Please see below for our privacy statement
This data protection resolution applies to personal data collected and processed by us when you use our online services. The following informs you on which data we collect and how we use them.
1. Name and contact information of the person responsible for the processing (controller) and of the company's Data Protection Officer
This data protection information applies to the data processing by:
Controller of the processing of your personal data
mi.to. pharm GmbH
38304 Wolfenbüttel (Germany)
phone: +49 5331 7108480
fax: +49 5331 7108489
Data Protection Officer
Company: BEL NET GmbH
You can reach our Data Protection Officer at the following address:
phone: +49 (0)531 21 44 175
mail: Christian-Pommer-Strasse 23, 38112 Braunschweig, Germany
2. Collection and storage of personal data and nature and purpose of their use
a) When you visit our website
When you visit our website at https://www.dermaroller.com, the browser of your device will automatically send information to the server used by our website. This information is temporarily stored in a log file. The following information will be collected in the process without any action on your part, and stored until its automatic deletion 21 days later:
IP address of the requesting computer,
date and time of your visit of our website,
name and URL of the downloaded file
website from where our website was accessed (referrer URL),
browser used and possibly the operating system of your computer, as well as the name of your access provider.
We process the data in question for the following purposes:
To ensure a smooth connection with our website,
enable its ease of use,
assess the security and stability of our system,
and for other administrative purposes.
b) When you register for our newsletter
We will only ever send out newsletters, emails and other electronic messages containing promotional information ("newsletters") with the addressee's consent or a legal permission.
If you have explicitly agreed to the receipt of such information as per GDR section 6.1.a, we will use your email address for sending you our regular newsletters
The registration for receiving our newsletter is subject to a twofold opt-in process, meaning that you will be sent an email after your registration asking you to confirm it. The newsletter registrations are logged to enable us to prove that the registration process meets the legal requirements. This includes the storage of the registration and confirmation date, as well as the IP address. Changes in the data stored about you by shipment service providers are also logged.
You can deregister at any time, e.g. by clicking the link at the end of every newsletter. You can also inform us of your wish to deregister at any time by email to email@example.com.
c) When you use our contact form
We offer you the option to contact us at any time by email with questions of any kind. It is important that you provide us with your title, first and last name, a valid email address and a telephone number so that we know who is making the request, and to enable us to process it. You can also provide us with further information if you wish. The data processing for the purpose of contacting us is based on your voluntary consent as per GDPR 6.1.a. The personal data we collect will be automatically deleted once your request has been dealt with.
d) When ordering online
We will only forward personal data to third parties if this is required to meet contractual requirements, e.g. to the bank tasked with handling the payment, or the company tasked with delivering the goods. There is no repeated transfer of the data unless you have explicitly agreed. Your data will not be forwarded to third parties, e.g. for promotional purposes, unless you have explicitly agreed to this.
If you want to place an order in our online shop, you will need to provide the personal data required for processing it, so that a purchase contract can be formed. The mandatory information for processing your order is marked as such. All the other information is voluntary. We will process the data you provide to fulfil your order. To this end, we can forward your payment data to the institute tasked with handling the payment. The legal basis in this case is GDPR section 6.1.b.
Requirements under commercial and tax law oblige us to store your address, payment and order data for a period of ten years. We will limit the scope of the processing activities after two years, however, meaning that your data will only be used to comply with the legal requirements.
You have the option of creating a customer account on a voluntary basis, which will enable us to store your data for future shopping. If you decide to create an account at "My Account", the data you provide will be stored revocably. The legal basis for this processing is our legitimate interest as per GDPR section 6.1.f to provide you with the "customer account" service described above and/or execute a user contract with you (GDPR section 6.1.b). You can delete all the other data, including your user account, in the customer portal at any time.
We can also use the data provided by you to inform you about other interesting products in our portfolio, or send you emails with technical information.
The legal basis of this processing is your consent (GDPR section 6.1.a) and our legitimate interest (GDPR section 6.1.f), possibly in conjunction with § 7.3 of the Act against Unfair Competition.
To prevent unauthorized third-party access to your data, especially financial data, the ordering process is encrypted using the TLS technology.
3. Disclosure of data
a) Data disclosure to commissioned processors
We partly use service providers, in keeping with the legal requirements, for commissioned data processing, i.e. based on a contract at our behest, according to our instructions, and under our control. These data processors particularly include
- technical service providers we rely on to provide the website, e.g. service providers for software maintenance, computer centre operation, and hosting
- technical service providers we rely on to provide functionalities, e.g. technically required cookies.
- service providers for the practical performance of advertising and marketing, e.g. service providers for analysis cookies and for sending emails
In these cases, we continue to be responsible for the data processing, with the personal data's forwarding to and processing by our commissioned processors based on the legal grounds permitted for us by the respective data processing. A separate legal basis is not required.
b) Data disclosure to third parties
We will partly also send data to third parties, e.g. partners we work with outside the commissioned data processing. Such partners provide their services on their own responsibility, with the processing of your data by partners exclusively subject to their data protection policy.
- Payment service providers
- To execute your orders, we send payment information to payment service providers who handle the payment transaction in connection with them. These particularly include PayPal, Klarna and your bank. The legal basis for the disclosure is the performance of the contract with you, GDPR section 6.1.b.
- Logistics companies
- To transport the goods, we disclose your address and contact data to parcel transport companies insofar as necessary. The legal basis for this disclosure is the performance of the contract with you, GDPR section 6.1.b.
a) Which cookies are we using?
We use various categories of cookies on this website: technically required cookies without which the functionality of our website would be limited, but also optional analysis, functional and marketing cookies that usually come from third-party providers:
- Technically required cookies
- Analysis cookies
- Analysis cookies collect information on how visitors use a website overall, e.g. which pages they visit most frequently and whether they receive error messages from websites. These cookies collect no data enabling the identification of visitors. The data collected by these cookies are not merged with other information about our visitors. All the information gathered with the help of these cookies only serves to understand and improve the website's service and functionality.
- In addition to this we use Google Conversion Tracking to collect statistical data about the use of our website and evaluate them to optimize our website for customers. If you go to our website by clicking a Google ad, Google Adwords will store a cookie (see section 4) in your computer. These cookies lose their validity after 30 days and are not used for the personal identification of users. If the user visits specific pages of the Adwords client's website before the cookie has expired, the client and Google can recognize that the user has clicked the ad and has been referred to this page. Every Adwords client is assigned a different cookie, ensuring that cookies cannot be tracked across the websites of Adwords clients. The information gathered by means of the conversion cookie is used to create conversion statistics for Adwords clients who have opted for conversion tracking. The Adwords clients are informed about the total number of users who have clicked their ad and then been referred to a page equipped with a conversion tracking tag. They are not provided with any information enabling a personal identification of users, however.
- The legal basis for the use of analysis cookies and the processing of your data by the providers of these cookies is your prior consent (GDPR section 6.1.a). You can withdraw your consent at any time in the cookie settings available by clicking the link at the bottom of the website.
- Functional cookies
- We use functional cookies to improve and ease the performance and use of our website. We use the services of Google Maps, for example, to offer you a better service. The information generated by Google Maps API are usually sent to Google and stored by Google on servers in the USA. Google can transfer the data collected by the use of Google Maps to third parties insofar as these third parties process the data at Google's behest and insofar as this is legally permitted or required. The IP address sent by your browser in the use of Google Maps will not be merged with other Google data. Google could nonetheless be technically able to process the obtained data for other purposes or identify individual users without us having or being able to have any influence on this.
- The legal basis for the use of functional cookies and the processing of your data by their providers is your prior consent (GDPR section 6.1.a). You can withdraw your consent at any time in the cookie settings available by clicking the link at the bottom of the website.
- Marketing cookies
- Marketing cookies are used to tailor advertising to you and your interests more purposefully. They also serve to limit how often you are shown the same ads, to measure the effectiveness of advertising campaigns, and to understand the behaviour of persons after seeing an ad. These cookies are usually placed on websites by advertising networks with the respective website operator's (i.e. in this case our) consent. They recognize that a user has visited the website and forward this information to other, e.g. advertising companies, and/or adjust their advertising accordingly by themselves. They are often linked with a website functionality that is provided by this company. We hence use these cookies to create a link with social networks which can then put the information about your visit to further use to purposefully tailor the advertising on other websites to you, and provide the advertising networks we use with information about your visit to enable the later provision of exactly the advertising that is potentially of real interest to you, based on your browsing behaviour.
- One marketing cookie we use is the Facebook pixel, for example. This is a process by Facebook Inc. based at 1601 S. California Ave, Palo Alto, CA 94304, USA. Further general information on the Facebook pixel is available at the following link: https://www.facebook.com/business/learn/facebook-ads-pixel. Our website uses Facebook social media plug-ins to personalize website visits. We use the "LIKE" and "SHARE" buttons to this end. They are a Facebook service. When you visit a page of our website that contains such a plug-in, your browser will establish a direct connection with Facebook's servers. Facebook sends the content of the plug-in directly to your browser, which integrates it on the website. The integration of the plug-in provides Facebook with the information that your browser has downloaded the respective page of our website even if you do not have a Facebook account or are not logged into Facebook at the time. This information (including your IP address) is sent to a Facebook server in the USA by your browser and stored there.
- Our websites features integrated plug-ins for the short message network of Twitter Inc. (Twitter). You can recognize the Twitter plug-ins (tweet buttons) by the Twitter logo on our website. You can find an overview of the tweet buttons at the following link: https://about.twitter.com/resources/buttons. When you visit a page of our website that contains such a plug-in, your browser will establish a direct link with the Twitter server. This provides Twitter with the information that you have visited our page with your IP address. If you click the Twitter "tweet button" while being logged into your Twitter account, the contents of our pages can be linked with your Twitter profile. This enables Twitter to allocate the visit of our webpages to your user account. Please note that we as the provider of the pages have no knowledge of the contents of the transmitted data or their use by Twitter.
- Our website features integrated plug-ins of the Vimeo video portal operated by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Every time you visit a website offering one or more Vimeo video clips, your browser will establish a direct connection with a Vimeo server in the USA, where information about your visit and IP address is stored. Interaction with the Vimeo plug-ins (e.g. clicking the start button) will also send this information to Vimeo and store it there.
- The legal basis for the use of marketing cookies and the processing of your data by the providers of these cookies is your prior consent (GDPR section 6.1.a). You can withdraw your consent at any time in the cookie settings available by clicking the link at the bottom of the website.
b) List of analysis, functional and marketing cookies
You can access a list of the cookies we use and the providers receiving your personal data by way of the cookies in the cookie settings. This will provide you with further information abut the individual providers and cookies.
If you would prefer to receive further information about these cookies from us instead, please contact us by email to: Datenschutz@dermaroller.com
c) How can I declare and/or withdraw my consent to cookies?
When you visit our website for the first time, your entry page will show you data protection information with a consent text for optional cookies. Clicking the individual categories (analysis, security, targeting and advertising cookies) and then "Accept" for confirmation will declare your consent to the installation of these cookies. You can adjust and change these settings at any time in the cookie settings available by clicking the link at the bottom of the website.
5. Rights of the data subject
You have a right to:
demand information about the personal data we have processed concerning your person, in keeping with section 15 of the General Data Protection Regulation (GDPR). You can in particular demand information about the reasons for the data processing, the category of personal data, categories of recipients your data have been or are being forwarded to, the intended storage period, the existence of a right to rectification, deletion and restriction of the processing or objection, the existence of a right to file a complaint, the origin of your data insofar as not collected by us, and about the existence of an automated decision-making process including profiling, as well as descriptive information about their details, as the case may be;
demand the immediate rectification or completion of incorrect or incomplete personal data we have stored about you, in accordance with GDPR section 16;
demand the erasure as per GDPR section 17 of your personal data stored by us insofar as their processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
request a restriction of the processing of your personal data as per GDPR section 18 insofar as you contest their accuracy, the processing is unlawful, but you oppose the erasure of the personal data and we no longer need them, but you do for the establishment, exercise or defence of legal claims, or insofar as you have objected to their processing pursuant to GDPR section 21;
demand to receive the personal data you have provided us with in a structured, commonly used and machine-readable format, or their transmission to another controller as per GDPR section 20;
withdraw the consent you have given us at any time as per GDPR section 7.3. This would mean that we are no longer permitted to perform the data processing activities that were based on your consent, and to
file a complaint with a supervisory authority as per GDPR section 77, particularly with the supervisory authority at your habitual residence or place of work, or at our place of business.
6. Right to object
Insofar as your personal data are being processed on the basis of legitimate interests as per GDPR section 6.1.f, you have a right to object as per GDPR section 21 to their processing on grounds relating to your particular situation, or if your objection is based on direct marketing. In the latter case, you have a general right to object, which will be complied with without you needing to cite a particular situation. If you want to exercise your right to withdrawal or right to object, all you need to do is send an email to firstname.lastname@example.org.
7. Data security
When you visit our website, we use the common SSL (secure socket layer) process in combination with the highest encryption level supported by your browser. This is usually a 256-bit encryption. If your browser does not support this 256-bit encryption, we will use the 128-bit v3-technology instead. To find out if individual pages of our website are encrypted for transmission, check if the key or lock symbol in the lower status bar of your browser is locked. Over and beyond this, we also apply suitable technical and organizational measures to protect your data from accidental or deliberate manipulation, partial or complete loss, destruction, and unauthorized third-party access. Our security measures are being continuously improved in line with the technological progress.
8. Validity and changes of this privacy statement
This privacy notice is currently valid and was last updated in April 2022. The further development of our website and its offers or changed statutory and/or official requirements can necessitate changes in this privacy notice. You can always view the respectively current privacy notice on the website at https://www.dermaroller.com/en/legal/terms-and-conditions/ and print it out from there.
Wolfenbüttel, April 2022