Data protection and security

Data protection information  

(Version 1.0; Date 24.05.2018) 

Table of contents:

1.Overview

The following data protection information informs you about the type and extent of the processing of so-called personal data by the Parfümerie Douglas GmbH. Personal data is information that can be directly or indirectly attributed or assigned to your person.

The data processing by the Parfümerie Douglas GmbH can be primarily divided into two categories:

  • For the purpose of the contract execution, all data necessary for the execution of a contract with the Parfümerie Douglas GmbH are processed. If external service providers are involved in the execution of the contract, e.g. logistics companies or payment service providers, your data will be transmitted to them to a required extent.
  • By visiting the website/application of the Parfümerie Douglas GmbH, various information is transmitted between your device and our server. This can also be personal data. The information collected in this way will e.g. be used to optimize our website or to display advertisements in the browser of your device.

Our site and our services are not directed to children under 16 years.

According to the provisions of the GDPR, you have different rights that you can assert against us. This includes amongst other things the right to contradict against selected data processing, in particular, data processing for advertising purposes. The possibility of contradiction is empha-sized by printing technology.

If you have any questions about our privacy policy, you can always contact our corporate data pro-tection officer. The contact details can be found below.

2.Name and contact data of the persons responsible for the data processing and the data protection officer

This data protection information applies to the data processing by the Parfümerie Douglas GmbH, Luise-Rainer-Straße 7-11, 40235 Dusseldorf, Managing Directors: Tina Mueller, Michael Rauch, Vanessa Stützle, District Court Dusseldorf HRB 79122 ("Responsible person"), and for the following websites or applications: www.douglas.eu and www.tourist.douglas.eu. The operational data protection officer of the Parfümerie Douglas GmbH is under the mentioned above address, to the attention of Department of Data Protection, or under shop@douglas.eu reachable.

3.1.Visiting our website or application

When you visit our website/application, the browser used on your device automatically sends information to the server of our website/application and temporarily stores it in a so-called log file. We have no influence on this. The following information will also be collected without your intervention and stored until automated deletion:

  • the IP address of the requesting Internet-enabled device,
  • the date and time of access,
  • the name and URL of the retrieved file,
  • the website/application from which the access was made (referrer URL), the browser you use and, if necessary, the operating system of your Internet-capable computer as well as the name of your access provider.

The legal basis for processing the IP address is Article 6 (1) (f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point the annotation, we are not able to take direct conclusions about your identity from the collected data, and we do not draw any conclu-sion to your identity.

The IP address of your device and the other data listed above are used by us for the following purposes:

  • ensuring a smooth connection setup,
  • ensuring comfortable use of our website/application,
  • the name and URL of the retrieved file,
  • evaluation of system security and stability.

The data is stored for a time period of 7 days and then the IP address is automatically deleted. For security reasons, but without your IP address, this information will be stored in log files for longer and deleted after 31 days. The data contained in the log files are stored separately from other data by you.

We also use so-called cookies, tracking tools, targeting methods and social media plug-ins for our website/application. The exact procedures used and how your data are used for this purpose are described more detail in Section 3.4.

3.2.Conclusion, execution or termination of a contract

3.2.1.Data processing at the conclusion of the contract

The object of the Parfümerie Douglas GmbH is the distance selling of goods and services, the retail trade within the framework of the officially issued permits and the serial production of the goods to be offered. In this context, we process the data required to complete, execute or terminate a con-tract. That includes:

  • First name, last name, title, salutation
  • Invoice and delivery address, if necessary, additional address
  • Packstation and DHL customer number
  • E-mail address
  • Company and VAT ID
  • Date of birth
  • if necessary telephone number

The legal basis for this is Article 6 (1) (b) GDPR that means you provide the data based on the con-tractual relationship between you and us. To process your e-mail address, we are also obliged to send an electronic order confirmation in the form of a confirmation of dispatch due to a requirement in the German Civil Code (BGB) (Article 6 (1) (c) GDPR). Insofar as we do not use your contact data for advertising purposes (see below 3.3.), we store the data collected for the execution of the contract until the expiry of the legal or possible contractual warranty and guarantee rights. After expiry of this period, we retain the information required by commercial and tax law of the contractual relationship for the legal periods. For this period (usually ten years from the conclusion of the contract), the data will be reprocessed in the event of a review by the tax authorities.

To process the purchase contract, the following additional data processing is required:

With the processing of credit card payments and payments by PayPal, the company Heidelberger Payment GmbH, Vangerowstraße 18, 69115 Heidelberg, is commissioned. All entries of PayPal and credit card data are entered directly into the system of Heidelberger Payment GmbH in Heidelberg and cannot be read or stored by us.

We will transmit details of your delivery address to a logistics company commissioned by us for the purpose of processing the purchase contract.

In order to ensure that the goods are delivered according to your wishes, we use your e-mail address to contact you in advance of the delivery in order to inform you of the delivery time. Within this email, you also have the option of specifying your preferred delivery location or a storage location.

3.2.2.Transmission to credit bureaus

In the event of a delay in payment, we submit the necessary data to a company commissioned, if other legal requirements exist, with the assertion of the claim. Legal bases for this are both Article 6 (1) (b) and Article 6 (1) (f) GDPR. The assertion of a contractual claim is to be regarded as a legitimate interest within the meaning of the second-named regulation.

If the other legal requirements exist, we also provide information about the payment delay or any default on loans to credit agencies cooperating with us. The legal basis for this is Article 6 (1) (f) GDPR. The legitimate interest which this requires arises from our and third parties' interest in reducing contract risks for future contracts.

3.3.Data processing for advertising purposes

The following statements refer to the processing of personal data for advertising purposes. The GDPR declares such data processing on the basis of Article 6 (1) (f) as fundamentally conceivable and as a legitimate interest. The duration of data storage for advertising purposes does not follow any rigid principles and is based on the question of whether the storage is required for the promotional approach.

To find out more about the process in case of a opposition, please refer to para. 3.3.3.

3.3.1.Advertising purposes of the Parfümerie Douglas GmbH and third parties

As far as you have concluded a contract with us, we will keep you as an existing customer. In this case, we will process your postal contact details outside the scope of a specific consent in order to provide you with information about new products and services in this way. We process your e-mail address in order to provide you with information about similar products, outside of the availability of a specific approval. You can contradict this service in the checkout within every order or in each customer information at the end of the information.

3.3.2.Interest righteous advertising

In order for you to receive only those promotional information that is of perceived interest to you, we categorize and supplement your customer profile with further information. Statistical infor-mation, as well as information about yourself (e.g. basic data of your beauty profile in the "My Douglas" area), are used. The aim is to provide you with advertisements oriented only to your actual or perceived needs and not to bother you with useless advertising. Your address and order data will be processed by us for our own marketing purposes.

3.3.3.Right of revocation

Against the data processing for the aforementioned purposes, you can at any time charge for the respective communication channel separately and with effect for the future objec-tion. All you need to do is send an e-mail or a letter to the contact details listed under para. 2.

Insofar as you object, the affected contact address for further advertising data processing will be blocked. We point out that in exceptional cases, even after receipt of your objection; there may be a temporary shipment of advertising material. This is technically due to the necessary lead time of advertisements and does not mean that we do not implement your objection. Thank you for your understanding.

3.3.4.Newsletter dispatch

On our website, we offer you the opportunity to sign up for our newsletter. In order to be sure that no errors have occurred when entering the email address, we use the so-called double-opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Only if you click on this confirmation link your email address will be included on our mailing list. The processing of your electronic contact data takes place here only on the basis of your consent (Article 6 (1) (a) GDPR):

By signing up, you agree that Douglas collects the information (customer master data, purchase data) and usage data (use of the Douglas Online Services) stored on your customer account, use it for our own market and opinion research and on this basis exclusively make personalized advertising and special offers of products and services from the fields of beauty, clothing, nutrition and lifestyle, namely:

  • via email
  • on the Douglas websites
  • via the Douglas app
  • in the Douglas Beauty tabs
  • via mail and any form of contacting Douglas (for example, visiting a Douglas Perfumery or calling the Douglas Customer Service).

If you have a Douglas Beauty Card or a Douglas Beauty Card Premium, we will also use the infor-mation stored on your card for this purpose. Read more about our privacy policy. You can revoke this consent at any time, e.g. here or via the unsubscribe link included in every email. Your revocation does not affect the legality of the processing of your data until your revocation. Only if you have given us this consent(s) in form of a separate declaration, we will also send you the information and offers from the Douglas assortment (advertising) that are aligned with your personal interests via e-mail.

3.4.Online presence and website optimization

Overview and contradictions to web analytics and marketing services

3.4.1.Cookies and cookie-like technologies - General notes

We use so-called cookies on our website. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device; do not contain viruses, Trojans or other malicious software. In the cookie information is stored, each resulting in connection with the specific terminal used. However, this does not mean that we are immediately informed of your identity. On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website or that you have already logged in to your customer account. These are automatically deleted after leaving our page. In addition, for the reason of usability, we also use temporary cookies that are stored on your device for a specific period of time. If you visit our site again to take advantage of our services, it will automatically recognize that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them.

If you have a customer account with Parfümerie Douglas GmbH and you are logged in or activate the function "stay logged in", the information stored in cookies will be added to your customer account.

On the other hand, we use cookies in order to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer and to display information tailored to your specific needs. These cookies allow us to automatically recognize if you visit our site again, that you have already been on this site. These cookies are automatically deleted after a defined time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a note always appears before a new cookie is created. However, disabling cookies completely may mean that you can not use all features of our website. The storage period of cookies depends on their purpose and not the same for everyone.

3.4.2.Opposition / opt-out possibility

In addition to the deactivation methods described above, you can generally prevent the ex-plained targeting technologies via cookies by setting a corresponding cookie in your brows-er. In addition, you have the option of deactivating preference-based advertising with the help of the preference manager that can be called up here, so that all tags are no longer delivered.

3.4.3.Social-Media-Plug-ins

We use social plug-ins on the social networks Facebook, Google+ and Twitter on our website based on Article 6 (1) (f) of the GDPR to give you the opportunity to share featured articles on the article detail pages with your friends. The underlying commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR.

3.4.4.Facebook

On our website, so-called plug-ins of the social network Facebook are used, which is offered by the Facebook Inc. The Facebook plug-ins are marked with a Facebook logo or the addition "Like" or "Share". An overview of the Facebook plug-ins and their appearance can be found at the following link. If you use such a plug-in, your browser connects directly to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are currently not logged into Facebook. This information (including your IP address) will be transmitted from your browser directly to a Facebook server in the US and stored there. If you are logged into Facebook, Facebook can immediately assign the visit to our website to your Facebook profile. If you interact with the plug-ins, for example by clicking the "Like" button, this information will also be transmitted directly to a Facebook server and stored there. The information will also be posted on your Facebook profile and displayed to your Facebook friends.

For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your related rights and settings options for the protection of your privacy, please refer to the privacy policy of Facebook. If you do not want Facebook to immediately associate the information collected about your visit to our website with your Facebook profile, you must log out of Facebook before visiting our website.

3.4.5.Twitter

Our website also includes plug-ins from the short message network Twitter Inc. The Twitter plug-ins ("Tweet" button) can be recognized by the Twitter logo (a blue bird on a white background) or the addition "Tweet". When you visit a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click on the Twitter button while logged into your Twitter account, you can link the contents of our pages to your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. More information can be found here. If you do not want Twitter to associate your visit to our pages, please log out of your Twitter account.

3.5.Customer account-„My Douglas“

For our customers registered with "My Douglas" the purchase on douglas.eu becomes a special experience. Registration is free and opens the door to your personal space with many "My Douglas" benefits. In order to provide you with the greatest possible comfort during your purchase, we offer you the permanent storage of your personal data in a password-protected customer account. The investment of the customer account is optional and takes place on the basis of your consent within the meaning of Article 6 paragraph 1 letter a) GDPR. After setting up a customer account, no re-entry is required. In addition, you can view and change the data stored in your customer account at any time.

In addition to the data requested during an order, you must provide a self-selected password to set up a customer account. This serves together with your e-mail address for access to your customer account. Please treat your personal access data confidentially and in particular do not make it acces-sible to unauthorized third parties. We cannot accept liability for misused passwords unless we are responsible for the abuse. Please note that even after leaving our website, you will automatically be logged in, unless you actively log out.

In addition, you can decide for yourself which personal information you entrust to us in addition. The more we know about you, the better we can respond to your needs and the greater the comfort we can offer you on douglas.eu. Moreover, you can select preferred payment methods and save your payment data or different delivery addresses.

Also, you can rate products in the logged-in state, using a freely selectable nickname and can submit a free text reviews:

  • No swear words or insults
  • No information such as e-mail address, telephone number, URL
  • No references to other sources of supply.

Please note that for your safety, if you update your e-mail address, we will delete the Douglas Card information you have stored in the "My Douglas" section. As soon as you have finished changing your e-mail address, you can save your payment data as usual.

You have the option to delete your customer account at any time. Please note, however, that this does not mean that the data in the customer account can be deleted. As a rule, the data stored about your person will be deleted or anonymized immediately after the expiry of the existing com-mercial and taxable duty of storage after 10 years.

3.6.Customer service / telephone order

If you contact our customer service by phone, email or chat, in particular, to place an order by phone or have a concern in the context of your order, then all previously collected data, for example, in the context of a contract or other personal data you submit us as part of your request processed by our customer service. The processed categories of personal data include in particular your master data (such as first name, last name, name addition, Douglas Beauty Card number or your customer number, as well as your date of birth), contact details (e.g. private address, (mobile) telephone number, e-mail address), the log data generated by the use of the IT systems as well as other data that you would like to submit to us by telephone to process the request.

For certain tasks, we can commission external service providers with the data processing (in particular for the answer to your inquiries to online orders, as well as telephone orders). Whenever Douglas cooperates with such service providers, they are bound by contractual agreements in the same way as we are required to observe data protection. The legal basis for the processing operations described here is Article 6 (1) (b) DSGVO (performance of the contract and precontractual measures) or Article 6 (1) (a) GDPR in conjunction with your respective consent. We delete your communication data after 6 years at the latest.

4.Transmission to recipients outside the EU

We do not share your information with recipients located outside the European Union or the Euro-pean Economic Area.

5.Integration of third party content

We have included third-party content in some places on our website. These are videos, map services, pictures or fonts. In connection with the integration of this content, it is technically necessary that we inform the offering third party of your IP address so that they can display the content to you. Storage of your IP address by us for the integration of external content does not take place. The third-party providers may use your IP address, the use of cookies and other technologies (e.g. pixel tags, i.e. invisible graphics) to understand your browsing behavior and, in addition to your IP address, provide further technical information (e.g. browser type/version, operating system used, the page you previously visited, the host name of the accessing device and the time, and other information about using our online service).

The legal basis for the processing of your data is Article 6 paragraph 1 sentence 1 letter f) of the GDPR. We have a legitimate interest in optimizing our website and improving our offer to you by including third-party content.

For a more detailed description of who we embed content in and how your data is processed, see the description of the embedded content below.

  • YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Data protection: https://policies.google.com/privacy - An opt-out is possible under:https://adssettings.google.com/authenticated
  • Google Maps (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Data protection:https://policies.google.com/privacy - An opt-out is possible under:https://adssettings.google.com/authenticated
  • Instagram (Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA). Data protection: https://help.instagram.com/155833707900388

6.Your rights

Overview

In addition to the right of revocation of your consent granted to us, you are entitled to the following further rights if the relevant legal requirements apply:

  • Right of information about your personal data stored with us in accordance with. Art. 15 DSG Regulation; in particular, you can provide information about the purposes of proces-sing, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the source of their data, if not collected directly from you,
  • Right to correct incorrect or correct data according to Art. 16 GDPR,
  • Right to delete your stored data in accordance with. Art. 17 DSGVO insofar as no statutory or contractual retention periods or other statutory obligations or rights for further storage is to be observed,
  • Right to restriction of the processing of your data acc. Art. 18 GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion; the person in charge no longer needs the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing according to Art. 21 GDPR,
  • Right to data portability acc. Art. 20 DSGVO, this means the right to transfer selected data stored about us in a common, machine-readable format, or to request transmission to an-other person in charge,
  • Right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

Right of revocation

Under the conditions of Article 21 (1) GDPR, data processing may be objected for reasons that arise from the particular situation of the person concerned.

The above general right of revocation applies to all processing purposes described in this privacy statement, which are processed on the basis of Article 6 (1) (f) GDPR. Unlike the special right of objection to data processing for commercial purposes, according to the GDPR, we are only obliged to implement a general objection if you give us reasons of major importance (e.g. a possible danger for life or health). In addition, it is possible to contact the Parfümerie Douglas GmbH supervisory authority, the data protection officer or shop@douglas.eu.

7.Data security measures

All personally transmitted data, including your payment data, will be transmitted using the common and secure SSL (Secure Socket Layer) standard. SSL is a secure and proven standard, e.g. is also used in online banking. You will see a secure SSL connection, including the attached s at the http (i.e. https: // ...) in the address bar of your browser or the lock icon at the bottom of your browser.

Incidentally, we use appropriate technical and organizational security measures to protect your personal data stored against manipulation, partial or complete loss and against unauthorized access by third parties.

What does a secure password look like? A secure password should be chosen randomly and consist of all the characters and special characters your keyboard provides. As a rule, you should note the following points when creating your password: Your password should: - consist of at least eight characters, - contain upper and lower case letters, numbers and special characters, - be changed every three months, - and each account should have its own password receive.

Example: 4§1G8ecp5/l or OmjO76_Xm.zen.

Avoid sending passwords, login or account information via e-mail. Confidential data, such as pass-words should generally not be passed on to third parties due to possible misuse! Never answer unknown advertising e-mails and do not click on any links contained therein. This will confirm to the spammer that your address actually exists and is being used.

Douglas is verified as a sender at trustedDialog, can be identified by all email providers and classified as authentic. This can be recognized by the sign to the left of the sender in your In Box. If mails without this number are received you are not from Douglas.

If someone tries to trick you and us with your credit card or your PayPal account, please follow the instructions of your credit card company or PayPal and inform us immediately at the email address shop@douglas.eu or at +49-211-16 84 77 999. Most credit card companies and/or PayPal cover all the damages that may be caused by misuse of your credit card or PayPal account under certain con-ditions.

8.Modifications to this statement

As far as we introduce new products or services, change Internet procedures or if the Internet and computer security technology evolves, the "Privacy Policy" should be updated. We, therefore, re-serve the right to change or supplement the explanation as needed. The changes will be published here. Therefore, you should visit this website regularly to keep up to date with the privacy policy.