Privacy Policy
We are delighted that you have shown interest in our company. The protection of personal data is of the highest priority for the management of MARLY PRODUCTS Susanne Behre-Monien e.K. In general, the website of MARLY PRODUCTS Susanne Behre-Monien e.K. can be used without providing any personal data. However, if a data subject wishes to make use of specific services offered by our company via our website, the processing of personal data may become necessary. Where such processing is required and no statutory legal basis exists, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to MARLY PRODUCTS Susanne Behre-Monien e.K. By means of this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects of their rights.
As the controller, MARLY PRODUCTS Susanne Behre-Monien e.K. has implemented numerous technical and organizational measures to ensure the most comprehensive protection possible for personal data processed through this website. Nevertheless, internet-based data transmissions may inherently contain security vulnerabilities, and absolute protection cannot be guaranteed. For this reason, data subjects are free to transmit personal data to us via alternative means, such as by telephone.
1. Definitions
This privacy policy is based on the terminology used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). It is intended to be easily readable and understandable for the general public, as well as for our customers and business partners. To ensure clarity, we explain the key terms used below.
Within this privacy policy, the following terms shall have the meanings set out below:
a) Personal Data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is deemed identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing
Processing means any operation or set of operations performed on personal data, whether or not by automated means. This includes, in particular, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
d) Restriction of Processing
Restriction of processing means the marking of stored personal data with the aim of limiting its future processing.
e) Profiling
Profiling refers to any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
f) Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
g) Controller
The controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where such purposes and means are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by such law.
h) Processor
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
i) Recipient
A recipient is a natural or legal person, public authority, agency, or another body to which personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the course of a specific inquiry under Union or Member State law shall not be regarded as recipients.
j) Third Party
A third party is any natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they signify agreement to the processing of personal data relating to them, either by a statement or by a clear affirmative action.
2. Name and Address of the Controller
The controller within the meaning of the GDPR and other applicable data protection laws in the Member States of the European Union is:
MARLY PRODUCTS Susanne Behre-Monien e.K.
Kolomanstr. 5a
85737 Ismaning
Germany
Tel.: (+49) 89 – 996388-79
Email: mail@marlyproducts.de
Website: http://www.haut-probleme.com
3. Cookies
The website of MARLY PRODUCTS Susanne Behre-Monien e.K. uses cookies. Cookies are text files that are stored on a computer system via an internet browser.
Many websites and servers use cookies. Numerous cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie and consists of a string of characters through which websites and servers can assign the specific internet browser in which the cookie was stored. This enables visited websites and servers to distinguish the individual browser of the data subject from other browsers that contain different cookies. A specific browser can thus be recognized and identified via the unique cookie ID.
Through the use of cookies, MARLY PRODUCTS Susanne Behre-Monien e.K. can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.
Cookies allow us to optimize the information and offers on our website in accordance with the user’s needs. As mentioned above, cookies enable us to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, users do not have to re-enter their login details each time they visit the website, as this is handled by the website and the cookie stored on the user’s computer system. Another example is the shopping cart cookie in an online shop, which stores the items placed in the virtual shopping cart.
The data subject may, at any time, prevent the setting of cookies by our website by means of a corresponding setting in the internet browser used, and may thus permanently object to the setting of cookies. Furthermore, cookies that have already been set may be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject disables the setting of cookies in the internet browser used, not all functions of our website may be fully available.
4. Collection of General Data and Information
The website of MARLY PRODUCTS Susanne Behre-Monien e.K. collects a series of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in the server’s log files. The following may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) the subpages accessed via an accessing system on our website, (5) the date and time of access, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks on our IT systems.
When using this general data and information, MARLY PRODUCTS Susanne Behre-Monien e.K. does not draw any conclusions about the data subject. Rather, this information is required to (1) correctly deliver the contents of our website, (2) optimize the content and advertising of our website, (3) ensure the long-term functionality of our IT systems and website technology, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.
These anonymously collected data are therefore evaluated statistically and with the aim of increasing data protection and data security within our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.
9. Privacy Provisions Regarding the Use of Google Analytics (with Anonymization Function)
The controller has integrated Google Analytics, including an anonymization function, into this website. Google Analytics is a web analytics service. Web analytics involves the collection, gathering, and evaluation of data relating to the behavior of visitors to websites. Among other things, a web analytics service collects data on the website from which a data subject has accessed another website, known as the referrer, which subpages of the website were accessed, and how often and for how long a subpage was viewed. Web analytics is primarily used to optimize a website and to perform a cost-benefit analysis of online advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For web analytics via Google Analytics, the controller uses the extension “_gat._anonymizeIp”. By means of this extension, Google shortens and anonymizes the IP address of the data subject’s internet connection when access to our website takes place from a Member State of the European Union or from another contracting state of the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor traffic on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing activity on our website, and to provide other services related to the use of our website.
Google Analytics places a cookie on the data subject’s information technology system. Cookies have already been explained above. The setting of the cookie enables Google to analyze the use of our website. Each time one of the individual pages of this website is accessed, where a Google Analytics component has been integrated, the internet browser on the data subject’s information technology system is automatically prompted by the respective Google Analytics component to transmit data to Google for online analysis purposes. As part of this technical process, Google obtains knowledge of personal data, such as the data subject’s IP address, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements.
Through the cookie, personal information such as the access time, the location from which access originated, and the frequency of visits to our website by the data subject is stored. Each time our website is visited, these personal data, including the IP address of the internet connection used by the data subject, are transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may disclose the personal data collected through this technical process to third parties.
The data subject may, at any time, prevent the setting of cookies by our website, as described above, by means of an appropriate setting in the internet browser used, and may thus permanently object to the setting of cookies. Such a setting of the internet browser would also prevent Google from placing a cookie on the data subject’s information technology system. Furthermore, cookies already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
In addition, the data subject has the option to object to the collection of data generated by Google Analytics, relating to the use of this website, as well as to the processing of this data by Google, and to prevent such processing. To do so, the data subject must download and install a browser add-on available at https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data or information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is regarded by Google as an objection. If the data subject’s information technology system is subsequently deleted, formatted, or reinstalled, the browser add-on must be reinstalled in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.
Further information and the applicable data protection provisions of Google may be retrieved at https://www.google.de/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/en.html. Google Analytics is explained in more detail at https://www.google.com/intl/en/analytics/.
10. Privacy Provisions Regarding the Use of YouTube
The controller has integrated components of YouTube on this website. YouTube is an internet video portal that allows video publishers to upload video clips free of charge and enables other users to view, rate, and comment on such videos, also free of charge. YouTube permits the publication of all types of videos, including full-length films and television programs, music videos, trailers, and user-generated content.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time a data subject accesses one of the individual pages of this website on which a YouTube component (YouTube video) has been integrated, the internet browser on the data subject’s information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component. Further information about YouTube may be obtained at https://www.youtube.com/yt/about/. As part of this technical procedure, YouTube and Google receive information about which specific subpage of our website was visited by the data subject.
If the data subject is simultaneously logged into YouTube, YouTube recognizes which specific subpage of our website the data subject visits when accessing a page containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google receive information via the YouTube component whenever the data subject visits our website while logged into their YouTube account, regardless of whether the data subject clicks on a YouTube video. If the data subject does not wish such information to be transmitted to YouTube and Google, they may prevent this by logging out of their YouTube account prior to accessing our website.
The data protection provisions published by YouTube, available at https://www.google.de/intl/en/policies/privacy/, provide information about the collection, processing, and use of personal data by YouTube and Google.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). reCAPTCHA is used to verify whether data entered on our websites (e.g., in a contact form) is performed by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor accesses the website. For the analysis, reCAPTCHA evaluates various types of information (e.g., IP address, time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
Data processing is based on your consent (Art. 6(1)(a) GDPR), provided that you have granted such consent via our cookie consent tool. You may revoke your consent at any time. Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. Further information on Google reCAPTCHA can be found at https://policies.google.com/privacy?hl=en.
11. Legal Basis for Processing
Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in processing operations required for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary for carrying out pre-contractual measures, such as inquiries relating to our products or services.
If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third party. In such cases, the processing would be based on Article 6(1)(d) GDPR.
Finally, processing operations may be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, where processing is necessary for the purposes of legitimate interests pursued by our company or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator, who considered that a legitimate interest may be assumed if the data subject is a customer of the controller (Recital 47 sentence 2 GDPR).
12. Legitimate Interests Pursued by the Controller or a Third Party
Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of all our employees and shareholders.
13. Period for Which Personal Data Is Stored
The criterion used to determine the period of storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data are routinely deleted, provided that they are no longer required for the fulfillment or initiation of a contract.
14. Legal or Contractual Requirements to Provide Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Failure to Provide Such Data
We inform you that the provision of personal data may be required by law (e.g., tax regulations) or may also arise from contractual provisions (e.g., information about the contractual partner). In some cases, it may be necessary for a data subject to provide personal data in order to conclude a contract, which we must subsequently process.
For example, the data subject is obliged to provide personal data if our company concludes a contract with them. Failure to provide the personal data would result in the inability to conclude the contract with the data subject. Prior to providing personal data, the data subject may contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract, or necessary for the conclusion of a contract, whether there is an obligation to provide such data, and the consequences of failure to provide personal data.
15. Existence of Automated Decision-Making
As a responsible company, we do not use automated decision-making or profiling.