expected product launch: early 2020

Privacy Notice

1. An overview of data protection

1.1 General

IONIQ Skincare GmbH & Co. KG (further legal information can be found in the Legal Information section) is the entity responsible for complying with data protection legislation relating to this website. We are delighted by your interest in our website, and we want you to feel secure and happy during your visit. IONIQ Skincare GmbH & Co. KG (hereinafter “IONIQ”) therefore takes the protection of your personal data very seriously. This data privacy statement is intended to inform you about which personal data we collect from you when you use our website, and for what purposes we process and use this data.

IONIQ reserves the right to modify its data privacy statement at any time to reflect changing legal provisions and requirements, or to make other updates as it sees fit. Please keep yourself up to date about changes to the data privacy statement by visiting the relevant link from our website to view it. If you have any general questions about our website, please get in touch with us:

Phone: +49(0)7544 505-1831
E-Mail: hello@ioniqskin.com

1.2 Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form. Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

When do we share your information?

Your personal data will only be forwarded or transmitted to third parties or processors if this is necessary for the purpose of carrying out the processing purpose and if there is a corresponding requirement for such authorization.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Log files of the web service

As soon as you access the pages of our website with your browser, the server automatically stores in log files the data necessary for the operation of a web service: the name of your browser, the name of your Internet service provider, the address of the page from which you are accessed our website, the name of your operating system, the websites you visit, as well as the date and time of your visit. This data is temporarily stored in the log files and then automatically deleted. The purpose of storage is to be able to carry out an analysis of the potentially disruptive activities in the event of a problem.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behaviour. This happens primarily using cookies and analytics. The analysis of your surfing behaviour is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy notice. You can object to this analysis. We will inform you below about how to exercise your options in this regard.

2. General information and mandatory information

2.1 Data protection

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy notice explains what information we collect and what we use it for. It also explains how and for what purpose this happens. Please note that data transmitted via the internet (e. g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

IONIQ Skincare GmbH & Co. KG
Otto-Lilienthal-Str. 18
88677 Markdorf
GERMANY
Phone: +49(0)7544 505-1831
E-Mail: hello@ioniqskin.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

2.2 Information, blocking, deletion and correction

You have the right to find out about the personal details we have stored about you and also the right to block, delete and correct erroneous data. In such instances, please use the contact form so that we are able to attend to your request. If you would prefer to contact IONIQ’s Data Security Officer to exercise these rights rather than IONIQ itself, you are of course welcome to do so (hello@ioniqskin.com). (hello@ioniqskin.com).

2.3 Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

2.4 Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered.

2.5 Right to data portability

You have the right to have data which we process based on your consent or in fulfilment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

2.6 SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties. Information, blocking, deletion

3. Data protection officer

Statutory data protection officer

We have appointed a data protection officer for our company. If you have any questions regarding the use of your personal data or the enforcement of your rights, please do not hesitate to contact them.

Contact:

E-Mail: hello@ioniqskin.com
Phone: +49(0)7544 505-1831

IONIQ Skincare GmbH & Co. KG
Datenschutzbeauftragter
Otto-Lilienthal-Str. 18
88677 Markdorf
GERMANY

4. Data collection on our website

4.1 Contact forms

The reasons for processing the data collected in our contact forms are based on the purpose of your enquiry. Essentially, we process your information in order to respond to your query. Other reasons for processing this data are outlined below.

Personal details

We collect your salutation, your name, your address and your postcode so that we know who is contacting us and for what purpose, and so that we can forward your request instantly to the correct person. The details of your email address are mandatory, since we will use it to process your request depending on the reason for you contacting us. It is not used for any other purpose. We want you to voluntarily provide your telephone number since we will use it to process your request depending on the reason for you contacting us. Your personal details are stored in our CRM system so that it can be used if you get in touch with us again. It is not used for any other purpose.

Support requests, complaints

The information you provide us about the product will be stored in the event of a support request along with your personal details in our CRM and SAP system.

Transfer of your details to authorised distributors

If your enquiry relates to a complaint, warranty claim or similar, we will also transfer this data together with your personal details to the distributor from which you purchased the device, or to another distributor near you so that your request can be dealt with.

Storage, use and deletion

If your device is repaired or replaced by IONIQ, your data will be stored in our support, accounting and logistics system until the statutory storage period has elapsed, and then deleted. The data entered in the contact form will be processed on the basis of your consent (Art. 6 (1) (b) DSGVO) or on the basis of the data processing pursuant to Art. 6 (1) (b) DSGVO, which permits the processing of data to fulfil a contract or pre-contractual measures. You can revoke the processing on the basis of your consent at any time. All you need to do is send an informal message via the contact form or by e-mail to our data protection officer. The legality of the data processing processes carried out up to the revocation remains unaffected by the revocation. The data entered by you in the contact form will remain with us until you request deletion, revoke your consent for storage or the purpose for data storage ceases to apply. Mandatory statutory provisions - in particular retention periods - remain unaffected.

4.2 Newsletter data

On our websites, we offer you the opportunity to receive regular newsletters about our products, new products and special offers. You receive an electronic newsletter from us because you have given us your consent to the use of your e-mail address for this purpose by sending the newsletter order form and have confirmed this order with a so-called second opt-in. Further information on the newsletter form is obligatory and will be used to address you with a personal form of address and, if necessary, to provide you with information tailored to your needs. We use these data exclusively for the dispatch of the requested information. The mandatory information requested during registration must be provided in full, otherwise we will refuse the registration. We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (b) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. This website uses the services of MailChimp to send newsletters. This service is provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service which organizes and analyzes the distribution of newsletters. If you provide data (e. g. your email address) to subscribe to our newsletter, it will be stored on MailChimp servers in the USA. MailChimp is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States. We use MailChimp to analyze our newsletter campaigns. When you open an email sent by MailChimp, a file included in the email (called a web beacon) connects to MailChimp's servers in the United States. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests. If you do not want your usage of the newsletter to be analyzed by MailChimp, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website. Data processing is based on Art. 6 (1) (b) DSGVO. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed. The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of MailChimp. Data we have stored for other purposes (e. g. email addresses for the members area) remains unaffected. For details, see the MailChimp privacy policy at https://mailchimp.com/legal/terms/.
 Completion of a data processing agreementWe have entered into a data processing agreement with MailChimp, in which we require MailChimp to protect the data of our customers and not to disclose said data to third parties. This agreement may be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.

4.3 Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfil a contract or for measures preliminary to a contract. In order to avoid bad debts, we can, on the basis of Art. 6 (1) (b) DSGVO, in accordance with our legitimate interest, after placing an order with Euler Hermes Forderungsmanagement GmbH, Risk Management Division, P.O. Box 50 07 40, 22707 Hamburg, Germany, to submit your credit assessment data. In a credit check, a so-called score value is calculated on the basis of a mathematical procedure, which makes statements about your solvency. This usually happens as soon as a credit limit of € 1,000 is exceeded. We would like to point out that Euler Hermes Forderungsmanagement GmbH continues to use the transmitted data for its own purposes. You can object to the transmission of this data to Euler Hermes Forderungsmanagement GmbH at any time, however, the execution of the purchase contract may then not be possible. Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

4.4 Cookies

The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit. You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, the acceptance of cookies for certain cases or generally exclude and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. Cookies that are required to carry out the electronic communication process or to provide certain functions that you wish to use (e.g. shopping cart function) are processed on the basis of Art. 6 para. 1 lit. f DSGVO saved. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (such as cookies for analyzing your surfing behavior) are stored, they will be treated separately in this privacy notice.

4.5 Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are: • Browser type and browser version • Operating system used • Referrer URL • Host name of the accessing computer • Time of the server request • IP address These data will not be combined with data from other sources. The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.

5. Social media, Plugins and Tools

The content on our pages can be shared on other social networks like Facebook, Pinterest and Instagram. Our website contains links to social media (Facebook, YouTube). The buttons to these links are designed so that a connection between your PC and the respective network is only established if you follow the link by clicking it. You are then connected directly with the respective server of the selected social medium. The respective operators of social media networks are responsible for their own data privacy. This also applies to websites to which our portal links but which are operated by third-party providers. An example of such links would be videos on our main page that are retrieved from YouTube. Information about the data privacy policies of linked pages can be found in the respective providers' data privacy statements. When the user actively clicks on one of these buttons, your browser establishes a direct connection to the respective servers. This tool does not automatically transfer user data to the operators of these platforms. If users are logged into one or more of the social networks, it will display an information window in which the user can edit the text before it is sent. Our users can share the content of this page on social networks without their providers creating profiles of users' surfing behaviour

5.1 Facebook plugins

Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/. When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook "Like button" while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook's privacy notice at https://de-de.facebook.com/policy.php. If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.

5.2 Pinterest plugin

Our website contains functions of the Pinterest social network, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. When you visit a page containing the Pinterest social plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits this log data to Pinterest servers in the United States. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies. More information about the purpose, scope and further processing and use of data by Pinterest, as well as your rights and options to protect your privacy, can be found in the privacy notices of Pinterest: https://about.pinterest.com/de/privacy-policy.

5.3 Instagram plugin

Our website contains functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by Instagram. For more information, see the Instagram privacy notice: https://instagram.com/about/legal/privacy/.

5.4 YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you're logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO. Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

5.5 Twitter plugin

Functions of the Twitter service have been integrated into our website and app. These features are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In doing so, data will also be transferred to Twitter. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For more information on Twitter's privacy policy, please go to https://twitter.com/privacy. Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings.

6. Analytics and advertising

6.1 Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser Plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics. For more information about how Google Analytics handles user data, see Google’s privacy notice: https://support.google.com/analytics/answer/6004245?hl=en.

Outsourced data processing

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic data collection by Google Analytics

This website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.

6.2 Google Analytics Remarketing

Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behaviour on one device (e.g. your mobile phone), on other devices (such as a tablet or computer). Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging. To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion. You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/. The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analysing anonymous user behaviour for promotional purposes. For more information and the Google privacy notice, go to: https://www.google.com/policies/technologies/ads/.

6.3 Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page. Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics. Conversion cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising. For more information about Google AdWords and Google Conversion Tracking, see the Google privacy notice: https://www.google.de/policies/privacy/. You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

6.4 Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e. g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place. Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam. For more information about Google reCAPTCHA and Google’s privacy notice, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

6.5 Facebook Pixel

Within our online offer, due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes the so-called “Facebook Pixel” of the social network Facebook, which is the Facebook Inc., 1 Hacker Way, Menlo Park, Ca 94025 USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland operated wid (“Facebook”).   With the help of the Facebook-PIxel Facebook is on the one hand possible to determine the visitors of our offer as a target group for the presentation of advertisements, so-called “Facebook-Ads”. Accordingly, we use the Facebook pixel, the Facebook Ads we have switched to such users now.   To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217

Duty to inform for data collection

Data protection notice for customers, suppliers, partners, clients, visitors and interested parties

With this data protection notice we inform you about how we process your personal data and which rights are granted to you by data protection law in this context. The individual personal data that are processed by you and the scope of the processing depends on the legal provisions and the content of the contractual business relationship that has been agreed with you. It may therefore be that not all parts of this data protection information are applicable to you.

I. Responsible for data processing

Responsible is the:
IONIQ Skincare GmbH & Co. KG
Otto-Lilienthal-Str. 18
88677 Markdorf
GERMANY
Phone: +49(0)7544 505-1831
E-Mail: hello@ioniqskin.com

You can contact our company data protection officer at:
E-Mail: hello@ioniqskin.com
Phone: +49(0)7544 505-1831

II. Data processed and their origin

First and foremost, we process the personal data that we receive or have collected from the data subjects within the scope of the business or customer relationship. We also process data provided on the basis of inquiries / visits / registrations (e.g. Internet shop), consents (e.g. newsletter dispatch) etc. within the legally permitted framework.

In addition, we also process personal data provided to us in the context of order processing and data from publicly accessible sources (e.g. press, Internet), insofar as this is necessary and permissible for the respective purposes. We also process personal data that are legally transmitted to us by other companies of the Wagner Group or by third parties (e.g. credit insurance, receivables management, indications of criminal acts).

The personal data processed by us in this context consist of personal data / identification data (name, address, contact data, user ID, etc.), data from the fulfillment of our contractual obligations (bank data, history, authorizations, etc.), data provided by us of consent (e.g. product test data from test takers who may also include health data such as responses to test products) and other data comparable to those categories.

III. Processing purposes and legal bases

The personal data are processed by us in accordance with the regulations of the EU data protection basic regulation (DS-GVO) on the basis of the following legal bases:

1st a) For the performance of a contract (Art. 6 (1) lit. b DS-GVO)

The processing of personal data is necessary for the fulfilment of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject. If you make use of additional services, your data will be processed to the extent necessary to provide these additional services.

b) In the context of contract processing (Art. 28 DS-GVO)

The processing of personal data on behalf of the customer takes place exclusively in accordance with instructions and within the framework of legal regulations.

2nd In the context of a balance of interests (Art. 6(1)(f) DS-GVO)

Beyond the actual fulfilment of the contract with you, we process your data to the extent necessary to protect our legitimate interests or the legitimate interests of third parties, provided that your interests do not predominate. Examples are:

  • Internal and external communication
  • Documentation
  • Internal and external monitoring (ICS controls or key figures)
  • Internal and external investigations, safety reviews
  • Measures for business management and further development of services and products
  • Advertising
  • Authorization management
  • IT security measures
  • Event Management
  • Assertion / defence of legal claims, also in legal disputes
  • Prevention and detection of criminal offences
  • measures for building and system security (e.g. access controls)
  • Measures to secure the domiciliary right
  • Risk management via the Wagner Group of Companies

3. On the basis of your consent (Article 6 para. 1 lit. a DS-GVO)

If you have consented to certain processing of your personal data (e.g. newsletter dispatch, participation in advertising campaigns), your personal data will be processed lawfully on the basis of this consent. You can revoke your consent at any time with effect for the future. This also applies to declarations of consent that you have given us before the DS-GVO has entered into force, i.e. before May 25, 2018 Since the revocation of a consent is valid for the future, it does not affect the effectiveness of the processing until the time of the revocation.

4. Statutory or legal provisions (Article 6(1)(c) DS-GVO or in the public interest (Article 6(1)(e) DS-GVO)

In addition, we as a company have various legal obligations (e.g. tax laws, money laundering laws). These include identity checks, fraud and money laundering prevention, the fulfilment of tax control and reporting obligations as well as the assessment and control of risks in the company and the Wagner Group.

IV. Processing principles

The company ensures the implementation of appropriate technical and organisational measures for data security by internal regulations and - if the data are processed by an external service provider - by corresponding contractual agreements, for example by using the EU standard contract clauses for data processing outside the European Union.

Please arrange for any necessary changes to your data in good time. You can contact the relevant departments or the data protection officer to clarify questions about your data and request both information and the correction / deletion of incorrect or no longer required data.

V. Recipient of the data

In compliance with the statutory provisions and the existing internal regulations, the departments that require your data to fulfil our contractual and statutory obligations have access to it. Similarly, service providers and vicarious agents (e.g. IT service providers, logistics, telecommunications, debt collection, consulting, financial services, marketing agencies, insurance companies…) employed by us may access your data for these purposes, provided that you maintain the confidentiality and integrity of the data in particular.

We only pass on personal data to recipients outside our company if and insofar as this is necessary in compliance with the applicable data protection regulations. We may only disclose information about you if required to do so by law, if you have given your consent or if we are authorized to provide such information. Recipients of personal data may be, for example:

- For operational purposes

  • To other companies of the Wagner Group
  • To service providers / contractors
  • To customers, suppliers, partners

- Obligations to report and provide information

  • To authorities and other bodies (e.g. tax authorities, auditors)

- To clarify claims and accusations

  • Lawyers, prosecution authorities, creditors or insolvency administrators

- For recipients that you have explicitly named

  • To credit and financial services institutions

In addition, your personal data may be transferred to recipients for whom you have given us your consent. The same applies to bodies to which we may transfer personal data on the basis of a balance of interests.

VI. Transfer of data to third countries or international organisations

We transfer personal data to bodies in countries outside the European Union (so-called third countries) insofar as

  • it is required by law (e.g. tax reporting obligations)
  • you have consented or
  • the transmission is necessary to protect our legitimate interests and your interests or fundamental rights and freedoms do not outweigh the protection of your personal data.

In addition, personal data will be transferred to bodies in third countries in the following cases:

  • With the consent of the data subject or on the basis of legal regulations to combat money laundering, the financing of terrorism or other criminal acts and on the basis of a balance of interests, personal data will in individual cases be transmitted to the European Union in compliance with the data protection level.

VII. Duration of the storage of personal data

Your personal data will only be stored or otherwise processed by us for as long as is necessary to achieve the respective purpose. Once the purpose of the processing has ceased to apply (e.g. legal transaction concluded), the corresponding personal data will be deleted. The deletion may be postponed in the following cases:

  • Compliance with legal retention periods (e.g. German Commercial Code (HGB), German Banking Act (KWG), German Money Laundering Act (GwG). The storage periods mentioned there are generally 6 to 10 years.
  • Fulfilment of justified retention periods (e.g. for customer service, inquiries, log files).
  • Securing of evidence within the statutory statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years. The regular limitation period is 3 years.

If we or a third party process your data on the basis of the above-mentioned weighing of interests, we will delete your personal data as soon as our legitimate interest no longer exists. The above-mentioned exceptions also apply here.

Data deletion takes place within the deletion routines implemented by the process owners.

In the event of consent, the data will be deleted as soon as the consent is revoked for the future, unless one of the above-mentioned exceptions exists.

VIII. Internal monitoring and investigation

To protect against the various threats to our IT - e.g. by malware, hacker attacks, spam - and the intellectual property, different procedures are used in which the information exchanged is checked for viruses, for example, and the connection data for anomalies. When anomalies are discovered, the relevant documents and connection data can be analyzed.

In order to comply with existing supply and payment restrictions - for example on companies and persons listed on various government lists - a comparison can be made against this list.

In addition, in suspicious cases, in official investigations and to defend against claims against our company, an investigation and, if necessary, the surrender of data and documents on the persons concerned may be necessary. In all cases, our internal regulations, the legal requirements and the personal rights of those affected are observed.

IX. Rights of the person concerned

Under Art. 15 of the DS-GVO, any person concerned has a right of access. According to Art. 16 of the DS-GVO, the data subject may request the rectification of inaccurate personal data. According to Art. 17 of the DS-GVO, the data subject has a right of cancellation or, according to Art. 18, a right of processing restriction. Similarly, under the conditions laid down in Article 21 DS-GVO, the data subject may object to the processing of personal data concerning him/her. According to Art. 20 of the DS-GVO, the data subject has a right to data transferability. To assert these rights, please contact the data protection officer or the relevant department:

In addition, pursuant to Art. 77 DS-GVO in conjunction with § 19 BDSG, you have a right of appeal to the responsible data protection supervisory authority. A given consent can be revoked at any time.

X. Obligation to provide personal data

Within the framework of the legal transaction to be carried out with you, you are obliged to provide the personal data required for the execution of the legal transaction and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect.

If you do not provide certain personal data, you may suffer disadvantages or the legal transaction may not be concluded.

XI. Automated decision making

According to Art. 22 of the DS-GVO, automated decisions can only be taken if they are necessary for the conclusion or fulfilment of a contract or if they are permitted by law or if they are legitimised by the express consent of the person concerned. If we use such procedures in individual cases, you will be informed about this and about your associated rights within the framework of legal requirements.

XII. Profiling

Some of your data will be processed automatically in order to evaluate certain personal aspects (profiling). For example, we are required by law and regulation to combat money laundering, terrorist financing and asset-polluting crimes. In this context, data analyses are also carried out.

XIII. Information on your right of objection under Art. 21 DS-GVO 1

1. Right of objection in individual cases

You have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you, which is based on Art. 6 (1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests); this also applies to profiling based on these provisions. If you object, we will no longer process your personal data. Anything to the contrary shall only apply if we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims.

2. Recipient of an opposition

The objection can be made form-free with the subject “objection” stating your name, address and, if applicable, contact data and should be addressed to the data protection officer.

Data Protection Notice (for the IoniQ App)

With this data protection notice, we inform you about how we process your personal data in the context of the IoniQ app (the “App”) and which rights are granted to you by data protection law in this context. The type of personal data that are processed and the scope of the processing depend on whether (i) you use our App to receive recommendations regarding the usage of sunscreen, (ii) you order IoniQ products through the in App, or (iii) you connect the App with an IoniQ sprayer. It may therefore be that not all parts of this data protection information are relevant for you.

I. Responsible for data processing

Responsible is:

J. Wagner GmbH, Otto-Lilienthal-Str. 18, 88677 Markdorf; Phone: +49 7544 505-0; Fax: +49 7544 505-200; Email: wagner@wagner-group.com

You can contact our company data protection officer at:

Email: Datenschutz.Deutschland@wagner-group.com; Phone: +49 7544 505-0; Fax: +49 7544 505-200

II. Personal data processed and their origin

We process personal data that you provide to us or that we receive from third parties we involve in the data processing related to the App. We also process personal data that is derived and generated from the personal data we have received from you or the aforementioned third parties. The personal data processed by us consist of
  • personal data / identification data (e.g. your name, contact data, user ID, data permitting identification of your end user device required for data transmission)
  • data regarding your skin and sun sensitivity (e.g. hair colour, eye colour, freckles, approximate age, reaction of your skin to sunbathing)
  • data required to process and track your in-app purchases (e.g. address, bank data, product data, order and payment history, order data)
  • data on your usage of the App (e.g. information on your location, your click behaviour within the App or pages visited by you, installed software updates)
  • data on your usage of IoniQ sprayer which is connected to and controlled by the app (e.g. location data, how you use the sprayer, distance between sprayer and your skin, information on your body shape, operating status of sprayer, sprayer cartridges used, consumed volume of sunscreen spray and of cartridges)
We receive some of your personal data from third-party providers, in particular your exact location when using the App from location services providers we cooperate with.

III. Processing purposes and legal bases

We process your personal data for the purposes of enabling any functions of the App, of improving the App and the services it provides, or of making use of other legitimate interests. In some cases, we also process your personal data where required for fulfilling our legal obligations. Your personal data are processed by us in accordance with the regulations of the EU Data Protection Rregulation (GDPR) according to the following legal bases:

1. For enabling any functions of the App (performance of a contract, Art. 6 (1) lit. b GDPR)

For providing you with all functions of the App, in particular for recommendations the App generates on how to use the IoniQ sprayer in the light of your particular skin conditions and the actual weather, we need to process personal data you provide on your skin and sun sensitivity and information on how and in which locations you use the App and the IoniQ sprayer. We also use particular personal data for processing any in-app orders you place, including your name, address or other contact data, payment and banking data, ordered products.

2. For making improvements of the App and to provide you with the best service, or in the context of other legitimate interests (balance of interests, Art. 6(1)(f) GDPR)

Beyond the actual provision of the App with you, we process your data to the extent necessary to protect our legitimate interests or the legitimate interests of third parties, provided that your interests do not predominate.

In particular, we process your personal data for making the App as user-friendly as possible (e.g. show you the content you frequently click on) and to remember your actual preferences when using the App (e.g. language). For this purpose, we evaluate e.g. on which content you click within the App, and in which products you are interested.

We can also process personal data when required for other legitimate interests, e.g. in the case of legal disputes we might have with you.

3. Statutory or legal provisions (Article 6(1)(c) GDPR or in the public interest (Article 6(1)(e) GDPR)

In addition, we as a company have various legal obligations for which we process personal data (e.g. tax laws, money laundering laws). These include potential requests by competent authorities, identity checks, fraud and money laundering prevention, the fulfilment of tax control and reporting obligations as well as the assessment and control of risks in the company and the Wagner Group.

IV. Recipients and sources of the personal data

We forward your personal data to other parties where this is necessary for a legitimate purpose in the context of operating the App. In particular, we forward some of your personal data (in particular on your location) to weather services providers for informing us of the weather conditions when you use the App. We also use service providers (as data processors) who provide technical support and development services for the App.

In case of legal disputes or requests, we might forward your personal data to third parties such as our advisors or public accountants. Where required pursuant to applicable law, we might have to disclose your personal data to the competent authorities making a request or order.

V. Transfer of data to third countries or international organisations

Some of the third parties to whom we forward your personal data are located outside the European Union, in countries whose data protection level is not approved by the European Commission as being adequate. Where we transfer your personal data to such third parties, we use legal instruments safeguarding your personal data in those countries (in particular, EU standard contractual clauses or the EU-US Privacy Shield). You can request a copy of such legal instruments from us under the above address.

VI. Duration of the storage of personal data

Your personal data will only be stored or otherwise processed by us for as long as you have prescribed for using the App and the related services. Afterwards, for example if you delete your user account, the corresponding personal data will be deleted, except if applicable law prescribes or allows for a longer storage, or if we have a legitimate interest in keeping the data (e.g. if there is a legal dispute for which we need the data).

The deletion of personal data may, in particular, be postponed in the following cases:

  • Compliance with legal retention periods (e.g. German Commercial Code (HGB), German Banking Act (KWG), German Money Laundering Act (GwG). The storage periods mentioned there are generally 6 to 10 years.
  • Securing of evidence within the statutory statute of limitations, especially when there is a legal dispute. According to Sec. 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years. The regular limitation period is 3 years.

VII. Rights of the person concerned

You have the right to access your data, to request rectification, erasure, restriction of the processing, objection to the processing, and data transferability. Further you can lodge a complaint to a supervisory authority and revoke your consent at any time.

  • Under Art. 15 of the GDPR, any person concerned has a right of access, i.e. you may obtain confirmation from our company as to whether or not we process personal data of you and, if so, obtain access to such personal data.
  • According to Art. 16 of the GDPR, you may request the rectification of inaccurate personal data.
  • According to Art. 17 of the GDPR, you have a right of erasure or, according to Art. 18, a right of processing restriction.
  • According to Art. 20 of the GDPR, you have a right to data transferability, i.e. to demand, in some circumstances, certain of your personal data to be transferred to you or a third party.
Exercising any of your rights mentioned above is subject to legal prerequisites and, in certain circumstances, your rights may be limited due to legal exceptions set out, in particular, in Arts. 17 para. 3 and 22 para. 2 GDPR. Should you have any questions relating to your rights or their limitations, please feel free to contact Our data protection officer under the contact details set out above. To assert these rights, please contact the data protection officer or the company under the contact details set out in above. In addition, pursuant to Art. 77 GDPR, you have a right of appeal to a data protection supervisory authority, in particular, in the EU Member State of your habitual residence, place of work or of an alleged infringement of applicable data protection laws.

VIII. Obligation to provide personal data

Within the framework of the usage of the App, you are obliged to provide the personal data required for the functionality of the App, the usage of the IoniQ sprayer and for the fulfilment of the contractual obligations following from your in-app orders. If you do not provide certain personal data to us, the usage of the App is not possible and in app purchases cannot be processed.

IX. Automated decision making

Some of your data will be processed automatically in order to evaluate certain personal aspects (profiling). In particular, your location data could be used to create motion profiles.

XI. Information on your right of objection under Art. 21 GDPR

Right of objection in individual cases

You have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you, which is based on Art. 6 (1) (f) (data processing on the basis of a balance of interests) GDPR; this also applies to profiling based on these provisions. If you object, we will no longer process your personal data. Anything to the contrary shall only apply if we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims.

Recipient of an opposition

The objection can be made form-free with the subject “objection” stating your name, address and, if applicable, contact data and should be addressed to the data protection officer (see contact details above).