Data privacy policy


Privacy policy

I.    Name and address of the person responsible
The person responsible for the purposes of the basic data Protection regulation and other national data protection laws of the Member States as well as other data privacy regulations is the:

Evora Cosmetic & Wellness GmbH
Einsteinstraße 4
63868
Germany
Phone: 06022 66330
E-mail: sebnem.winter@evora.de
Website: www.evora.de

II.    General information on data processing

1.    Extent of the processing of personal data

We generally only process personal data of our users, as far as this is necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users is carried out on a regular basis only after the consent of the user. An exception applies in cases in which a prior obtaining of consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.

2.    Legal basis for the processing of personal data

In so far as we obtain the consent of the person concerned for processing of personal data, art.  6 Abs. 1 lit. a EU data Protection basic Regulation (DSGVO) as a legal basis.
In the processing of personal data necessary for the fulfilment of a contract to which the person concerned is a party, art. 6 Abs. 1 lit. (b) DSGVO as a legal basis. This also applies to processing operations which are necessary for the implementation of pre-contractual measures.
In so far as a processing of personal data is necessary to fulfil a legal obligation which is subject to our company, art. 6 Abs. 1 lit. (c) DSGVO as a legal basis.
If the processing is necessary to maintain a legitimate interest of our company or a third party and the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first-mentioned interest, art shall serve. 6 Abs. 1 lit. (f) DSGVO as the legal basis for processing.

3.    Data erasure and Storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage is omitted. A storage may also take place if this is provided for by the European or national Legislators in Union law regulations, laws or other regulations to which the person responsible is subject. The data will be blocked or deleted even if a storage period prescribed by the aforementioned standards expires, unless there is a requirement for further storage of the data for the conclusion of a contract or a performance of the contract.
III.    Provision of the website and creation of LogFiles

4.    Description and scope of data processing

Every time we call our website, our system automatically collects data and information from the computer system of the calling computer.

The following data are collected:

(1)    Information about the browser type and version used
(2)    The user's operating system
(3)    The user's Internet service provider
(4)    The IP address of the user
(5)    Date and time of access

The data is also stored in the logfiles of our system. A storage of this data together with other personal data of the user does not take place.

5.    Legal basis for data processing

The legal basis for the temporary storage of data and logfiles is art.  6 Abs. 1 lit. f DSGVO.

6.    Purpose of data processing

The temporary storage of the IP address by the system is necessary in order to enable the delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.

The storage in LogFiles is done to ensure the functionality of the website. We also use the data to optimize the website and to ensure the safety of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

In these purposes, we also have a legitimate interest in the processing of data according to art.  6 Abs. 1 lit. f DSGVO.

7.    Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the event that the data is collected to provide the site, this is the case when the respective session is terminated.

In the case of storing the data in logfiles, this is the case no later than seven days. Any storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that a mapping of the calling client is no longer possible.

8.    Possibility of opposition and elimination

The collection of the data for the provision of the website and the storage of the data in LogFiles is absolutely necessary for the operation of the Internet site. Consequently, there is no possibility of opposition by the user.

IV.    Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user's computer system. When a user calls a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the Web site is recalled.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can also be identified after a page change.

We also use cookies on our website which allow an analysis of the surfing behaviour of the users.
In this way the following data can be transmitted:

(1)    Search terms Entered
(2)    Frequency of page calls
(3)    Use of website features

The data of the users collected in this way are secured by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data are not stored together with other personal data of the users. When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and are referred to this privacy statement. In this context, it is also an indication of how the storage of cookies can be prevented in the browser settings.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is art.  6 Abs. 1 lit. f DSGVO.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. This requires that the browser be recognized even after a page break.
We need cookies for the following applications:

(1)    Shopping cart
(2)    Adopting language Settings
(3)    Memorizing search terms

The user data collected by technically necessary cookies are not used to create user profiles.
The use of the analysis cookies is done for the purpose of improving the quality of our website and its contents. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.
In these purposes, we also have a legitimate interest in the processing of personal data according to art. 6 Abs. 1 lit. f DSGVO.

4. Duration of storage, possibility of opposition and disposal

Cookies are stored on the user's computer and sent to our site by them. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, all functions of the website may no longer be used in full.

5. Additional information about Google Analytics

Specifically, our website uses Google Analytics, a Web Analytics service from Google Inc. ("Google"). Google Analytics uses cookies, text files that are stored on users ' computers and which allow you to analyze the use of the website. The information generated by the cookie about the use of this website by the users is usually transferred to a server of Google in the USA and stored there. However, in the event of the activation of IP anonymization on this website, the IP address of Google users will be reduced in advance within Member States of the European Union or in other contracting States of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by the users, to compile reports on the website activities and for further related to the use of the website and the Internet use To provide services to the website operator. The IP address submitted by your browser as part of Google Analytics will not be merged with other Google data. Users can prevent the storage of cookies by a corresponding setting of their browser software; However, this offer indicates to users that in this case they may not be able to use all the functions of this website in their entirety. Users may also prevent the collection of the data generated by the cookie and related to their use of the website (including their IP address) to Google as well as the processing of such data by Google by using the information available at the following link Download and install the browser plugin: Http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from entering this site in the future. An opt-out cookie is stored on your device. If you delete your cookies, you will need to click this link again.

V.    Newsletter

1.    Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input form will be sent to us.

The following data are also collected at the registration:

(1)    IP address of the calling computer
(2)    Date and time of registration
In the course of the registration process, your consent will be obtained for the processing of the data and referred to this data protection declaration.

The data will not be passed on to third parties in connection with the data processing for the sending of newsletters. The data will only be used to send the newsletter.

2.    Legal basis for data processing

The legal basis for the processing of the data after registration to the newsletter by the user is in the presence of a consent of the user art.  6 Abs. 1 lit. a DSGVO.

3.    Purpose of data processing

The collection of the user's e-mail address is used to deliver the newsletter. The collection of other personal data as part of the registration process is intended to prevent misuse of the services or the e-mail address used.

4.    Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. The e-mail address of the user will be saved as long as the subscription to the newsletter is active.

The other personal data collected in the course of the registration process are usually deleted after a period of seven days.

5.    Possibility of opposition and elimination

The subscription to the newsletter can be terminated by the affected user at any time. For this purpose, you will find a link in each newsletter. This also allows a withdrawal of the consent of the storage of the personal data collected during the registration process.

VI.    Registration possibility for partners and use of the webshop

1. Description and scope of data processing

On our website we offer partners the possibility to register themselves with personal data. The data is entered in an input form and transmitted to us and stored. The data will not be passed on to third parties. The following data are collected as part of the registration process: First name, surname, e-mail address.

As part of the registration process, the partner's consent to the processing of this data is obtained.

If you wish to order in our webshop, it is necessary for the conclusion of the contract that you provide personal data which we need for the processing of your order. Mandatory information required for the settlement of contracts is marked separately, further information is optional. We process the data you have provided for the processing of your order.

2. Legal basis for data processing

The legal basis for the processing of the data is in the presence of a consent of the user art.   6 para   1 lit.   a DSGVO. Otherwise, article 6 (1) is lit. (b) DSGVO legal basis.

3. Purpose of data processing

A registration of the partner is necessary for the provision of certain content and services on our website. Entering the data is also necessary for the processing of the orders.

4. Duration of storage, possibility of opposition and disposal

Due to trade and tax regulations, we are obligated to store your address, payment and order data for a period of ten years. Your address and order data will be deleted after ten years. However, after two years we are taking a limitation of the processing, d.   H. Your data will only be used to comply with the legal obligations. Other data will be deleted as soon as they are no longer necessary to achieve the purpose of their collection.

VII.    Email contact

1. Description and scope of data processing

You can contact us via the e-mail address provided on our website. In this case, the personal data of the user transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the conversation.

2. Legal basis for data processing

The legal basis for processing the data transmitted in the course of sending an e-mail is art.  6 Abs. 1 lit. f DSGVO. If the e-mail contact is aimed at concluding a contract, then the additional legal basis for processing is art. 6 Abs. 1 lit. (b) DSGVO.

3. Purpose of data processing

The processing of the personal data by contacting us by e-mail is solely for the processing of the contact.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data sent by e-mail, this is the case when the respective conversation with the user is terminated. The conversation ends when it is clear from the circumstances that the facts concerned have been clarified.

The additional personal data collected during the submit operation will be deleted at the latest after a period of seven days.

5. Possibility of opposition and elimination

The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user makes contact with us by e-mail, he may at any time object to the storage of his personal data. In such a case, the conversation cannot continue.

All personal data stored in the course of contact will be deleted in this case.

VIII.    Payment service Provider

When paying by PayPal or PayPal Plus, we pass on your payment data for payment processing to PayPal (Europe) s. à R.L. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal reserves the right to obtain credit information. The result of the credit check uses PayPal in consideration of the statistical default probability for the purpose of deciding on the provision of the respective payment method. The credit information can contain probability values (so-called score values). If score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical process. For example, address data flows into the calculation of the score values.
You may request information, rectification or deletion of the data stored by PayPal at any time and revoke your consent to the use of the personal data with PayPal at any time. However, PayPal remains entitled to process, use and transmit the customer data if this is necessary for the contractual payment processing or is required by law, Government or court.

Use the following contact form to get in touch with PayPal: Https://www.paypal.com/de/selfhelp/contact/email/privacy.
For further information on the collection, evaluation and processing of your data by PayPal please refer to the page https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#r7.
The legal basis for the processing of the data is in the presence of a consent of the user art. 6 Abs. 1 lit. a DSGVO. Since the processing of the data is necessary for the fulfillment of a contract, also serves art. 6 Abs. 1 lit. (b) DSGVO as a legal basis.

IX.    Rights of the person concerned

If personal data is processed by you, you are affected I.S.D. DSGVO and you are entitled to the following rights to the person responsible:

1. Right to Information

You may require the person responsible to confirm whether personal data pertaining to you is processed by us.
If such processing is required, you can request information from the person responsible for the following:

(1)    the purposes for which the personal data are processed;

(2)    the categories of personal data that are processed;

(3)    the recipients or categories of recipients to whom the personal data relating to them has been or will be disclosed;

(4)    the planned duration of the storage of personal data relating to them or, where specific information is not possible, criteria for determining the storage duration;

(5)    the existence of a right to rectification or deletion of personal data relating to it, a right to limitation of processing by the person responsible or a right of objection against such processing;

(6)    the existence of a right of appeal by a supervisory authority;

(7)    all available information on the origin of the data, if the personal data are not collected by the person concerned;

(8)    the existence of automated decision-making including profiling in accordance with art. 22 para. 1 and 4 DSGVO and, at least in these cases, meaningful information on the logic involved, the scope and the intended effects of such processing for the data subject.
You have the right to request information on whether the personal data relating to you is transmitted to a third country or to an international organisation. In this context, you may require the appropriate guarantees in accordance with art. 46 DSGVO be informed in connection with the transmission.

2. Right to Rectification

You have the right to rectification and/or completion to the person responsible, provided that the processed personal data relating to you are incorrect or incomplete. The person responsible shall make the correction without delay.

3. Right to limitation of processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

(1)    if you dispute the accuracy of the personal data relating to you for a period of time, which enables the person responsible to verify the accuracy of the personally identifiable information;

(2)    the processing is unlawful and you reject the deletion of the personal data and instead demand the restriction of the use of personal data;

(3)    the person responsible no longer needs the personal data for the purposes of processing, but they need it for the assertion, exercise or defence of legal claims, or

(4)    if you object to the processing in accordance with art. 21 para. 1 DSGVO have not yet been determined as to whether the legitimate reasons of the person in charge outweigh their reasons.
If the processing of the personal data relating to you has been restricted, this data, apart from its storage, may only be subject to your consent or to the assertion, exercise or defence of legal claims or to protect the rights of a Other natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the limitation of processing has been restricted according to the above conditions, the person responsible will inform you before the restriction is lifted.

4. Right to delete

a)    Cancellation obligation
You may require the person responsible to delete the personal data relating to you immediately, and the person responsible is obligated to remove this data immediately, provided that one of the following reasons applies:

(1)    The personal data relating to you are no longer necessary for the purposes for which it was collected or otherwise processed.

(2)    You revoke your consent to which the processing according to art. 6 Abs. 1 lit. a or art. 9 para. 2 lit. a DSGVO supported and there is no other legal basis for processing.

(3)    They lay down according to art. 21 para. 1 DSGVO opposition to the processing and there are no overriding reasons for the processing, or they lay down in accordance with art. 21 para. 2 DSGVO opposition to the processing.

(4)    The personal data relating to you have been processed unlawfully.

(5)    The deletion of the personal data relating to it is necessary for the fulfilment of a legal obligation under union law or the law of the Member States to which the person responsible is subject.

(6)  The personal data relating to them have been collected in relation to information society services offered in accordance with art.  8 para. 1 DSGVO collected.

b)    Information to third parties
If the person responsible has made public the personal data relating to him and he is in accordance with art. 17 para. 1 DSGVO is obliged to delete it, taking into account the available technology and the implementation costs, it shall take appropriate measures, including a technical nature, to ensure that data controllers who process the personal data To inform you that you have requested the deletion of all links to this personal data or of copies or replicas of these personal data as an affected person.

c)    Exceptions
The right to delete does not exist as far as the processing is required

(1)    to exercise the right to freedom of expression and information;

(2)    to fulfil a legal obligation which requires processing under the law of the Union or of the Member States to which the person responsible is subject, or to carry out a task which is in the public interest or in the exercise of public authority Transferred to the person responsible;

(3)    for reasons of public interest in the field of public health in accordance with art. 9 para. 2 lit. g and i and art. 9 para. 3 DSGVO;

(4)    for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with art. 89 ABS. 1 DSGVO, to the extent that the law referred to in section A) is likely to render or seriously impair the achievement of the objectives of this processing, or

(5)    for the assertion, exercise or defence of legal claims.

5. Right to be informed

If you have exercised the right to rectify, delete or restrict the processing to the person responsible, the latter is obligated to make this correction or The deletion of the data or limitation of the processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients to the person in charge.

6. Right to Data transferability

You have the right to receive the personal data relating to you, which you have provided to the person responsible, in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance by the person in charge of the personal data provided that

(1)    the processing on a consent according to art. 6 Abs. 1 lit. (a) DSGVO or art. 9 para. 2 lit. a DSGVO or on a contract in accordance with art. 6 Abs. 1 lit. (b) DSGVO is based and

(2)    processing is done using automated procedures.
In exercising this right, you also have the right to obtain that the personal data relating to you be transmitted directly by a person responsible to another person responsible, as far as this is technically feasible. Freedoms and rights of other persons may not be affected by this.
The right to transfer data does not apply to the processing of personal data necessary for the performance of a task which is in the public interest or is carried out in the exercise of public authority which has been transferred to the person responsible.

7.    Right to Object

You have the right at any time, for reasons arising from your particular situation, to violate the processing of personal data relating to you, which is based on art.  6 Abs. 1 lit. (e) or (f) DSGVO to appeal; This also applies to profiling based on these provisions.
The person responsible no longer processes the personal data relating to them, unless he can prove compelling reasons for the processing that outweigh their interests, rights and freedoms, or the processing serves the Enforcement, exercise or defence of legal claims.
If the personal data relating to you is processed in order to operate direct advertising, you have the right at any time to object to the processing of the personal data relating to you for the purpose of such advertising; This also applies to profiling as far as it is related to such direct advertising.
If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
In connection with the use of information society services, irrespective of Directive 2002/58/EC, they have the possibility to exercise their right of objection by means of automated procedures using technical specifications.

8.    Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of the consent does not affect the legality of the processing due to the consent until the revocation.

9.    Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State of your place of stay, your workplace or the location of the suspected Infringement, if they consider that the processing of the personal data concerned violates the DSGVO.
The supervisory authority in which the complaint was lodged shall inform the complainant of the status and results of the appeal, including the possibility of a judicial remedy under art. 78 DSGVO.