, 40221 Düsseldorf
Status: 15.06.2023
Below you will find information on what types of personal data we process, to what extent and for what purposes. Personal data is information that can be used to identify you as a data subject, such as your name, address, email address or user behavior. Data subjects are those with whom a relationship exists in the context of the provision of our services, visitors to our website and users of our entire online offering.
Name and address of the person responsible for data processing:
O.C. Hairsystems GmbH
represented by: Dr. Linus Deike, Alessandro Causarano, Janos Bluhm-Saffran
Zollhof 17
40221 Düsseldorf
Phone: +49 2112 2975 318
E-mail: kontakt@oc-hairsystems.com
The data protection officer of the controller is
Datavise GmbH & Co. KG
Luegallee 114
40545 Düsseldorf
Phone: 0211 5800 26 96 0
E-mail: datenschutz@datavise.de
The following types of data are collected and stored by us:
- Inventory data (e.g. names and addresses)
- Contact data (e.g. telephone numbers and e-mail addresses)
- Contract data (e.g. terms and conditions)
- Payment data (e.g. account data)
- Usage data (e.g. access times, pages viewed)
- Metadata (e.g. browser type, IP address, operating system)
- Content data (e.g. your text entries in contact forms or similar)
The categories of persons affected:
- Employees
- Applicants
- customers
- suppliers
- Contractual partners
- Interested parties
- Users (website/online offers)
The data is collected for the following purposes:
- Information
- Communication
- Customer service
- Contract fulfillment services
- Direct marketing/marketing
- (Technical) provision of the online offer
- Security measures to protect the (online) offering
- Reach measurement to improve the offering
Your personal data is processed exclusively on the basis of the following legal bases:
Consent pursuant to Art. 6 para. 1 lit. a GDPR
"The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes"
Performance of a contract and pre-contractual requests pursuant to Art. 6 para. 1 lit. b GDPR
"processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract"
Legal obligations pursuant to Art. 6 para. 1 lit. c GDPR
"processing is necessary for compliance with a legal obligation to which the controller is subject"
Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR
"processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child"
Art. 88 GDPR, § 26 BDSG-new
Data processing in the employment context or data processing for the purposes of the employment relationship
Transmission to third parties
Your data will always remain within our company. The transfer or disclosure of your personal data to a third party only takes place
- on the basis of a legal permission,
- with your consent,
- if we are legally obliged to do so or
- on the basis of a legitimate interest pursuant to Art. 6 lit. f GDPR.
Our processors are obliged to comply with the necessary technical and organizational measures in order to ensure the protection of the rights of the data subjects by means of an order processing contract in accordance with Art. 28 GDPR.
Transfer to third countries
The transfer of your personal data to third countries (outside the European Union (EU) / the European Economic Area) will only take place
- on the basis of a legal permission,
- for the fulfillment of (pre-)contractual obligations,
- with your consent or
- if we are legally obliged to do so.
Processing only takes place in such countries,
- for which an adequacy decision by the EU Commission or
suitable guarantees within the meaning of Art. 46 GDPR exist,
- which provide an adequate level of protection in accordance with Art. 45 et seq. GDPR,
- are subject to officially recognized contractual obligations such as the so-called "standard contractual clauses", or
for which one of the exemptions under Art. 49 GDPR is relevant.
Duration of storage
Your personal data will be routinely deleted or restricted in processing or blocked at the latest after expiry of the respective statutory retention periods (e.g. retention periods under commercial and tax law), provided that this data is no longer necessary for the fulfillment of the contract and / or there is no legitimate interest on our part for further storage.
Use of the website and creation of log files
When you visit our website, the following information is automatically transmitted from your browser to our provider's server:
- IP address of your end device
- Date and time of access
- Name and URL of files accessed
- Website from which access was made or from which you were directed to our site (referrer URL)
- Browser used and, if applicable, the operating system of your device
- Name of the access provider.
This data is not merged with other data sources. The IP address is anonymized.
This data is collected to ensure the proper use of the website, to optimize the website and to ensure the security of our IT systems. These aforementioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
This data is automatically deleted after a maximum of 7 days. In the event of misuse of the website, the relevant data, the further storage of which is necessary for evidence purposes, will be retained until the incident has been clarified.
Hosting by Shopify
Shopify International Limited
Victoria Buildings, 2nd Floor, 1-2 Haddington Road
Dublin 4, D04 XN32, Ireland
We use the store system of the service provider Shopify International Limited for the purpose of hosting and displaying the online store on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers.
As part of Shopify's aforementioned services, data may also be transferred to Shopify International Limited as part of further processing on our behalf.
Shopify Inc.
150 Elgin St,
Ottawa,ON K2P 1L4, Canada,
Shopify Data Processing (USA) Inc.
Shopify Payments (USA) Inc. or
Shopify (USA) Inc. are transmitted.
In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission.
Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Data collected: First name, surname, email, telephone, address, products purchased, payment methods.
Legal basis: For the fulfillment of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR; legitimate interest in the effective processing of inquiries addressed to the company pursuant to Art. 6 para. 1 lit. f GDPR.
Sufio s.r.o
Bottova 1
81109 Bratislava
Slovakia
To create our invoices, we rely on the efficient and reliable "Sufio" app, which was specially developed for the Shopify system. With this app, we can create our invoices quickly and easily and send them to our customers. Sufio enables us to create individual invoice layouts and automatically integrate important data such as invoice numbers, tax numbers and bank details. In addition, the app also offers the option of automatically archiving and exporting invoices. By using Sufio, we can therefore ensure that our invoices always meet the highest standards and guarantee our customers transparent billing.
Data collected: First name, last name, email, address, products purchased, payment methods.
Legal basis: For the fulfillment of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR; legitimate interest in effective invoicing pursuant to Art. 6 para. 1 lit. f GDPR.
Microsoft Bing
Microsoft Ireland Operations Limited,
One Microsoft Place, South County Business Park,
Leopardstown, Dublin 18, Ireland
We use the Microsoft Bing search engine in our online store to enable our customers to search for products quickly and efficiently. By using Bing, our customers can search for specific products and filter the search results according to various criteria. Bing provides us with a powerful search technology that ensures high precision and accuracy of search results. In addition, Bing is a secure and trustworthy search engine that respects the data protection and privacy of our customers. We therefore use Bing to offer our customers an optimal shopping experience in our online store.
Data collected: Information about the device and operating system,
IP address, date and time, general location information (e.g. city and country).
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; legitimate interest in the needs-based design and optimization of the offer pursuant to Art. 6 para. 1 lit. f GDPR
Cookies
This website uses cookies. These are small text files that are stored in the Internet browser or by the Internet browser on the user's end device. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
A distinction is made between the following types of cookies:
Session cookies
Session cookies are functionally necessary cookies that do not require consent, as they are automatically deleted when you leave the website.
The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.
Permanent cookies
Permanent cookies remain permanently on the end device. They can be used, for example, to check the login status or display preferred content. In addition, the data processed here can be used to measure reach.
The legal basis for this processing is Art. 6 para. 1 lit. a GDPR, i.e. it requires the user's consent.
We use cookies that enable an analysis of the user's surfing behavior.
The following data is stored and transmitted in the cookies
- Frequency of page views
- Use of website functions
When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.
The user can revoke their consent at any time via the cookie settings and object to the processing of their personal data.
In addition, the user can also object via the corresponding settings of their browser.
The transmission of cookies can be deactivated or restricted by changing the settings in the Internet browser. Cookies that have already been saved can be deleted at any time. This deletion can also be automated. Each browser manages these cookie settings differently. This setting is described in the help menu of each browser, which explains how you can change your cookie settings. If cookies are deactivated, the functionality of this website may be restricted.
We may work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard disk when you visit our website (third-party cookies). This also includes providers from unsafe third countries. The data is passed on to partner companies from the USA, for example.
Cookie settings
Borlabs GmbH
Hamburger Str. 11
22083 Hamburg
Data collected: Saves the settings of visitors selected in the Borlabs Cookie Box, IP address, browser type/version, operating system used, date and time
Legal basis: legitimate interest in the needs-based design and optimization of the offer in accordance with Art. 6 para. 1 lit. f GDPR
Contact us
It is generally possible to use our website without providing personal data.
If you contact us by other means, such as via a contact form, e-mail or telephone, the data collected here will be treated confidentially and will not be passed on to third parties without your consent.
The respective purpose of the data processing results from
the voluntary indication of the data subject pursuant to Art. 6 para. 1 lit. a GDPR
the fulfillment of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR
by the legitimate interest in the effective processing of requests addressed to the company in accordance with Art. 6 para. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Contact via "Am I suitable" - Typeform
TYPEFORM SL
C/Bac de Roda, 163 (Local), 08018 Barcelona Spain.
In order to provide you with an easy way to contact us, we use Typeform for our "Am I suitable" contact form.
Data collected: Information on the hair situation (e.g. type of hair loss, stage, hair color, e-mail address)
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; for the fulfillment of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR; legitimate interest in the effective processing of inquiries addressed to the company pursuant to Art. 6 para. 1 lit. f GDPR.
Typeform is the recipient of your personal data and acts as a processor for us.
The processing of the data specified in this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot provide you with a contact form. However, you have the option of contacting us at the e-mail address given above.
The data will be stored exclusively for the purpose of sending inquiries and responding to them. The mandatory information is used to assign and respond to your request.
In addition, Typeform collects the following personal data with the help of cookies:
Information about your end device (IP address, device information, operating system, browser settings).
Usage data (date and time)
Typeform requires this data in order to display the contact form and ensure its functionality. This corresponds to Typeform's legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the performance of the contract (pursuant to Art. 6 para. 1 lit. b GDPR).
You can find further information at: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data
Further information on objection and removal options vis-à-vis Typeform can be found at: https://admin.typeform.com/to/dwk6gt
Contact via "Book appointment" - Calendly
Calendly LLC
115 E Main St., Ste A1B
Buford, GA 30518
USA
For online appointments, we use the external platform for making appointments from Calendly.com
The appointment scheduling function is integrated into the source code on our website via a script. By using the appointment scheduling function, you automatically use the services of Calendly.com.
Data collected: First name, surname, e-mail, mobile number, how the customer became aware of O.C., description of the current hair situation (optional), IP address at the time of the appointment, agreed date and time
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; for the fulfillment of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR; legitimate interest in the effective processing of inquiries addressed to the company pursuant to Art. 6 para. 1 lit. f GDPR.
Calendly is the recipient of your personal data and acts as a processor for us.
This data is not passed on to third parties and is only used for the administration and organization of appointments and for internal statistics. By using the appointment scheduling service, you agree to this.
You can find Calendly's data protection information at: https://calendly.com/privacy
Contact via "WhatsApp" - Meta or Charles
Charles GmbH
Gartenstraße 86-87
10115 Berlin
In conjunction with the application
"WhatsApp" - Meta Platforms Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2, Ireland
We use the WhatsApp Business API for communication purposes and consultations via video chat.
Data collected: Customer master data, communication and transmitted data such as photos sent to us by customers
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; for the fulfillment of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR; legitimate interest in the effective processing of inquiries addressed to the company pursuant to Art. 6 para. 1 lit. f GDPR.
The user has the option to object to the processing of personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
Registration for our newsletter
Registration for our newsletter mailing takes place by means of a so-called double opt-in procedure. After entering your e-mail address on our website, an e-mail will be sent to the address provided and you will be asked to confirm it.
When you register for the newsletter, the data from the input screen will be transmitted to us:
- E-mail address
The following data is also collected during registration:
- IP address of the accessing computer
- Date and time of registration
- Browser and device
Legal basis for data processing
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent.
Purpose of data processing
The purpose of processing the user's e-mail address is to be able to deliver the newsletter correctly. The processing of other personal data during the registration process serves to prevent misuse of this service or the e-mail address used.
Objection and deletion option
The user concerned can unsubscribe from the newsletter at any time. Each newsletter contains a corresponding link for this purpose. An email can also be sent to datenschutz@oc-hairsystems.com to cancel the newsletter subscription.
Product recommendations by e-mail
As an existing customer of our online store, you will regularly receive product recommendations from us by e-mail. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. We use the email address you provided during the purchase process to advertise our own goods and/or services that are similar to those that you have already purchased from us on the basis of an order you have already placed. The legal basis for this data processing is Art. The legal basis for this data processing is Article 6(1)(f) GDPR.
Note on the right to object
You can object to our product recommendations at any time with effect for the future by sending a message to datenschutz@oc-hairsystems.com or at the end of each product recommendation email.
Competitions
If you register for competitions organized by O.C. Hairsystems, we will use the data you provide during registration for the purpose of implementing the participation contract, in particular for notifying you of prizes and, if applicable, for advertising our offers and/or offers from our competition partners. Detailed information can be found in the respective conditions of participation for each competition. The legal basis for this data processing is Article 6(1)(a) GDPR, Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.
Credit reports
We may use credit reports from third-party providers to check the creditworthiness of customers. For this purpose, we transmit personal data, such as name, address and date of birth, to the respective credit rating service provider. The processing is based on our legitimate interest in securing our business relationships and avoiding payment defaults. The legal basis is Art. 6 para. 1 f) GDPR. The credit report may also contain probability values (score values), which are calculated on the basis of mathematical-statistical procedures and include address data, among other things, in their calculation. These score values enable a forecast of future payment behavior and are therefore used for decision-making in the context of our business relationships. The data is only stored for as long as is necessary for the purposes of the credit check and there are no statutory retention obligations.
Data transfer:
Unzer GmbH
Schöneberger Str. 21 a
10963 Berlin
Contractual and business partners
We process the data of our contractual and business partners primarily to fulfill our contractual obligations and for communication purposes. In addition, data is processed for the proper and efficient management of our business and to protect our rights. The processing therefore takes place
for contract fulfillment and pre-contractual inquiries according to Art. 6 para. 1 lit. b GDPR,
for legal obligations pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR or
for legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
Data transfer:
HubSpot
2nd Floor 30 North Wall Quay
Dublin 1, Ireland
We use the professional HubSpot service as our central CRM system on this website. HubSpot provides us with a powerful platform to store and effectively manage all customer data. By using this system, we can offer our customers a personalized experience and respond specifically to their individual needs. Communication with our customers is also made easier and more effective through the integration of email campaigns and newsletters. The use of HubSpot therefore enables us to manage our customer relationships comprehensively and effectively and to optimize our customer communication.
HubSpot is a software company from the USA with a branch in Ireland. If HubSpot transfers data to the main office in the USA, these are protected by the standard contractual clauses.
See also: https://legal.hubspot.com/de/privacy-policy
Data collected: First name, surname, e-mail, telephone number, profession, how the customer became aware of O.C., address, date of birth, age group, information on hair and skin situation, order history, e-mail communication.
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; for the performance of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR; legitimate interest in the effective processing of customer inquiries pursuant to Art. 6 para. 1 lit. f GDPR.
Timify
TerminApp GmbH
Balanstraße 73, Building No. 24, 3rd floor
81541 Munich
For smooth and efficient appointment scheduling with customers in our O.C. Hairsystems branches, we rely on Timify. With this solution, we can offer our customers quick and easy access to appointment booking, ensuring a high level of satisfaction. By using Timify, we can meet our (pre-)contractual obligations and ensure that all customer requests are implemented promptly and reliably.
Data collected: First name, surname, e-mail, telephone number, city, zip code, country, information on the hair situation, appointment bookings and history.
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; for the fulfillment of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR; legitimate interest in the effective processing of inquiries addressed to the company pursuant to Art. 6 para. 1 lit. f GDPR.
Wemakefuture AG
Gottfried-Arnold Str. 3
35398 Giessen
We use the interface tool "Wemakefuture" to synchronize data between different IT systems. This tool enables us to transfer data efficiently and reliably between the systems without the need for manual intervention. By using "Wemakefuture", we can ensure that all relevant data is always up to date and exchanged in real time.
Data collected: Master data synchronized from the Hubspot system; master data synchronized from the Shopify system and master data synchronized from the TIMIFY system.
Legal basis: Fulfillment of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR; legitimate interest in the effective processing of customer data pursuant to Art. 6 para. 1 lit. f GDPR.
DATEV eG
Paumgartnerstr. 6 - 14
90429 Nuremberg
To ensure that our accounting is always properly managed, we rely on the tried-and-tested solution from DATEV. This software enables us to map all our business processes efficiently and transparently and always have an overview of our financial situation. In addition, DATEV guarantees secure and legally compliant accounting by taking current legal requirements and regulations into account and automatically integrating them into the bookkeeping. By using DATEV, we can therefore ensure that our accounting always meets the highest standards and can be audited at any time.
Data collected: Billing information from the SUFIO system, first name, surname, email, address, products purchased, payment methods.
Legal basis: For the performance of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR; for the purpose of fulfilling legal obligations pursuant to Art. 6 para. 1 lit. c GDPR.
Applicants
By submitting your application, you agree that we may process your data for the application process in accordance with our privacy policy.
The legal basis for the processing of applicant data is Art. 88 GDPR, § 26 BDSG-new and, if applicable, Art. 6 para. 1 lit. b GDPR for the initiation or execution of contractual relationships.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. b) GDPR (e.g. health data, such as severely disabled status or ethnic origin).
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. a) GDPR (e.g. health data if this is necessary for the exercise of the profession).
The data provided by applicants may be processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. The deletion takes place after a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the General Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.
Tracking and marketing tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.
With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. We also use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.
Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc ("Google"), on our website. Google Analytics uses cookies to collect information about your use of our website and transmit this to Google servers in the USA. Your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted. In exceptional cases, the full IP address is transmitted to a Google server in the USA and truncated there.
Google uses this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
You can prevent the use of cookies by Google Analytics by making the appropriate settings in your browser. However, we would like to point out that in this case you may not be able to use all the functions of our website.
Google Tag Manager
We use Google Tag Manager, a tag management service from Google, on our website. Google Tag Manager enables us to manage tags and analysis tools on our website without having to access the source code. Cookies are used to collect information about your use of our website. The data collected by Google Tag Manager is anonymized and is used to analyze the use of our website and to optimize our online marketing measures.
Google Ads
We use Google Ads for online advertising on our website. Cookies are used to place ads based on your interests and search queries. The data is used by Google for analysis, to create reports and to provide other services. You can prevent the storage of cookies or deactivate the collection of your data. Further information can be found on the Google website.
You can find more information on the use of data by Google tools in Google's privacy policy: https://policies.google.com/privacy?hl=de
Google Analytics, Google Tag Manager, Google Ads, Google Maps
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland
Data collected: Browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), date and time of the server request.
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; legitimate interest in the needs-based design and optimization of the website pursuant to Art. 6 para. 1 lit. f GDPR.
Taboola
We use Taboola on our website to carry out comprehensive analyses of our website and to provide relevant advertising. Taboola is a comprehensive analysis tool that provides us with important insights into user behavior on our website and enables us to optimize our online marketing measures. By using Taboola, we can ensure that we always provide relevant and interesting content to our customers and visitors while maximizing the effectiveness of our advertising efforts.
Taboola, Inc.
16 Madison Square West
7th Floor
New York, New York 10010
Data collected: Information about the device and operating system,
IP address, the pages accessed on the website; the link used to access the website; date and time, information on events (e.g. system crashes), and general location information (e.g. city and country).
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; legitimate interest in the needs-based design and optimization of the offer pursuant to Art. 6 para. 1 lit. f GDPR.
Smartlook.com, s.r.o.
Sumavska 524/31
602 00 Brno
Czech Republic
Data collected: Information about the device and operating system,
IP address, the pages accessed on the website; the link used to access the website; date and time, information on events (e.g. system crashes), and general location information (e.g. city and country).
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; legitimate interest in the needs-based design and optimization of the offer pursuant to Art. 6 para. 1 lit. f GDPR.
"Bing" - Microsoft Ireland Operations Limited
One Microsoft Place,
South County Business Park
Leopardstown, Dublin 18, Ireland
Data collected: "The data collected depends on the context of your interaction with Microsoft and your preferences, including privacy settings and the products and features you use"
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; legitimate interest in the needs-based design and optimization of the offer pursuant to Art. 6 para. 1 lit. f GDPR.
Outbrain Inc.
111 West 19th Street, 3rd Floor
New York, NY 10011, USA
Data collected: "We use UUIDs (information about the device and operating system), IP addresses and other usage data so that we can provide you with interesting recommendations."
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; legitimate interest in the needs-based design and optimization of the offer pursuant to Art. 6 para. 1 lit. f GDPR.
Chaty
18 Jerusalem Blvd
7752311 Ashdod
Israel
Data collected: First name, last name, email address, pages visited, links clicked, non-sensitive text entered, mouse movements and more general information such as IP address, referring URL, operating system, device, browser (user agent), cookie information and any other information from the visitor about their behavior and use of the Chaty widget as well as the date stamp and timestamp.
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; legitimate interest in the needs-based design and optimization of the offer pursuant to Art. 6 para. 1 lit. f GDPR.
CALLSTR UG (limited liability)
Fritschestrasse 42
10627 Berlin
Data collected: Title, name, e-mail addresses, other data collected when using our website (IP address, device, operating system).
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; legitimate interest in the needs-based design and optimization of the offer pursuant to Art. 6 para. 1 lit. f GDPR.
Social media plug-ins
We use social media plug-ins from the following social networks on our website.
Youtube
Facebook
Instagram
Pinterest
TikTok
When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the network operator's servers. The content of the plugin is transmitted by the operator directly to your browser and integrated into the page. Through this integration, the operator receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the operator or are not currently logged in there.
This information (including your IP address) is transmitted directly from your browser to a server of the operator and stored there. If you are logged in with the operator, the operator can directly assign your visit to our website to your account. If you interact with the plugins, for example by clicking a button, this information is also transmitted directly to a server of the operator and stored there.
The information may also be published on your account and displayed to your contacts there.
The operator may use this information for the purposes of advertising, market research and the needs-based design of its pages. For this purpose, the operator creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you by the operator, to inform other users about your activities on our website and to provide other services associated with the use of the network.
If you do not want the operator to assign the data collected via our website to your account, you must log out of the operator's account before visiting our website.
For the purpose and scope of the data collection and the further processing and use of the data by the operators, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information of the respective operators.
Youtube
(https://policies.google.com/privacy)
Facebook
(https://de-de.facebook.com/privacy/policy/?entry_point=facebook_page_footer)
Instagram
(https://de-de.facebook.com/privacy/policy/?entry_point=facebook_page_footer)
Pinterest
(https://policy.pinterest.com/de/privacy-policy)
We use social media plug-ins on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. In other words, exclusively with the consent of the data subject via our consent banner. The purpose here is extended communication with users, for example through feedback from customers.
Social media presence
We are represented on the following social networks for user communication and information as well as for advertising purposes:
Youtube
Facebook
Instagram
Pinterest
TikTok
Google Business
Xing
LinkedIn
The operators of social networks generally process user data for market research and advertising purposes. With the help of the user's interests and usage behavior, usage profiles can be created in order to display advertising to the user in the future, both within and outside the network, which corresponds to their profile/interests.
For further information on processing, objection options and assertion of data subject rights, please refer to the data protection declarations of the respective provider.
Youtube
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4, Ireland
(https://policies.google.com/privacy)
Data processing agreement: https://www.youtube.com/t/terms_dataprocessing
Facebook
Meta Platforms Ireland Limited
4 Grand Canal Square,
Grand Canal Harbour
Dublin 2, Ireland
(https://de-de.facebook.com/privacy/policy/?entry_point=facebook_page_footer)
Data processing is carried out on the basis of an agreement on the joint processing of personal data (https://www.facebook.com/legal/controller_addendum) in accordance with Art. 26 GDPR.
Instagram
Meta Platforms Ireland Limited
4 Grand Canal Square,
Grand Canal Harbour
Dublin 2, Ireland
(https://de-de.facebook.com/privacy/policy/?entry_point=facebook_page_footer)
Pinterest
Pinterest Europe Ltd.
Palmerston House
2nd Floor, Fenian Street
Dublin 2, Ireland
(https://policy.pinterest.com/de/privacy-policy)
TikTok
TikTok Technology Limited
10 Earlsfort Terrace
Dublin, D02 T380, Ireland
(https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE)
Google Business
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland
(https://policies.google.com/privacy?hl=de)
Xing
New Work SE, Am Strandkai 1, 20457 Hamburg
(https://privacy.xing.com/de/datenschutzerklaerung)
LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland
(https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy)
Data processing agreement: https://de.linkedin.com/legal/l/dpa
Data collected: Browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), date and time of the server request, approximate location.
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR; legitimate interest in the needs-based design and optimization of the offer and the effective processing of inquiries addressed to the company pursuant to Art. 6 para. 1 lit. f GDPR.
Shipping service provider
If you order products on our website for which a shipping service provider is used for delivery, you will receive your order and shipping confirmation via your e-mail address and/or telephone number and, depending on the respective shipping service provider, notification that your shipment has arrived and/or notification of the package announcement and possible delivery options.
The data is transmitted to the following service providers:
DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Data collected: Name, address, e-mail address, telephone number
Legal basis: For the fulfillment of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR; legitimate interest in the increased probability of successful delivery pursuant to Art. 6 para. 1 lit. f GDPR.
The notification service provided by the mailing service provider can be canceled by the user concerned at any time. For this purpose, there is a corresponding opt-out link in every e-mail.
Your rights
As a data subject, you have the opportunity to assert your rights against us in connection with the General Data Protection Regulation. This includes the following rights:
Right to information in accordance with Article 15 GDPR
You have the possibility to request your data stored by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details. An informal request by email or post is sufficient for this purpose. You will receive the requested information within one month of receipt of the letter.
Right to rectification in accordance with Article 16 GDPR
In the event that we have recorded / stored incorrect data about you, you can request the correction or completion of this data via an informal request. You will receive information about the change to your data within one month of receipt of the letter.
Right to erasure in accordance with Article 17 GDPR
You have the right to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. However, this presupposes that the purposes for processing have ceased to exist, or that you have objected to the processing in accordance with Article 21 GDPR, you withdraw your consent in accordance with Article 7 GDPR or the processing is unlawful.
Right to restriction of processing in accordance with Article 18 GDPR
You have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but its erasure is refused and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR. You can also notify us of this informally.
Right to data portability in accordance with Article 20 GDPR
You have the right to receive the data we hold about you in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.
Right to withdraw consent in accordance with Art. 7 para. 3 GDPR
You have the right to withdraw the consent you have given us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future and
Right to object pursuant to Article 21 GDPR
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data if there are reasons for this arising from your particular situation or if the objection is directed against direct advertising.
In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
If you wish to exercise your right of revocation or objection, simply send an e-mail to kontakt@oc-hairsystems.com.
Right to lodge a complaint under Article 77 GDPR
You have the right to lodge a complaint with a supervisory authority. To do so, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.
Definitions according to Art. 4 GDPR
"personal data"
any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
"processing"
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"Restriction of processing"
the marking of stored personal data with the aim of restricting its future processing;
"Profiling"
any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
"Controller"
the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
"Processor"
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
"recipient"
a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
"third party"
a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
"Consent"
any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
"genetic data"
personal data relating to the inherited or acquired genetic characteristics of a natural person which provide unique information about the physiology or health of that natural person and which have been obtained in particular from the analysis of a biological sample from the natural person concerned;
"health data"
personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, and from which information about their health status is derived;
"undertaking"
a natural or legal person that carries out an economic activity, regardless of its legal form, including partnerships or associations that regularly pursue an economic activity;
"supervisory authority"
an independent public authority established by a Member State in accordance with Article 51;
Up-to-dateness and amendment of this privacy policy
This privacy policy is currently valid and has the status 12.05.2023
Created and checked by Datavise - data security from experts
Become part of the O.C. community
Contact us
📅 Book a consultation appointment
✆ +49 173 7374241 (WhatsApp)
✆ 0211 - 22975318 (telephone)
📧 kontakt@oc-hairsystems.com
Subscribe to our newsletter
© 2023 | O.C. Hairsystems GmbH