Data protection and security
Data protection information
(Version 1.0; Date 24.05.2018)
Table of contents:
- 2.Name and contact data of the persons responsible for the data processing and the data protection officer
- 3.Purposes of data processing, legal bases, and legitimate interests pursued by the Parfümerie Douglas GmbH or a third party as well as categories of recipients
- 3.1.Visiting our website or application
- 3.2.Conclusion, execution or termination of a contract
- 3.3.Data processing for advertising purposes
- 3.4.Online presence and website optimization
- 3.5.Customer account - „My Douglas“ “
- 3.6.Customer service / telephone order
- 4.Transmission to recipients outside the EU
- 5.Integration of third party content
- 6.Your rights
- 7.Data security measures
- 8.Modifications to this statement
The following data protection information informs you about the type and extent of the processing of so-called personal data by the Parfümerie Douglas GmbH. Personal data is information that can be directly or indirectly attributed or assigned to your person.
The data processing by the Parfümerie Douglas GmbH can be primarily divided into two categories:
- For the purpose of the contract execution, all data necessary for the execution of a contract with the Parfümerie Douglas GmbH are processed. If external service providers are involved in the execution of the contract, e.g. logistics companies or payment service providers, your data will be transmitted to them to a required extent.
- By visiting the website/application of the Parfümerie Douglas GmbH, various information is transmitted between your device and our server. This can also be personal data. The information collected in this way will e.g. be used to optimize our website or to display advertisements in the browser of your device.
Our site and our services are not directed to children under 16 years.
According to the provisions of the GDPR, you have different rights that you can assert against us. This includes amongst other things the right to contradict against selected data processing, in particular, data processing for advertising purposes. The possibility of contradiction is empha-sized by printing technology.
2.Name and contact data of the persons responsible for the data processing and the data protection officer
This data protection information applies to the data processing by the Parfümerie Douglas GmbH, Luise-Rainer-Straße 7-11, 40235 Dusseldorf, Managing Directors: Tina Mueller, Vanessa Stützle, District Court Dusseldorf HRB 79122 ("Responsible person"), and for the following websites or applications: www.douglas.eu and www.tourist.douglas.eu. The operational data protection officer of the Parfümerie Douglas GmbH is under the mentioned above address, to the attention of Department of Data Protection, or under email@example.com reachable.
3.Purposes of data processing, legal bases, and legitimate interests pursued by the Parfümerie Douglas GmbH or a third party as well as categories of recipients
3.1.Visiting our website or application
When you visit our website/application, the browser used on your device automatically sends information to the server of our website/application and temporarily stores it in a so-called log file. We have no influence on this. The following information will also be collected without your intervention and stored until automated deletion:
- the IP address of the requesting Internet-enabled device,
- the date and time of access,
- the name and URL of the retrieved file,
- the website/application from which the access was made (referrer URL), the browser you use and, if necessary, the operating system of your Internet-capable computer as well as the name of your access provider.
The legal basis for processing the IP address is Article 6 (1) (f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point the annotation, we are not able to take direct conclusions about your identity from the collected data, and we do not draw any conclu-sion to your identity.
The IP address of your device and the other data listed above are used by us for the following purposes:
- ensuring a smooth connection setup,
- ensuring comfortable use of our website/application,
- the name and URL of the retrieved file,
- evaluation of system security and stability.
The data is stored for a time period of 7 days and then the IP address is automatically deleted. For security reasons, but without your IP address, this information will be stored in log files for longer and deleted after 31 days. The data contained in the log files are stored separately from other data by you.
We also use so-called cookies, tracking tools, targeting methods and social media plug-ins for our website/application. The exact procedures used and how your data are used for this purpose are described more detail in Section 3.4.
3.2.Conclusion, execution or termination of a contract
3.2.1.Data processing at the conclusion of the contract
The object of the Parfümerie Douglas GmbH is the distance selling of goods and services, the retail trade within the framework of the officially issued permits and the serial production of the goods to be offered. In this context, we process the data required to complete, execute or terminate a con-tract. That includes:
- First name, last name, title, salutation
- Invoice and delivery address, if necessary, additional address
- Packstation and DHL customer number
- E-mail address
- Company and VAT ID
- Date of birth
- if necessary telephone number
The legal basis for this is Article 6 (1) (b) GDPR that means you provide the data based on the con-tractual relationship between you and us. To process your e-mail address, we are also obliged to send an electronic order confirmation in the form of a confirmation of dispatch due to a requirement in the German Civil Code (BGB) (Article 6 (1) (c) GDPR). Insofar as we do not use your contact data for advertising purposes (see below 3.3.), we store the data collected for the execution of the contract until the expiry of the legal or possible contractual warranty and guarantee rights. After expiry of this period, we retain the information required by commercial and tax law of the contractual relationship for the legal periods. For this period (usually ten years from the conclusion of the contract), the data will be reprocessed in the event of a review by the tax authorities.
To process the purchase contract, the following additional data processing is required:
With the processing of credit card payments and payments by PayPal, the company Heidelberger Payment GmbH, Vangerowstraße 18, 69115 Heidelberg, is commissioned. All entries of PayPal and credit card data are entered directly into the system of Heidelberger Payment GmbH in Heidelberg and cannot be read or stored by us.
We will transmit details of your delivery address to a logistics company commissioned by us for the purpose of processing the purchase contract.
In order to ensure that the goods are delivered according to your wishes, we use your e-mail address to contact you in advance of the delivery in order to inform you of the delivery time. Within this email, you also have the option of specifying your preferred delivery location or a storage location.
3.2.2.Transmission to credit bureaus
In the event of a delay in payment, we submit the necessary data to a company commissioned, if other legal requirements exist, with the assertion of the claim. Legal bases for this are both Article 6 (1) (b) and Article 6 (1) (f) GDPR. The assertion of a contractual claim is to be regarded as a legitimate interest within the meaning of the second-named regulation.
If the other legal requirements exist, we also provide information about the payment delay or any default on loans to credit agencies cooperating with us. The legal basis for this is Article 6 (1) (f) GDPR. The legitimate interest which this requires arises from our and third parties' interest in reducing contract risks for future contracts.
3.3.Data processing for advertising purposes
The following statements refer to the processing of personal data for advertising purposes. The GDPR declares such data processing on the basis of Article 6 (1) (f) as fundamentally conceivable and as a legitimate interest. The duration of data storage for advertising purposes does not follow any rigid principles and is based on the question of whether the storage is required for the promotional approach.
To find out more about the process in case of a opposition, please refer to para. 3.3.3.
3.3.1.Advertising purposes of the Parfümerie Douglas GmbH and third parties
As far as you have concluded a contract with us, we will keep you as an existing customer. In this case, we will process your postal contact details outside the scope of a specific consent in order to provide you with information about new products and services in this way. We process your e-mail address in order to provide you with information about similar products, outside of the availability of a specific approval. You can contradict this service in the checkout within every order or in each customer information at the end of the information.
3.3.2.Interest righteous advertising
In order for you to receive only those promotional information that is of perceived interest to you, we categorize and supplement your customer profile with further information. Statistical infor-mation, as well as information about yourself (e.g. basic data of your beauty profile in the "My Douglas" area), are used. The aim is to provide you with advertisements oriented only to your actual or perceived needs and not to bother you with useless advertising. Your address and order data will be processed by us for our own marketing purposes.
3.3.3.Right of revocation
Against the data processing for the aforementioned purposes, you can at any time charge for the respective communication channel separately and with effect for the future objec-tion. All you need to do is send an e-mail or a letter to the contact details listed under para. 2.
Insofar as you object, the affected contact address for further advertising data processing will be blocked. We point out that in exceptional cases, even after receipt of your objection; there may be a temporary shipment of advertising material. This is technically due to the necessary lead time of advertisements and does not mean that we do not implement your objection. Thank you for your understanding.
On our website, we offer you the opportunity to sign up for our newsletter. In order to be sure that no errors have occurred when entering the email address, we use the so-called double-opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Only if you click on this confirmation link your email address will be included on our mailing list. The processing of your electronic contact data takes place here only on the basis of your consent (Article 6 (1) (a) GDPR):
By signing up, you agree that Douglas collects the information (customer master data, purchase data) and usage data (use of the Douglas Online Services) stored on your customer account, use it for our own market and opinion research and on this basis exclusively make personalized advertising and special offers of products and services from the fields of beauty, clothing, nutrition and lifestyle, namely:
- via email
- on the Douglas websites
- via the Douglas app
- in the Douglas Beauty tabs
- via mail and any form of contacting Douglas (for example, visiting a Douglas Perfumery or calling the Douglas Customer Service).
3.4.Online presence and website optimization
Overview and contradictions to web analytics and marketing services
3.4.1.Cookies and cookie-like technologies - General notes
If you have a customer account with Parfümerie Douglas GmbH and you are logged in or activate the function "stay logged in", the information stored in cookies will be added to your customer account.
3.4.2.Opposition / opt-out possibility
In addition to the deactivation methods described above, you can generally prevent the ex-plained targeting technologies via cookies by setting a corresponding cookie in your brows-er. In addition, you have the option of deactivating preference-based advertising with the help of the preference manager that can be called up here, so that all tags are no longer delivered.
We use social plug-ins on the social networks Facebook, Google+ and Twitter on our website based on Article 6 (1) (f) of the GDPR to give you the opportunity to share featured articles on the article detail pages with your friends. The underlying commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR.
On our website, so-called plug-ins of the social network Facebook are used, which is offered by the Facebook Inc. The Facebook plug-ins are marked with a Facebook logo or the addition "Like" or "Share". An overview of the Facebook plug-ins and their appearance can be found at the following link. If you use such a plug-in, your browser connects directly to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are currently not logged into Facebook. This information (including your IP address) will be transmitted from your browser directly to a Facebook server in the US and stored there. If you are logged into Facebook, Facebook can immediately assign the visit to our website to your Facebook profile. If you interact with the plug-ins, for example by clicking the "Like" button, this information will also be transmitted directly to a Facebook server and stored there. The information will also be posted on your Facebook profile and displayed to your Facebook friends.
Our website also includes plug-ins from the short message network Twitter Inc. The Twitter plug-ins ("Tweet" button) can be recognized by the Twitter logo (a blue bird on a white background) or the addition "Tweet". When you visit a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click on the Twitter button while logged into your Twitter account, you can link the contents of our pages to your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. More information can be found here. If you do not want Twitter to associate your visit to our pages, please log out of your Twitter account.
3.5.Customer account-„My Douglas“
For our customers registered with "My Douglas" the purchase on douglas.eu becomes a special experience. Registration is free and opens the door to your personal space with many "My Douglas" benefits. In order to provide you with the greatest possible comfort during your purchase, we offer you the permanent storage of your personal data in a password-protected customer account. The investment of the customer account is optional and takes place on the basis of your consent within the meaning of Article 6 paragraph 1 letter a) GDPR. After setting up a customer account, no re-entry is required. In addition, you can view and change the data stored in your customer account at any time.
In addition to the data requested during an order, you must provide a self-selected password to set up a customer account. This serves together with your e-mail address for access to your customer account. Please treat your personal access data confidentially and in particular do not make it acces-sible to unauthorized third parties. We cannot accept liability for misused passwords unless we are responsible for the abuse. Please note that even after leaving our website, you will automatically be logged in, unless you actively log out.
In addition, you can decide for yourself which personal information you entrust to us in addition. The more we know about you, the better we can respond to your needs and the greater the comfort we can offer you on douglas.eu. Moreover, you can select preferred payment methods and save your payment data or different delivery addresses.
Also, you can rate products in the logged-in state, using a freely selectable nickname and can submit a free text reviews:
- No swear words or insults
- No information such as e-mail address, telephone number, URL
- No references to other sources of supply.
Please note that for your safety, if you update your e-mail address, we will delete the Douglas Card information you have stored in the "My Douglas" section. As soon as you have finished changing your e-mail address, you can save your payment data as usual.
You have the option to delete your customer account at any time. Please note, however, that this does not mean that the data in the customer account can be deleted. As a rule, the data stored about your person will be deleted or anonymized immediately after the expiry of the existing com-mercial and taxable duty of storage after 10 years.
3.6.Customer service / telephone order
If you contact our customer service by phone, email or chat, in particular, to place an order by phone or have a concern in the context of your order, then all previously collected data, for example, in the context of a contract or other personal data you submit us as part of your request processed by our customer service. The processed categories of personal data include in particular your master data (such as first name, last name, name addition, Douglas Beauty Card number or your customer number, as well as your date of birth), contact details (e.g. private address, (mobile) telephone number, e-mail address), the log data generated by the use of the IT systems as well as other data that you would like to submit to us by telephone to process the request.
For certain tasks, we can commission external service providers with the data processing (in particular for the answer to your inquiries to online orders, as well as telephone orders). Whenever Douglas cooperates with such service providers, they are bound by contractual agreements in the same way as we are required to observe data protection. The legal basis for the processing operations described here is Article 6 (1) (b) DSGVO (performance of the contract and precontractual measures) or Article 6 (1) (a) GDPR in conjunction with your respective consent. We delete your communication data after 6 years at the latest.
4.Transmission to recipients outside the EU
We do not share your information with recipients located outside the European Union or the Euro-pean Economic Area.
5.Integration of third party content
The legal basis for the processing of your data is Article 6 paragraph 1 sentence 1 letter f) of the GDPR. We have a legitimate interest in optimizing our website and improving our offer to you by including third-party content.
For a more detailed description of who we embed content in and how your data is processed, see the description of the embedded content below.
- YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Data protection: https://policies.google.com/privacy - An opt-out is possible under:https://adssettings.google.com/authenticated
- Google Maps (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Data protection:https://policies.google.com/privacy - An opt-out is possible under:https://adssettings.google.com/authenticated
- Instagram (Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA). Data protection: https://help.instagram.com/155833707900388
In addition to the right of revocation of your consent granted to us, you are entitled to the following further rights if the relevant legal requirements apply:
- Right of information about your personal data stored with us in accordance with. Art. 15 DSG Regulation; in particular, you can provide information about the purposes of proces-sing, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the source of their data, if not collected directly from you,
- Right to correct incorrect or correct data according to Art. 16 GDPR,
- Right to delete your stored data in accordance with. Art. 17 DSGVO insofar as no statutory or contractual retention periods or other statutory obligations or rights for further storage is to be observed,
- Right to restriction of the processing of your data acc. Art. 18 GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion; the person in charge no longer needs the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing according to Art. 21 GDPR,
- Right to data portability acc. Art. 20 DSGVO, this means the right to transfer selected data stored about us in a common, machine-readable format, or to request transmission to an-other person in charge,
- Right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
Right of revocation
Under the conditions of Article 21 (1) GDPR, data processing may be objected for reasons that arise from the particular situation of the person concerned.
The above general right of revocation applies to all processing purposes described in this privacy statement, which are processed on the basis of Article 6 (1) (f) GDPR. Unlike the special right of objection to data processing for commercial purposes, according to the GDPR, we are only obliged to implement a general objection if you give us reasons of major importance (e.g. a possible danger for life or health). In addition, it is possible to contact the Parfümerie Douglas GmbH supervisory authority, the data protection officer or firstname.lastname@example.org.
7.Data security measures
All personally transmitted data, including your payment data, will be transmitted using the common and secure SSL (Secure Socket Layer) standard. SSL is a secure and proven standard, e.g. is also used in online banking. You will see a secure SSL connection, including the attached s at the http (i.e. https: // ...) in the address bar of your browser or the lock icon at the bottom of your browser.
Incidentally, we use appropriate technical and organizational security measures to protect your personal data stored against manipulation, partial or complete loss and against unauthorized access by third parties.
What does a secure password look like? A secure password should be chosen randomly and consist of all the characters and special characters your keyboard provides. As a rule, you should note the following points when creating your password: Your password should: - consist of at least eight characters, - contain upper and lower case letters, numbers and special characters, - be changed every three months, - and each account should have its own password receive.
Example: 4§1G8ecp5/l or OmjO76_Xm.zen.
Avoid sending passwords, login or account information via e-mail. Confidential data, such as pass-words should generally not be passed on to third parties due to possible misuse! Never answer unknown advertising e-mails and do not click on any links contained therein. This will confirm to the spammer that your address actually exists and is being used.
Douglas is verified as a sender at trustedDialog, can be identified by all email providers and classified as authentic. This can be recognized by the sign to the left of the sender in your In Box. If mails without this number are received you are not from Douglas.
If someone tries to trick you and us with your credit card or your PayPal account, please follow the instructions of your credit card company or PayPal and inform us immediately at the email address email@example.com. Most credit card companies and/or PayPal cover all the damages that may be caused by misuse of your credit card or PayPal account under certain con-ditions.
8.Modifications to this statement