Janssen cosmetics

We beautify the world

Newsletter

1. Privacy policy according to the GDPR

We at Janssen Cosmetics GmbH take the protection of your personal data very seriously and strictly adhere to the rules of data protection laws. Personal data is only collected on this website to the extent strictly necessary. Under no circumstances will the collected data be sold or passed on to third parties for any other reason.

The following policy gives you an overview of how we guarantee this protection and what kind of data is collected for what purpose.

2. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of EU Member States, as well as other provisions of data protection law is:

Janssen Cosmetics GmbH
Pontsheide 36
5076 Aachen

Germany
Tel.: +49 2408 70460
Email: info@janssen-cosmetics.com
Website: www.janssen-cosmetics.com
Manager: Ulrich Janssen

3. Name and address of the data protection officer

The data protection officer of the data controller is:

Data Organisation Engineering Office

Dragan Stanković
Lütticher Straße 7
52064 Aachen, Germany

Tel.:                 +49 241 5903360
Email:             d.stankovic@ido-stankovic.de
Website:         www.ido-stankovic.de

4. General Data Processing

4.1 Scope of processing of personal data

We process the personal data of our users only insofar as it is necessary to provide an operational website, as well as content and services. The processing of our users’ personal data is subject to the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for genuine reasons and the processing of the data is permitted by statutory provisions.

4.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

Art. 6 (1) (b) of the GDPR serves as a legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This will also apply to processing operations necessary for the implementation of pre-contractual measures.

If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) (b) of the GDPR serves as the legal basis.

In the event that overriding interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) (b) of the GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the aforementioned interest, Art. 6 (1) (b) of the GDPR serves as the legal basis for processing.

4.3 Data deletion and storage duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose for storage no longer applies. Storage may also take place if the EU or domestic legislator has provided for this in EU regulations, laws or other provisions to which the data controller is subject. The data will also be blocked or deleted if the storage period prescribed by the above standards expires, unless it is necessary for further storage of the data for the conclusion or fulfilment of a contract.

5 Provision of the website and creation of log files

5.1 Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the user.

The following data is collected:

  • Information about the browser and the version used
  • The IP address of the user
  • Date and time of access

The data is also stored in our system log files. These data are not stored together with other personal data of the user.

5.2 Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) of the GDPR.

5.3 Purposes of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user shall remain stored for the duration of the session.

The data is stored in log files in order to ensure the smooth functioning of the website. The data is also used to optimise the website and to ensure the security of our IT systems. No assessment of the data for marketing purposes takes place in this context.

These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) (f) of the GDPR.

5.4 Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of data collection to ensure the website provision, this is the case when the respective session is terminated.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or removed so that data allocation to the visiting client is no longer possible.

5.5 Objection and removal options

Data collection for the provision of our website and data storage in log files is necessary for operating the website. Consequently, the user may not object.

6 Use of cookies

6.1 Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in an Internet browser or by the user’s computer system browser. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

We use cookies to ensure our website is user-friendly. Some of our website features require that the requesting browser can be identified even after the user has changed to another page.

The following data is stored and transmitted in the cookies:

  • Protection against Cross-Site Request Forgery attacks
  • Cookie consent for monitoring the cookie setting

 

We also use cookies on our website which enable us to analyse our users’ browsing habits. This enables the following data to be transmitted:

Required cookies

Cookie

Purposes

Process

ASP.NET_SessionID

This cookie stores data during your visit. For example, the cookie remembers a selection you made or which page you have previously viewed

 

Session

_GRECAPTCHA

This cookie assigns an ID to the site visitor and determines statistical data on website visits

6 months

OGPC

These cookies are used by Google to store settings and user information each time you visit websites that contain geographical information from Google Maps.

1 year

NID

The NID cookie contains a unique ID that Google uses to store your preferred settings and other information.

6 months

Preference cookies

Cookie

Purposes

Process

defaultCulture

 

1 month

Culture

Language

3.5 months

id_cart_token_ShoppingCart

 

1 month

id_cart_token_WishlistCart

 

1 month

cookieCheck

Cookie placed if the user accepts the cookie policy. Requested by the cookie bar/banner at the foot of the page.

1 year

__RequestVerificationToken

 

Session

messagesUtk

Chatflow tool

13 months

 

Statistics

Cookie

Purposes

Process

_cf_bm

to maximise network resources, manage web traffic, and protect our customers’ sites from malicious web traffic.

1 day

hubspotutk

Visitor identity

1 month

_hstc

Visitor tracking

1 month

_gid

These cookies tell us how you use our website and how you found our website.

2 days

_gid

These cookies tell us how you use our website and how you found our website.

2 years

_gcl_au

Information in ad clicks

3 months

_gat_gtag_UA_51161952_2

These cookies tell us how you use our website and how you found our website.

1 day

_hssrc

Whenever the HubSpot software changes the session cookie, this cookie is also set. This determines whether the visitor has restarted the browser.

Session

 

Marketing

Cookie

Purposes

Process

NID

These cookies track how you use our website to show you advertising that may be of interest to you.

6 months

1P_JAR

These cookies track how you use our website to show you advertising that may be of interest to you.

1 month

DV

These cookies track how you use our website to show you advertising that may be of interest to you.

1 day

CONSENT

These cookies track how you use our website to show you advertising that may be of interest to you.

2 years

newscheck

News banner

5 months

IDE

These cookies track how you use our website to show you advertising that may be of interest to you.

1 month

AID

ADS

10 months

_fbp

Facebook Pixel

3 months

test_cookie

Remarketing

1 day

 

Not classified

Cookie

Purposes

Process

.ASPXAUTH

 

3 days

_hssluid

For management automation

 

Source: QA Madness Cookies Policy | QA Madness Help Center Software testing company

1 month

_stripe_mid

 

8 months

_pdst

 

7 months

NPS_61a7bd63_last_seen

 

2 weeks

 

When accessing our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.

6.2 Legal basis for data processing

The legal basis for the processing of personal data using ‘strictly required’ cookies is Art. 6 (1) (f) of the GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) of the GDPR if the user has given his or her consent.

6.3 Purposes of data processing

The purpose of using ‘strictly required’ cookies is to simplify users’ website experience. Some website features cannot be made available without the use of cookies. For these features, it is necessary that the browser is recognised also after the user switches pages. The user data collected by ‘strictly required’ cookies are not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its content. By using analysis cookies, we can learn how the website is used and therefore constantly improve our offer.

These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) (f) of the GDPR.

6.4 Storage duration, objection and removal option

Cookies are stored on the user’s computer and transmitted to our website by the user. Accordingly, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all features of the website can be used to the fullest extent possible.

7 Advertising and marketing services

7.1 Description and scope of data processing

We use the following advertising and marketing services on our website:

 

Tool

Description

Google Tag Manager

Google Tag Manager is a solution that allows marketers to manage website tags through an interface. The tool itself (which deploys the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags which may in turn collect data. Google Tag Manager does not access this data.

OpenStreetMap

Umap is an open-source mapping tool based on the French OpenStreetMap (https://openstreetmap.fr). To show you the map, your IP address will be forwarded to OpenStreetMap.

Google reCAPTCHA

This function primarily serves to distinguish whether an input is made by a natural person or abusively by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google.

Google APIs

We use this data to ensure the full functionality of our website. In this context, your browser will transmit personal data to Google APIs.

DoubleClick remarketing

DoubleClick uses cookies to place ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads multiple times.

Doubleclick advertising

DoubleClick Floodlight cookies enables us to understand whether you perform certain actions on our website after you have accessed or clicked on one of our display/video ads on Google or on another platform via DoubleClick (conversion tracking). DoubleClick uses this cookie to understand the content you have interacted with on our websites in order to send you targeted advertising later.

 

7.2 Legal basis for data processing

The legal basis for the processing of users’ personal data is Art. 6 (1) (f) of the GDPR.

 

7.3 Purposes of data processing

Tool

Purposes

OpenStreetMap

Displays the route to our organisation or our events

Google reCAPTCHA

Prevents abuse and spam

Google APIs

error-free operation of the website

DoubleClick remarketing

Show user relevant ads, that improve campaign performance reports or prevent

Doubleclick advertising

a user from seeing the same ads several times.

7.4 Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.

7.5 Objection and removal options

You can prevent participation in this tracking process in several ways: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving any ads from third-party providers; b) by disabling the cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, whereby this setting https://www.google.de/settings/ads is deleted when you delete your cookies; c) by disabling the interest-ads of the providers that are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies; d) by permanently disabling them in your Firefox, Internet Explorer, or Google Chrome browser at http://www.google.com/settings/ads/plug-in. We would like to point out that in this case you may not be able to use all the website features to their fullest extent.

8 Social plug-ins

8.1 Description and scope of data processing

Social plug-ins (“plug-ins”) from social networks are used on our websites, in particular from Facebook, Twitter, and LinkedIn.

Therefore, when you visit our websites, no data is automatically transmitted to social networks such as Facebook or Twitter. Only when you actively click on the respective button does your Internet browser establish a connection to the servers of the respective social network, meaning that, by clicking on the respective button, you consent to your Internet browser establishing a connection to the servers of the respective social network and transmitting usage data to the respective operator of the social network.

8.2 Legal basis for data processing

The legal basis for the processing of data after a user has signed up for our newsletter is Art. 6 (1) (f) of the GDPR if the user has given his or her consent.

8.3 Purposes of data processing

The purpose of data processing can be found in the data protection regulations of Facebook and Twitter.

8.4 Duration of storage

The storage period for data processing can be found in the data protection regulations of Facebook and Twitter.

8.5 Objection and removal options

If you do not want Facebook and Twitter to collect data about you via our website, you must log out of Facebook and/or Twitter before visiting our website.

9 Email marketing

9.1 Description and scope of data processing

We use the HubSpot service to carry out our online marketing measures. The provider is HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141. HubSpot is also available within the European Union, and the current, relevant contact details can be found here: https://www.hubspot.com/company/contact. You can find more information about data protection by this provider here: https://www.hubspot.de/data-privacy/gdpr and https://legal.hubspot.com/de/privacy-policy.

With this tool, we carry out various online marketing measures described in this privacy policy, including:

  •  Email marketing (newsletters and automated mailings, e.g. for providing information material)
  • Contact management (e.g. storage of contact data for contact purposes)
  • Provision of online forms to subscribe to newslettersProvision of information material
  • Newsletter subscription
  • Requests via the chat tool

9.2 Legal basis for data processing

In this regard, we refer to the respective statements regarding the detailed online marketing measures, which we supplement by the following information:

We only send newsletters and automated mailings (“mailings”) after your corresponding subscription, i.e. with your consent, on the basis of Art. 6 (1) (a) of the GDPR. If the content of the mailings (i.e. the advertised goods and services) is specifically described in the context of the registration, it is decisive for the scope of the consent. In addition, our mailings contain information about our products, offers, promotions, and/or our company.

You can subscribe via the so-called double opt-in procedure, i.e. you will receive an email after your subscription, in which you will be asked to confirm your subscription, in order to prevent any misuse of your email address. Subscription to our mailings is logged by us, in order to prove the subscription process complies with legal requirements, and to prevent or clarify any misuse of your personal data. The logging of the subscription process takes place on the basis of our legitimate interests in accordance with Art. 6 (1) (f) of the GDPR within a user-friendly and secure mailing system, in order to be able to prove the subscription process and the consent given at a later date.

You can revoke your consent to receiving our mailings at any time, notably by unsubscribing. An unsubscribe link to exercise this right can be found at the end of each email.

If we obtain your consent for certain online marketing measures, the legal basis for data processing is Art. 6 (1) (a) GDPR. Insofar as the data processing is carried out for the fulfilment of a contract with you, the legal basis is Art. 6 (1) (b) of the GDPR. Furthermore, data processing is based on the legal basis of Article 6 (1) (f) of the GDPR, according to which the processing of personal data is also possible without the consent of the data subject if the processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. Here we invoke our interest in direct advertising in accordance with Recital 47 of the GDPR. Our legitimate interest derives from the fact that we can ensure the effectiveness of the campaigns we create and the effective use of the resources deployed for this purpose through specific online marketing measures. In addition, you will only receive advertising that is potentially relevant and of interest to you.

9.3 Purposes of data processing

Our mailings contain so-called tracking pixels (web bugs), which enable us to see if and when an email was opened, and which links in the email were followed by the personalised recipient. This information is used for the technical improvement of our newsletter on the basis of technical data or the target groups and their reading behavior, based on their location (which can be determined with the help of the IP address) or access times. The evaluations also serve to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The data collected in this way is used to send personalised marketing emails to the respective recipient.

For individual email campaigns, we also use a selection from the recipient’s circle on the basis of data and information determined and qualified by us (such as your expressed interest in individual topics, your address/region, etc.) in order to be able to offer you goods and services that match your interests. You will then only receive advertising that is potentially relevant and of interest to you.

9.4 Duration of storage

The data collected and otherwise processed in this way will be stored and processed on the servers of this provider until you revoke your consent. HubSpot acts as our processor and processes the data exclusively in accordance with our instructions. You can find more information about the various possible applications here: https://www.hubspot.de/.

9.5 Objection and removal options

Your rights are protected by the fact that we have made the processing operations here transparent and that you can object to any processing by HubSpot. If you do not want HubSpot to collect your data, you can prevent the storage of cookies at any time through your browser settings or by using the following opt-out link: HubSpot opt-out link.

We have carefully selected this provider and have contractually bound them accordingly. This commissioning does not prevent the provider from processing the data outside the European Union or from being headquartered outside of it. The contractual instruments governing the commissioning of HubSpot contain the EU standard contractual clauses so that the commissioning is possible in accordance with Article 46 of the GDPR. You can find the contract document here: https://legal.hubspot.com/en/dpa.

 

10 Newsletter

10.1 Description and scope of data processing

Users can subscribe to receive our free newsletter via our website. When subscribing to receive the newsletter, the data from the input screen is transferred to us.

First name, surname

  • IP address of the visiting computer
  • Date and time of subscription

Your consent will be obtained for the processing of your data during the subscription process and reference will be made to this data protection statement.

No data will be passed on to third parties in connection with data processing for the sending of newsletters. The data will be used exclusively for sending the newsletter.

10.2 Legal basis for data processing

The legal basis for the processing of data following subscription to our newsletter by the user is Art. 6 (1) (a) of the GDPR if the user has given his or her consent

10.3 Purposes of data processing

The collection of the user’s email address is used to deliver the newsletter.

The collection of other personal data as part of the subscription process serves to prevent misuse of the services or the email address used.

10.4 Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. The user’s email address will therefore be stored if the newsletter subscription is active.

The other personal data collected in the course of the subscription process are usually deleted after a period of seven days.

10.5 Objection and removal options

Subscription to the newsletter can be cancelled by the user at any time. For this purpose, there is a relevant link contained in every newsletter sent.

This also enables the revocation of consent to the storage of personal data collected during the subscription process.

11 Contact form

11.1 Description and scope of data processing

A contact form is available on our website. If a user makes use of this option, the data entered in the input screen will be transmitted to us and stored. These data are:

  • Title
  • Name
  • Company
  • Address
  • Postal code/city
  • Email
  • Telephone number
  • Message

When the message is sent, the following data will also be stored:

  • The IP address of the user
  • Date and time of subscription

Your consent will be obtained for the processing of the data when the message is sent, and reference will be made to this data protection statement.

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

The data will not be passed on to third parties in this context. The data will be used exclusively for the purpose of the conversation.

11.2 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1) (a) of the GDPR if the user has given his consent.

The legal basis for processing the data transmitted in the course of sending an email is Art. 6 (1) (f) of the GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) of the GDPR.

11.3 Purposes of data processing

The processing of personal data from the input screen serves exclusively for facilitating communication. In the case of contact by email, this also constitutes a necessary legitimate interest in the data processing.

The other personal data processed when the message is sent serve to prevent misuse of the contact form and to ensure the security of our IT systems.

11.4 Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For the personal data collected from the contact form input screen and sent via email, this is the case when the conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been definitively clarified.

The additional personal data collected when the message is sent will be deleted after a period of seven days at the latest.

11.5 Objection and removal options

The user may revoke his or her consent regarding the processing of personal data at any time. If the user contacts us by email, he or she may object to the storage of his or her personal data at any time. In this case, the conversation cannot be continued.

In this case, all personal data stored in the course of establishing contact will be deleted.

12 LinkedIn Analytics

12.1 Scope of processing of personal data

Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages that contains LinkedIn functions, a connection is established to LinkedIn servers. LinkedIn is informed that you have visited our websites with your IP address. If you click on LinkedIn’s “Recommend” button and are logged in to your LinkedIn account, LinkedIn can associate your visit to our website to you and to your user account. With the help of LinkedIn Analytics, an evaluation of our profiles on LinkedIn is also possible (e.g. how often registrations have been downloaded).

12.2 Legal basis for the processing of personal data

The legal basis for the processing of your data is Art. 6 (1), sentence 1, (f) of the GDPR. For more information about LinkedIn Analytics, please refer to LinkedIn’s Privacy Policy: http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

12.3 Purposes of data processing

The processing of users’ personal data enables us to analyse the browsing patterns of our users. By evaluating the data collected, we can compile information about the use of our website’s individual features. This helps us to constantly improve our website and its usability. These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) (f) of the GDPR. By anonymising the IP address, the user’s interest in protecting their personal data is sufficiently considered.

12.4 Duration of storage

The data is deleted as soon as it is no longer needed for our storage purposes.

In our case, this happens after 30 days.

12.5 Objection and removal options

Cookies are stored on the user’s computer with their explicit consent (consent banner) and transmitted to our website by the user. Accordingly, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all features of the website can be used to the fullest extent possible.

We offer our users the possibility of an opt-out from the analysis process on our website. To do this, you must follow the corresponding link. In this way, another cookie is placed onto your system, which signals to our system not to store the user’s data. If the user deletes the corresponding cookie from his or her own system at any point afterwards, they must set the opt-out cookie again.

13 Web analysis by Google Analytics

13.1 Scope of processing of personal data

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses ‘cookies’ which are text files placed on your computer to help the website analyse how users use the website. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States of America. However, if IP anonymisation is activated on this website, Google will shorten your IP address within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area in advance. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide other services related to website and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the website features to their fullest extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

13.2 Legal basis for the processing of personal data

The legal basis for the processing of users’ personal data is Art. 6 (1) (a) of the GDPR.

13.3 Purposes of data processing

The processing of users’ personal data enables us to analyse the browsing patterns of our users. By evaluating the data collected, we can compile information about the use of our website’s individual features. This helps us to constantly improve our website and its usability. These purposes also include our legitimate interest in data processing pursuant to Art. 6 (1) (f) of the GDPR. By anonymising the IP address, the user’s interest in protecting their personal data is sufficiently considered.

13.4 Duration of storage

The data is deleted as soon as it is no longer needed for our storage purposes.

In our case, this happens after 30 days.

13.5 Objection and removal options

Cookies are stored on the user’s computer with their explicit consent (consent banner) and transmitted to our website by the user. Accordingly, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all features of the website can be used to the fullest extent possible.

We offer our users on our website the possibility of an opt-out from the analysis process. To do this, you must follow the corresponding link. In this way, another cookie is placed onto your system, which signals to our system not to store the user’s data. If the user deletes the corresponding cookie from his or her own system at any point afterwards, they must set the opt-out cookie again.

14 Rights of the data subject

If your personal data is processed, then you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the data controller:

14.1 Right of access

You can request confirmation from the data controller as to whether your personal data will be processed by us.

In the event of such processing, you may request the following information from the data controller:

  • the purposes for which the personal data are processed;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal information about you has been or will be disclosed;
  • the planned duration of storage of your personal data or, if it is not possible to provide specific information in this regard, criteria for determining the duration of the storage;
  • whether the right to rectify or delete your personal data, to restrict processing by the data controller, or to object to such processing exists;
  • whether the right of appeal vis-a-vis a supervisory authority exists;
  • all available information on the origin of the data, if the personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling in accordance with Art. 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved, as well as the scope and the intended effects of such processing for the data subject.

You have the right to request information as to whether your personal data will be transferred to a third country or to an international organisation. In this context, you may request that you are informed of the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with the transfer

14.2 Right to rectification

You have the right to have your personal data rectified and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller will rectify the data in question immediately.

14.3 Right to restrict processing

Under the following conditions, you may request that the processing of your personal data be restricted:

  • if you dispute the accuracy of your personal data for a period which allows the data controller to verify the accuracy of the personal data;
  • the processing is unlawful, and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
  • the data controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
  • if you have lodged an objection against the processing pursuant to Art. 21 (1) of the GDPR and it has not yet been determined whether the legitimate reasons of the data controller override your own reasons.

If the processing of personal data concerning you has been restricted, this data may only be processed – with the exception of its storage – with your consent, or for the assertion, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest for the Union or a Member State.

If the processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction of processing is lifted.

14.4 Right to deletion

14.4.1 Deletion obligation

You may request that the data controller deletes your personal data immediately, and the data controller is obliged to delete these data immediately if one of the following reasons applies:

  • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent on which the processing pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) of the GDPR was based and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) of the GDPR.
  • Your personal data have been processed unlawfully.
  • The deletion of your personal data is necessary to fulfil a legal obligation under EU or Member State law to which the data controller is subject.
  • The personal data relating to you have been collected in relation to information society services offered pursuant to Art. 8 (1) of the GDPR.

14.4.2 Information provided to third parties

If the data controller has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 (1) of the GDPR, he or she shall take reasonable measures, including technical measures, taking into account available technology and the cost of implementation, to inform data controllers who process the personal data that you, as the data subject, have requested the deletion of all links to such personal data or of copies or replications of said personal data.

14.4.3 Exemptions

The right to deletion does not exist if the processing is necessary

  • to exercise the right to freedom of expression and information;
  • to fulfil a legal obligation that requires processing under the law of the Union or the Member States to which the data controller is subject, or to perform a task which is in the public interest or in the exercise of official authority conferred on the data controller;
  • for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) of the GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) of the GDPR, to the extent that the law referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
  • to assert, exercise or defend legal claims.

14.5 Right to information

If you have asserted your right to rectification, deletion or restriction of processing against the data controller, the data controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this data rectification or deletion or the restriction of its processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of such recipients vis-à-vis the data controller.

14.6 Right to data portability

You have the right to receive your personal data that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to communicate these data to another data controller without being obstructed by the data controller to whom the personal data was provided, insofar as

  • the processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) of the GDPR or on a contract pursuant to Art. 6 (1) (b) of the GDPR and
  • processing is carried out using automated procedures.

In exercising this right, you also have the right to request that your personal data be transmitted directly by one data controller to another, insofar as this is technically feasible. Freedoms and rights of third parties shall not be affected by this.

The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

14.7 Right to object

You have the right, for reasons arising from your particular circumstances, to object at any time to the processing of your personal data based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The data controller will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time; this will also apply to profiling in so far as it is linked to such direct marketing.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You also have the option to exercise your right to object in relation to the use of information society services – notwithstanding the Directive 2002/58/EC – by means of automated procedures using technical specifications.

14.8 Right to revoke the declaration of consent under data protection legislation

You have the right to revoke your declaration of consent under data protection legislation at any time. The revocation of consent does not affect the legitimacy of the processing carried out based on the consent up to the time consent is revoked.

14.9 Automated decisions in individual cases including profiling

You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or affects you significantly in a similar way. This will not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and the data controller,
  • is authorised by EU or Member State law to which the data controller is subject and contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
  • is made with your explicit consent.

However, these decisions may not be based on special categories of personal data under Art. 9 (1) of the GDPR, unless Art. 9 (2) (a) or (g) of the GDPR applies, and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the data controller shall take appropriate measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the data controller, to a statement of his or her point of view and to contest the decision.

14.10 Right to appeal to a supervisory authority

Without prejudice to any other administrative or legal remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the suspected infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint was submitted will inform the complainant of the status and outcome of the complaint, including the option for a legal remedy under Article 78 of the GDPR.

 

The supervisory authority responsible for Janssen Cosmetics GmbH:

North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information
Kavalleriestr. 2-4
40213 Düsseldorf, Germany
Tel.: +49 (0)211 38424-0
Fax: +49 (0)211 38424-999
Email: poststelle@ldi.nrw.de

Scroll to Top