DATA PROTECTION STATEMENT
MARIA GALLAND PARIS (VERSION: FEBRUARY 2024)
I. General information
(1) In accordance with Art. 13 DSGVO, we inform you below about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
(2) The responsible party pursuant to Art. 4 (7) of the EU General Data Protection Regulation (DSGVO) is
MARIA GALLAND PARIS
Wintrichring 58
D-80992 Munich
Telephone: 00800 642 55 263
Web: mariagalland.com
E-mail: kundenservice@maria-galland.com
(see our imprint).
You can reach our data protection officer at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH.
Eifelstraße 55
93057 Regensburg
E-mail: kontakt@buglundkollegen.de
(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. We delete the data accruing in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations.
(4) If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
II. Your rights
(1) You have the following rights with regard to the personal data concerning you:
- Right to information,
- Right to correction or deletion,
- right to restriction of processing,
- right to object to processing,
- right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
III. Hosting
(1) The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offer.
(2) In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO. Art. 28 DSGVO (conclusion of order processing agreement). Further information can be found here https://trust.salesforce.com/en/trust-and-compliance-documentation/commerce-cloud/
IV. Calling up the website
(1) In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request came
- browser
- Operating system and its interface
- language and version of the browser software.
We collect and store this data on the basis of our legitimate interest for a limited period of time in order to initiate a derivation to personal data in the event of unauthorised access or attempted access to our servers (Art. 6 Para. 1 lit. f DSGVO).
V. Use of cookies
(1) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. They serve to make the Internet offer as a whole more user-friendly and effective.
(2) We distinguish between the following categories of cookies:
(a) Absolutely necessary cookies, without which the functionality of our website would be limited,
(b) Functional cookies,
(c) performance cookies,
(d) marketing cookies; and
(e) social media cookies for website analytics and marketing purposes.
The use of optional cookies is based on your consent (Art. 6 para. 1 lit. a DSGVO).
In the following paragraphs and the following table and we describe the optional cookies used on this website in detail:
(a) Absolutely necessary cookies
These cookies are necessary for the website to function and cannot be disabled in your systems. Generally, these cookies are only set in response to actions you take that correspond to a service request, such as setting your privacy preferences, logging in or filling out forms. You can set your browser to block these cookies or to notify you of these cookies. However, some areas of the website will not work if you do this
(b) Functional cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third parties whose services we use on our sites. If you do not allow these cookies, some or all of these services may not work properly.
(c) Performance cookies
These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not be able to know when you have visited our website.
(d) Cookies for marketing purposes
These cookies may be set through our website by our advertising partners. They may be used by these companies to profile your interests and show you relevant ads on other websites. They do not directly store personal data but are based on a unique identification of your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
(e) Social media cookies
These cookies are set by a number of social media services that we use on the Website to enable you to share our content with your friends and networks. These cookies are able to track your browser across other websites and build a profile of your interests. This may affect content and messages you see on other websites. If you do not allow these cookies, you may not be able to use or see these sharing tools.
On our website we use the following necessary/functional and analytical/performance cookies:
(1) Type of cookie:
OptanonAlertBoxClosed
Description:
This cookie is set by websites using certain versions of OneTrust's cookie compliance solution. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice. It allows the website not to show the notice to a user more than once. The cookie has a lifetime of one year and does not contain any personal information.
Expiry/duration of storage: Persistent
(2) Type of cookie:
OptanonConsent
Description:
This cookie is set by OneTrust's cookie compliance solution. It stores information about the categories of cookies the website uses and whether visitors have given or withdrawn their consent to use each category. This allows website owners to prevent cookies in each category from being set in the user's browser if consent is not given. The cookie has a normal lifetime of one year so that returning visitors to the website can remember their preferences. It does not contain any information that can identify the website visitor.
Expiry/duration of storage: Persistent.
(3) Type of cookie:
JSESSIONID
Description:
General purpose platform session cookie used by websites written in JSP. Normally used to maintain an anonymous user session by the server.
Expiration/duration of storage: After the end of the session.
(4) Type of cookie:
dwsid (replaces sid)
Description:
Identifies the current browsing session.
Expiration/duration of storage: Current session.
(5) Type of cookie:
sid
Description:
Identifies the current browsing session. Salesforce Reference Architecture (SFRA) uses this to determine whether to display the cookie hints content asset. Used only by SFRA and customisations.
Expiration/duration of storage: Current session.
(6) Type of cookie:
dwsecuretoken_XXXXX
Description:
Used with dwsid to secure the session over HTTPS. The * in the cookie name is a value unique to the site.
Expiry/duration of storage: Current session
(7) Type of cookie:
dwcustomer_XXXXX
Description:
Identifies a registered shopper. Only used if the shopper selects the Remember Me option. (This is an optional website feature.) The * in the cookie name is a unique value for the website.
Expiry/duration of storage: 180 days
(8) Type of cookie:
dwuser_XXXXX
Description:
BM user cookie
Expiry/duration of storage: Persistent
(9) Type of cookie:
dw
Description:
dw
Expiration/Duration of storage: Current session
(10) Type of cookie:
__cq_dnt
Description:
Analytics cookie used to track anonymous or logged in users to measure or improve performance and help personalise website content. Expires at the end of the browser session.
Expiration/duration of storage: Current session.
(11) Type of cookie:
dw_dnt
Description:
Controls client-side JavaScript for Commerce Cloud's tracking features (Analytics, Einstein and ActiveData). Commerce Cloud sets it with each page response, based on the value of the corresponding session attribute TrackingAllowed. The value of this cookie always matches that of the __cq_dnt cookie from Einstein.
Expiration/Duration of storage: Current session.
(12) Type of cookie:
dwpersonalization_XXXXX
Description:
Tracks participation in A/B test groups for analytics purposes. If the shopper has participated in a test, the value is deleted when the shopper opts out. The * in the cookie name is a unique value for the website.
Expiry/duration of storage: 180 days
(13) Type of cookie:
NGINX_SESSION
Expiration/Duration of storage: 180 days
(14) Type of cookie:
dwac_XXXXX
Description:
Stores the following data for analytics purposes: session ID, report suite name, buyer customer ID, source group ID (encrypted), currency key and time zone. The * in the cookie name is a unique value for the site.
Expiry/duration of storage: Current session.
(15) Type of cookie:
dwsourcecode_XXXXX
Description:
Stores the source code for campaign and affiliate tracking. You set the lifetime of this cookie for each source code in the Business Manager. The * in the cookie name is a unique value for the site.
Expiry/duration of storage: Varies from 0-999 days.
(16) Type of cookie:
dwanonymous_XXXXX
Description:
Random ID used to identify an unregistered shopper or a shopper who has not yet logged in independently of the session. It is used, for example, to track basket and order activity and for analytics. It is not used for activities that occur after the shopper has registered. The * in the cookie name is a unique value for the site.
Expiry/duration of storage: 180 days
VI. Use of Piwik Pro
a. Nature and purpose of processing
This website uses Piwik Pro, an open source software for statistical analysis of visitor traffic. The provider of the Piwik Pro software is Piwik PRO SA, ul. Św. Antoniego 2/4, 50-073 Wrocław, Poland. Piwik Pro uses so-called cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website is stored on Matomo servers. The IP address is anonymized immediately after processing and before it is stored. You have the option to prevent the installation of cookies by changing the settings of your browser software. We would like to point out that if you change this setting, not all functions of this website may be available. You can decide whether a unique web analysis cookie may be stored in your browser to enable the website operator to collect and analyze various statistical data. For more information on the privacy settings of the Matomo software, please see the following link: https://piwikpro.de/datenschutz/.
b. Legal basis of the processing
The processing of the data is based on the user's consent (Art. 6 para. 1 lit. a DSGVO).
c. Data categories
IP address, other device-related data
d. Recipients
Recipients of the data are internal employees of the {departments/s} and Piwik Pro as order processor. For this purpose, we have concluded the corresponding order processing agreement with Piwik Pro.
e. Storage periods
Data is deleted as soon as it is no longer required for our recording purposes.
f. Legal / contractual requirement
The provision of your personal data is voluntary, based solely on your consent. If you prevent access, this may result in functional restrictions on the website.
g. Third country transfer
Processing takes place within the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
i. Automated decision-making and profiling
With the help of the tracking tool Piwik Pro, the behavior of visitors to the website can be evaluated and interests analyzed. For this purpose, we create a pseudonymous user profile.
VII Facebook, Custom Audiences and Facebook marketing services
Within our online offer, the so-called "Facebook pixel" of the social network Facebook, which is operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used for the analysis, optimization and economic operation of our online offer.
With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The Facebook pixel is integrated by Facebook after your consent and can save a so-called cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, so it does not offer us any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we should transmit data to Facebook for matching purposes as part of the pixel process, this data is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of establishing a match with the data equally encrypted by Facebook. The legal basis for the use of Facebook Pixel is Art. 6 para. 1 lit. a DSGVO.
The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook ads, in Facebook's data usage policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.
You can also change the use of cookies by setting your browser software accordingly or in the cookie settings. To set which types of advertisements are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are done in a platform-independent manner, i.e. they are applied to all devices, such as desktop computers or mobile devices.
VIII Integration of Google Maps
(1) We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. These are integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to Google if you do not call up the maps. Only when you give your consent and call up the maps will the data mentioned in paragraph 2 be transferred. We have no influence on this data transmission.
(2) By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under IV of this declaration will be transmitted. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. The legal basis for the use of Google Maps is Art. 6 para. 1 lit. a DSGVO.
(3) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Further information on the purpose and scope of the data collection and its processing by the provider can be found in the provider's data protection declarations. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.
If you do not want Google to collect, process or use data about you via our website, you can deactivate this in your browser settings. In this case, however, you will not be able to use our website or only to a limited extent. You can revoke your consent to the storage of your personal data at any time with effect for the future.
IX. Use of Google Tag Manager
(1) We use the Google Tag Manager on our website.
(2) The Google Tag Manager enables us to integrate various codes and services on our website in an orderly and simplified manner. The Google Tag Manager implements the tags or "triggers" the embedded tags. When a tag is triggered, Google may process information (including personal data) and process it.
In particular, the following personal data is processed by the Google Tag Manager:
Online identifiers (including cookie identifiers).
IP address
(3) In addition, you can find more detailed information about the Google Tag Manager on the websites https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/ as well as at https://www.google.com/intlde/policies/privacy/index.html under the section "Data we receive based on your use of our services".
(4) Furthermore, we have concluded an order processing contract with Google for the use of the Google Tag Manager. Google processes the data on our behalf in order to trigger the stored tags and display the services on our website. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The legal basis for the use of Google Tag Manager is Art. 6 para. 1 lit. a DSGVO.
(5) If you have deactivated individual tracking services (for example by rejecting a cookie), the deactivation remains in place for all affected tracking tags that are integrated by the Google Tag Manager.
(6) By integrating the Google Tag Manager, we pursue the purpose of being able to carry out a simplified and clear integration of various services. Furthermore, the integration of the Google Tag Manager optimises the loading times of the various services.
(7) You can also change the use of cookies by setting your browser software accordingly or in the cookie settings.
(8) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
X. Newsletter
(1) The newsletter is sent using "MailChimp", a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and presentation of the newsletters or for economic purposes in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
The legal basis for sending the newsletter and the analysis is your consent in accordance with Art. 6 Para. 1 lit. a.) DSGVO.
Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Mailchimp processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: Mailchimp Data Processing Addendum Preview at https://mailchimp.com/legal/privacy/.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address.
(4) You can revoke your consent to the sending of the newsletter and the analysis at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details provided in the imprint.
(5) We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the data mentioned in II and the web beacons with your e-mail address and an individual ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and infer your personal interests from this.
For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of MailChimp to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
(6) You can object to this tracking at any time by clicking on the separate link provided in every email or by informing us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Moreover, such tracking is not possible if you have deactivated the display of images by default in your e-mail programme. In this case, the newsletter will not be displayed to you in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.
XI. Skincare Diagnosis
We process your personal data as well as your health data as part of our survey and subsequent routine recommendation.
The processing of the data is based on your consent (Art. 6 para. 1 lit. a GDPR, Art. 9 para. 2 lit. b GDPR). We collect and analyze your data in order to provide you with personalized recommendations regarding your skin care routine.
You can revoke your consent to the storage of your personal data at any time with effect for the future.
For this purpose, the following personal data and health data are processed: Name, first name, e-mail address, IP address, information on the skin condition that you provide to us via the survey.
Recipients of the data are internal employees of Maria Galland GmbH and Piwik as a processor.
The processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
Your data will be deleted no later than 6 months after collection.
We do not use automatic decision-making or profiling for this data processing.
XII. Use of our webshop
(1) If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. We process the data you provide to process your order. For this purpose, we may pass on your data to our payment service providers and also shipping service providers. The legal basis for this is Art. 6 Para. 1 lit. b DSGVO.
(2) You can voluntarily create a customer account, through which we can save your data for future purchases. When you create an account under "My account", the data you provide will be stored revocably. You can always delete all further data, including your user account, in the customer area via a request to the customer service.
At the end of the order process, you can voluntarily enter the institute identification number issued by your beautician*. This enables us to make a clear assignment to your beautician so that we can provide the corresponding commission.
We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
(3) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data is only used to comply with legal obligations.
(4) To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process is encrypted using TLS technology.
(5) We use the service provider Adyen to process payments. The provider of this payment service is Adyen GmbH, Ludwigstraße 9, 80539, Germany (hereinafter "Adyen"). If you select payment via Adyen, the payment data you enter will be transmitted to Adyen. This transfer is solely for the purpose of payment processing with the online payment service Adyen and only takes place to the extent that it is necessary for this purpose. The transfer of your data to Adyen takes place on the basis of Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). Further information on the provider can be found at https://www.adyen.com/de_DE/.
(6) PayPal
There is also the option of processing the payment transaction with the online payment service PayPal. PayPal enables online payments to be made to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal.
The data transmitted to PayPal may be transferred by PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness. PayPal may also pass on your data to third parties insofar as this is necessary for the fulfilment of contractual obligations or the data is to be processed on behalf of PayPal. The transfer of your data to PayPal is based on Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You can view PayPal's privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
(7) Verfied Reviews
After your order, we transmit your e-mail address and order to NET REVIEWS, 18-20 Avenue Robert Schuman / CS 40494 / 13002, Marseille (https://www.echte-bewertungen.com) to remind you by e-mail of the possibility to submit a review of your purchase. The processing is based on Art. 6 (1) lit. f DSGVO from the legitimate interest in truthful, verified reviews of our services. You can object to this processing at any time by contacting us as described under I (2) or directly at NET REVIEWS. Your e-mail address will only be used for this purpose and in particular not for further advertising, nor will it be passed on to other third parties. The personal data stored in this context in the technical system of the Genuine Reviews evaluation tool will be deleted 18 months after the delivery of goods recorded for evaluation.
XIII. E-Gift Card
We process your personal data as part of the voucher purchase.
The data is processed on the basis of the purchase contract concluded with us (Art. 6 para. 1 lit. b GDPR).
We collect your data in order to send the voucher by email to you or to the recipient.
For this purpose, the following personal data are processed: Your name, the name of the recipient, the e-mail address.
Recipients of the data are internal employees of Maria Galland GmbH.
The processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
Your data will be deleted no later than 6 months after collection.
We do not use automatic decision-making or profiling for this data processing.
XIV. Online presences in social media
We maintain online presences within social networks in order to inform users active there about our services and to communicate directly via the platforms if they are interested. We are currently represented in the following networks:
Youtube
All our social media channels can only be accessed by visitors to the website via an external link. We do not use any plugins or other interfaces on our website that the respective networks offer for embedding the offers on websites.
We have no influence on the collection of data and its further use by the social networks. Thus, we have no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. We therefore expressly draw attention to the fact that user data (e.g. personal information, IP address) is stored by the operators of the networks in accordance with their data usage guidelines and used for business purposes.
We process the data of users in the social media presences insofar as they contact and communicate with us via comments or direct messages, for example.
The legal basis for the processing of the user's data is Art. 6 para. 1 lit. b and f DSGVO.
a) Facebook / Instagram
You can access the social media network Facebook and also Instagram via external links on our website. All functions in the social media network are offered by Meta Platforms Inc, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. The channels can only be accessed via an external link.
If you are logged in with your own profile on Facebook or Instagram and access our social media channel, Facebook can assign your visit to your logged-in profile. If you do not wish your user account to be associated with your IP address, please log out of your Facebook or Instagram account before using our website.
For further information on the processing of your data, please refer to Facebook's privacy policy: https://facebook.com/privacy/explanation and to our "Facebook Fanpage" data policy.
b) Youtube
You can access the services of the social media network Youtube via external links on our website. All functions in the social media network are offered by YouTube or Google: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Youtube channels can only be accessed via an external link.
If you are logged in to YouTube with your own profile and access our social media channel, YouTube can assign your visit to your logged-in profile. If you do not wish your user account to be associated with your IP address, please log out of your Youtube account before using our website.
Maria Galland GmbH operates an online presence on Facebook, a so-called Facebook Fanpage. For the visit of our fan page, the following supplementary information on data processing applies. Information on data protection on Facebook in general can be found here (https://www.facebook.com/about/privacy/).
1. joint responsibility, contact details, company data protection officer:
We are jointly responsible with Facebook for the operation of our Facebook Fanpage pursuant to Art. 26 DSGVO. For this purpose, we have stipulated in an agreement with Facebook who fulfills which obligations with regard to data protection. This agreement can be accessed here (https://www.facebook.com/legal/terms/page_controller_addendum). Accordingly, Facebook is primarily responsible for providing the data subject with information about the joint processing and enabling him or her to exercise his or her data protection rights. Notwithstanding the above, we hereby inform you about your visit to our Fanpage.
Our contact details are:
MARIA GALLAND PARIS
Wintrichring 58
D-80992 Munich
Telephone: 00800 642 55 263
Web: mariagalland.com
E-mail: kundenservice@maria-galland.com
(see our imprint).
Facebook can be reached at:
Meta Platforms Ireland Ltd.
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Ireland
You can reach Facebook online here (https://www.facebook.com/help/contact/2061665240770586)
You can reach our company data protection officer at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Alexander Bugl
Eifelstrasse 55
93057 Regensburg
E-mail: kontakt@buglundkollegen.de
You can reach Facebook's data protection officer at
https://www.facebook.com/help/contact/540977946302970.
2. collection and storage of personal data and the nature, purpose and use thereof:
(a) Data collected by Facebook:
If you are a Facebook user, Facebook collects the data described in the Facebook Data Policy under "What types of information do we collect?". If you are not a Facebook user, cookies provided with identifiers, small text files, may still be stored in your browser, which enable so-called tracking of your user behavior.
As a rule, the user data during a visit to Facebook is also processed by Facebook for market research and advertising purposes. Based on the user behavior (including when visiting our Fanpage), complex user profiles are created, which Facebook can use to play personalized advertisements to the visitor within and outside of Facebook. More information on this can also be found in the Facebook data policy.
If you do not agree with this, you can object here (opt-out).
b) Data used by us ("Page Insights") and legal basis:
Facebook provides us with statistics and usage data that we can use to analyze the use of our Fanpage (so-called "Page Insights"). This enables us to continuously improve our offer on Facebook. We, as the operator, do not make any decisions regarding the processing of Insights data and any other information resulting from Art. 13 of the GDPR, such as storage duration of cookies on user devices. The primary responsibility under the GDPR for the processing of Insights Data lies with Facebook and Facebook fulfills all obligations under the GDPR with respect to the processing of Insights Data.
We as the site administrator have no other way, not even via user tracking, to evaluate user behavior on our Fanpage. It is also fundamentally not possible for us to identify the visitor to the Fanpage on the basis of the page insights. In particular, we have no right under the agreement to require Facebook to disclose individual visitor data. Identification is only possible for us if we are able to assign individual profile pictures to "Like" Page Views; however, this is only possible to the extent that our Fanpage has been marked with "Like" by the corresponding visitor and the "Like" is set to "public".
What information Facebook uses to create page insights can be found here.
The operation of the Faceboook fan page and the use of page insights serves our legitimate interest in effective external presentation and efficient communication with our customers and prospects. This interest justifies the operation of the page both to the legitimate interests of Facebook users, as well as to visitors to our fan page who do not have a Facebook account. Accordingly, the legal basis is Art. 6 para. 1 lit. f) DSGVO.
3. sharing of data with third parties:
Data collected by Facebook is shared and processed throughout the Facebook group. The Facebook group also includes, for example, Instagram, WhatsApp and Oculus. For example, information collected through Facebook is used to display personalized ads to users on Instagram, or information from WhatsApp is used to take action against accounts that send spam through WhatsApp on Facebook. This information can be found in the Facebook Data Policy under "How do Facebook companies work together?".
The processing of data by Facebook may involve the transfer of user data outside the European Economic Area (EEA), in particular the USA.
4. right to object:
If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) (f) DSGVO, you have the right to object to the processing of your personal data pursuant to Article 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you would like to exercise your right of revocation or objection, an e-mail to {email address} is sufficient.
5. data subject rights:
You have the right to revoke your consent to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future. Furthermore, you have the right to information according to Art. 15 DSGVO, the right to correction according to Art. 16 DSGVO, the right to deletion according to Art. 17 DSGVO, the right to restriction of processing according to Art. 18 DSGVO, as well as the right from data portability from Art. 20 DSGVO. Furthermore, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 DSGVO).
In principle, you can assert your data subject rights against Facebook as well as against us. Since only Facebook has direct access to your user data, you can most effectively assert your data protection rights against Facebook.
XV. Processing of your data in the context of automated decision-making / profiling
(1) In principle, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In particular, these decisions may not regularly be based on special categories of personal data pursuant to Art. 9 (1) DSGVO. We do not use any corresponding decision-making processes within the scope of our website and the associated data processing.