We respect your privacy
Data protection statement
As the operator of the website, we take the protection of your personal data on our website very seriously. We handle your personal data confidentially and according to the statutory data protection regulations.
As a rule, the use of our website is possible without your giving us personal data. Provided that a data subject would like to take advantage of special services on our website, it may be required that personal data is processed. In so far as personal data is collected on our web pages, it is always carried out on a voluntary basis, as far as is possible. This data is used for the given purpose and is not shared with third parties without express agreement. The processing of personal data, e.g. the name, address, email address or telephone number of a data subject, is carried out in accordance with the requirements of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (new) (BDSG new), the applicable country-specific data protection regulations and the German Teleservices Act (TMG).
We would point out that data transfer via the internet (e.g. email communications) can present security vulnerabilities. It is not possible to protect data completely from access by third parties. Every person is welcome to transmit their personal data to us via an alternative channel: by telephone, for example.
Name and address of the controller
The controller as defined by the General Data Protection Regulation is:
Speick Naturkosmetik GmbH & Co. KG
70771 Leinfelden-Echterdingen, Germany
Tel. +49 711 16 13-0
Fax +49 711 16 13-100
Authorised representative: Mr Wikhart Teuffel
Name and address of the Data Protection Officer and Supervisory Authority
Data Protection Officer:
Alpaslan Kücükelci, coda Unternehmensberatung
Every data subject can at any time contact our Data Protection Officer directly with regard to any questions or suggestions about data protection.
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Postfach 10 29 32
Every data subject is entitled to complain to the Supervisory Authority.
Legal basis for processing personal data
If we ask a data subject for consent to use their personal data for processing operations, point (a) of Article 6(1) EU General Data Protection Regulation (GDPR) serves as the legal basis.
When it is required that we process personal data to fulfil a contract to which the data subject is a party, point (b) of Article 6(1) GDPR serves as the legal basis. This also applies to processing operations that are required to carry out pre-contractual measures.
If we are required to process personal data to fulfil a legal obligation to which our company is subject, point (c) of Article 6(1) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, point (d) of Article 6(1) GDPR serves as the legal basis.
If processing is required to safeguard a legitimate interest of our company or a third party and the interests, constitutional rights and fundamental freedoms of the data subject do not outweigh the first-named interest, point (f) of Article 6(1) GDPR serves as the legal basis for the processing.
Routine erasure and blocking of personal data
We process and retain the data subject’s personal data only for the period required to achieve the purpose of retaining it or if this was provided for by the European regulator or another legislator in laws or regulations to which the controller is subject.
If there is no purpose for retaining personal data, or a retention period prescribed by a European regulator or another responsible legislator expires, the personal data is blocked or erased as a matter of routine in accordance with the statutory regulations.
By using cookies, we can provide users of this website with user-friendly services that would not be possible without the placement of a cookie.
The data subject can prevent cookies being placed by our website at any time by selecting the appropriate setting in the web browser used and thus opt out of cookie placement permanently. Cookies that have already been placed can be deleted at any time via a web browser or other software program. This can be done in all common web browsers. If the data subject deactivates the setting of cookies in the web browser used, not all functions of our website can be fully used under certain circumstances.
Capturing general data, log files and information
Every time a data subject or an automated system downloads a website, a string of general data and information is captured. This general data and information is stored in the log file of the server. The following can be captured:
- the browse types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system gets to our website (so-called referrer),
- the subsites which are directed to our website via an accessing system,
- the date and time the website is accessed,
- an internet protocol address (IP address),
- the internet service provider of the accessing system and
- other similar data and information that serves to avert danger in the event of attacks on our IT systems.
We draw no conclusions about the data subject when using this general data and information. Rather, this information is used to
- deliver the content of our website correctly,
- optimise the content of our website and advertising,
- ensure the permanent functionality of our IT systems and the technology of our website, as well as
- provide law enforcement agencies with the necessary information for criminal prosecution in the event of a cyber attack
This anonymously-collected data and information is therefore analysed and evaluated statistically with the goal of increasing data protection and data security in our company to ultimately ensure an optimal level of protection for the personal data that we process. The anonymous data of the server log files is separated from all the stored personal data given by a data subject.
Registration on the website
Users of our website can register via e.g. a contact form or online application by entering their personal details. Which personal data is transferred depends on the particular input mask used for the registration. The personal data entered by the data subject is collected and stored exclusively for internal use and for our own purposes. The controller may arrange for the data to be transferred to one or more processors, such as a parcel service, which also uses the personal data exclusively for internal use attributable to the controller.
When registering on the website, the IP address of the data subject’s internet service provider (ISP), the date and the time of registration are stored. This data is stored only against the background of preventing the misuse of our services, and this data, if required, enables criminal offences committed and copyright infringements to be resolved. To this extent, the storage of this data is required to make this safe. Basically, this data is not shared with third parties, provided that there is no statutory obligation to share the data or sharing the data serves the purposes of a criminal prosecution.
The registration of the data subject through voluntarily sharing personal data helps us to provide you with content and services that can only be offered to registered users due to the nature of the matters concerned. Registered persons have the option to have the personal data given at registration erased completely from the database.
We give information, on request, at any time about which of the data subject’s personal data is retained. We correct or erase personal data if the data subject wishes or instructs us to do so, insofar as there is no conflict with statutory retention obligations. With regard to this matter, please contact firstname.lastname@example.org
Rights of the data subject
Right of access (right to obtain confirmation)
According to the European regulator, every data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed. If a data subject would like to demand this right of access (right to obtain confirmation), he or she can contact us at email@example.com at any time.
Right to information
According to the European regulator, every data subject has the right to receive a copy of his or her retained personal data from the controller free of charge. The European regulator has allowed data subjects to receive the following information:
the purposes of the processing
the categories of personal data that are processed
the recipients or categories of recipient to whom the personal data is disclosed or will be disclosed, in particular recipients in third countries or international organisations
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
where the personal data are not collected from the data subject
The data subject is entitled to all available information on the origin of the data, whether the personal data was sent to a third country or an international organisation. Provided that this is the case, the data subject is, moreover, entitled to receive information about suitable guarantees in connection with the transmission of the data.
If a data subject would like to demand this right to information, he or she can contact us at firstname.lastname@example.org at any time.
Right to rectification
According to the European regulator, every data subject has the right to demand rectification without undue delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject would like to demand this right to rectification, he or she can contact us at email@example.com at any time.
Right to erasure (right to be forgotten)
According to the European regulator, every data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), GDPR and where there is no other legal ground for the processing;
- The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
- The personal data has been unlawfully processed;
- The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Provided that one of the above-mentioned reasons applies and a data subject would like the erasure of personal data that is stored by us, he or she can contact our Data Protection Officer or other member of the controller’s staff at any time.
The Data Protection Officer or other member of staff will see to it that the erasure request is complied with without undue delay.
Where we have made the personal data public and our company, as the controller, is obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. With regard to this, please contact firstname.lastname@example.org
Right to restriction of processing
According to the right granted by the European regulator, every data subject has the right to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- The controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- The data subject has objected to processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.
Provided that one of the above-mentioned prerequisites applies and a data subject would like to demand the restriction of personal data that is retained by us, he or she can contact us at email@example.com at any time.
Right to data portability
According to the right granted by the European regulator, every data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising his or her right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that it shall not adversely affect the rights and freedoms of others.
To assert the right to data portability, the data subject can contact us at firstname.lastname@example.org at any time.
Right to object
According to the right granted by the European regulator, every data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR.
In the event of this objection, we shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In addition, where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To assert the right to object, the data subject can contact us at email@example.com at any time.
The data subject in connection with the use of services of the information company is free to exercise, notwithstanding Directive 2002/58/EU, his or her right to object using automated processes in which technical specifications are used.
Right to withdraw consent
According to the European regulator, every data subject is granted the right to withdraw consent to process his or her personal data at any time.
If the data subject would like to assert the right to withdraw consent, he or she can contact us at firstname.lastname@example.org at any time.
Data protection for applications and during the application process
We collect and process personal data from applicants for the purposes of conducting the application process. The processing can also be carried out electronically or by form. This is the case in particular if an applicant sends relevant application documents to us electronically, for example by email or online. In concluding an employment contract with an applicant, the data transmitted for the purpose of conducting the employment relationship is stored in compliance with statutory regulations. If an employment contract has not been concluded with the applicant, the application documents are automatically erased six months after the rejection decision has been made known, provided that no other legitimate interests conflict with an erasure. Another legitimate interest in this sense is, for example, a burden of proof in legal proceedings in accordance with the German Equal Treatment Act (AGG).
For reasons of security and to protect the transfer of confidential content, such as queries you send to us as the website operator, we use SSL encryption. You can recognise an encrypted connection in that the address line in the browser changes from “http://” to “https://” and the padlock symbol in your browser toolbar. If the SSL encryption is activated, data that you transmit to us cannot be read by third parties.
Data protection regulations for implementing and using YouTube
We have integrated YouTube components on this website. YouTube is an Internet video portal that enables video publishers to show video clips free of charge and also allows other users to watch, evaluate and comment on the clips, also free of charge. YouTube allows the publication of all kinds of videos, whereby both complete film and TV broadcasts as well as music videos, trailers or videos made by users themselves can be downloaded via the Internet portal.
YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, US. YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, US.
Every time one of the individual pages of this website that is operated by the controller and on which a YouTube component (YouTube video) has been integrated is accessed, the YouTube component causes the web browser to download and display automatically the YouTube component on the IT system of the data subject. You can obtain further information about YouTube at https://www.youtube.com/yt/about/de. As part of this technical process, YouTube and Google receive knowledge about the actual subpage of our website visited by the data subject.
Provided that the data subject is logged into YouTube at the same time as a subpage is accessed that contains a YouTube video, YouTube recognises the actual subpage of our website that the data subject visits. This information is collected by YouTube and Google and assigned to the YouTube account of the data subject.
Then, through the YouTube component, YouTube and Google always receive information that the data subject has visited our website if the data subject is logged into YouTube at the same time as he or she is accessing our website; this happens regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this type of information transmission to YouTube and Google, he or she can prevent the transmission by logging out of their YouTube account before accessing our website.
The data protection regulations published by YouTube, which can be downloaded at https://www.google.de/intl/de/policies/privacy/ , provide information on the collection, processing and use of personal data by YouTube and Google.
Data protection regulations for implementing and using Google Fonts
External fonts are used on these web pages: Google Fonts. Google Fonts is a service of Google LLC (“Google”). The integration of these web fonts is carried out by a server download, usually a Google server in the US. Information on which of our web pages you have visited is transmitted to the server. The IP address of the browser of the end device of the visitor to these web pages is also stored by Google. More details are available in Google’s data protection information, which can be downloaded here:
Collaboration with IHD Gesellschaft für Kredit und Forderungsmanagement mbH
We transmit your data in the event of a credit risk (name, address, email address, information on the company and, if required, contract and claims data) for the purpose of credit checking as well as checking whether the address given can be delivered to, and for the purpose of collection processing to IHD Gesellschaft für Kredit und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen, and, if required, to other cooperating credit reference agencies. The legal basis of this transmission is point (b) of Article 6(1) GDPR and point (f) of Article 6(1) GDPR. Transmissions based on point (f) Article 6(1) GDPR can only be carried out insofar as this is required to safeguard the legitimate interests of our company and do not outweigh the interests or constitutional rights and fundamental freedoms of the data subject who requires the protection of personal data.
For the purpose of the decision about the reason for, execution or ending of the contractual relationship, we collect or use, in addition, automatically produced probability values, whose calculation can include address data, amongst other things.
Detailed information about our contractual partner, IHD, within the meaning of Article 14 GDPR, i.e. the purpose of the company, the purpose of its data storage, the legal basis, the data recipients of IHD, the right to voluntary disclosure, and the right to erasure and rectification as well as profiling can be obtained at www.ihd.de/datenschutz/Artikel14.html
Information on our contractual partners as a credit reference agency can be obtained at: www.ihd.de/datenschutz#vertragspartner