Privacy Policy

IONIQ Skincare GmbH & Co. KG attaches great importance to protecting your privacy and your personal data as well as the requisite data security and therefore collects, processes and uses your personal data exclusively in accordance with the principles described below as well as the requirements of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act  (BDSG) applicable to IONIQ Skincare GmbH & Co. KG.


Content 

I. Name and address of the controller
II. Name and address of the data protection officer
III. Your personal data
IV. General information on data processing
V. Provision of the website and creation of log files / journal files
VI. Use of cookies 
VII. Use of the IONIQ Shop
        VII.1 Shop system (Novomind)
        VII.2 Registration of a customer account and login
        VII.3 Processing of data within the scope of the purchase transaction
        VII.4 Use of payment and logistics service providers
        VII.5 Identity and credit check when selecting Klarna payment methods
                VII.6 Submission of product ratings
                VII. 7 Sending transactional emails 
VIII Communication & Contact
     VIII.1 E-mail contact and contact form
     VIII.2 Newsletter (Mailchimp) and tracking
     VIII.3 Live Chat "Violet”
     VIII. 4 Other contacts in case of need
IX. Jobs / Applications
X. Website analytics services
          X.1 Google Universal Analytics 
XI. Advertising and marketing services for advertising & retargeting
      XI.1 Use of Google Ads
XII Social Media
       XII.1 Links to social media networks
       XII.2 Use of Facebook Pixel
XIII. Rights of the data subject
XIV Automated individual decision-making and profiling
XV. Links to other websites
XVI Security
XVII Availability and changes


I. Name and address of the controller

The controller within the meaning of the EU General Data Protection Regulation ("GDPR") and other national data protection laws of the EU member states as well as other applicable data protection provisions for the operation of the website or the IONIQ Shop at https://ioniqskin.com (hereinafter referred to as the "Website", "IONIQ Shop" or "Shop") is:

IONIQ Skincare GmbH & Co KG
Otto-Lilienthal-Str. 18
88677 Markdorf
Germany

Phone: +49 (0) 7544 505-1831
represented by the management

(hereinafter "IONIQ", "Company" or "we").

The responsible contact person for data protection, specifically for questions regarding the collection, processing or use of your data and the assertion of your rights as a data subject, is our designated data protection officer. You can contact him or her by e-mail or letter. You can also obtain information about your personal data at any time and free of charge using the contact details provided.


II. Data Protection Officer

Contact details of the designated data protection officer:

IONIQ Skincare GmbH & Co KG
Data Protection Officer
Otto-Lilienthal-Str. 18
88677 Markdorf
Germany
Phone: +49 (0) 7544 505-1831
(hereinafter "DPO").


III. Your personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). When visiting our website, it is not necessary for you to provide your personal data. We only collect personal data, such as your name, telephone number, postal and e-mail address, date of birth and telephone number, if you provide it to us voluntarily or if you have consented to its collection. For the technically required data, we refer to the processing as described under "V. Provision of the website and creation of log files / log files" and "VI. Use of cookies". 


IV. General information on data processing

1. Scope of the processing of personal data
We process personal data (hereinafter also referred to as "data") of visitors to the website to the extent that this is necessary for the provision of a functioning website as well as our contents and services of our shop.

The processing of personal data of visitors to our website is regularly only carried out after the consent of the user to the processing as well as for the fulfilment of the purchases and the order process. An exception applies in cases where the processing of data is permitted by legal regulations or is technically necessary.

By means of our Consent Management System (CMP for short), which is controlled by you via our cookie banner, you as a visitor have the opportunity to decide for yourself whether or not you wish to give consent to the collection and processing of your personal data through the use of technical measures. We describe in our CMP which technical measures are involved and who the recipient of your data is. We emphasize that certain data-processing processes are necessary for the provision of our website and safeguarding website security as well as they are technically necessary for individual data-processing operations, so that consent to this data processing is not possible.

The provision of your data is not required by law, but is necessary for setting up the customer account and for ordering and delivering our prducts. Without the data necessary for order processing, we cannot process the order placed by you via the shop. By marking the mandatory fields, we describe which data is absolutely necessary for processing the order, setting up the customer account, subscribing to our newsletter or participating in a prize game.

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject to, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

3. Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the processing no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Blocking of further data processing or deletion of data also takes place when a legally prescribed storage period expires unless there is a need for further storage of the data for the fulfilment of a contract.


V. Provision of the website and creation of log files / protocol files

1. Description and scope of data processing
During the mere informative use of the website / our shop, we only collect the personal data that your browser transmits to our server or provider and that are technically necessary for the purpose of providing our website to you and ensuring its stability and security.

We have commissioned novomind AG, Bramfelder Chaussee 45, 22177 Hamburg, Germany (hereinafter "Novomind") for the hosting and technical provision of our website / shop. We have concluded the required data protection agreement with Novomind for processing on behalf in accordance with Art. 28 GDPR. According to this agreement, Novomind ensures the necessary protection of your data and processing in accordance with the applicable data protection regulations exclusively on our behalf and in accordance with our instructions. 

The following data is processed in log files:

(1) the type and version of browser used (if you have consented to transmission within your browser settings),
(2) Date and time of the server request,
(3) the number of visits,
(4) the length of time spent on the website,
(5) the previously visited website, (if you have consented to transmission within your browser settings),
(6) the IP address of the user,
(7) the amount of data sent/transmitted.

The data is stored on Novomind servers hosted in Germany. Novomind processes this information for the specified purpose on our behalf. The data will not be used for any other purpose and will not be submitted to third parties without our permission. This data is not stored together with other personal data of yours.

2. Legal basis for data processing
The legal basis for the processing and temporary storage of the data and the log files is Art. 6 (1) (f) GDPR.

3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to the provision of the website to the end device of the user. 

The storage of all the above-mentioned information ((1) - (7)) in log files takes place in order to ensure the functionality of the website or our webshop. In addition, we use the data to optimise the website and the webshop and to ensure the necessary security of our information technology systems. We also use this information for service optimisation in terms of statistical evaluation of sessions or number of purchase transactions. The data is not evaluated for marketing purposes.

4. Duration of storage
The storage period of the log files for the purposes listed above is usually 30 days. Data relating to the respective session is stored for 90 days. The log files of the server are regularly and continuously backed up and are thus stored for a maximum of 182 days.

5. Possibility of objection and removal
The collection of data for the provision of the website / webshop and the storage of the data in log files is absolutely necessary for the operation of the websites / webshop. There is no possibility for the user to object.


VI. Use of cookies

1. Description and scope of data processing
Our website / webshop uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's device. Cookies cannot execute programs or transfer viruses to your device. When a user visits a website, a cookie may be stored on the user's device. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called "session cookies"). Other cookies remain on your device and enable us to recognise your browser the next time you visit the website, if you have consented to this.

When visiting our website, we inform the user by means of an information banner (CMP) about the use of cookies (essential or technically necessary cookies as well as tracking and marketing cookies) and have technically set up the consent required under data protection law for the setting of cookies for which consent is necessary. With the exception of essential or technically necessary cookies, consent must always be given in advance for cookies to be set on your end device. The same applies to other technical measures, such as the use of Google Analytics, on our website. The user is also referred to this data protection declaration via the information banner.

In the following, we provide you with an overview of the cookies used, their validity period and the respective opt-out options. In addition, we would like to point out that you can adjust your cookie settings at any time via a link in the footer of the website and revoke your consent at any time for the future.

(a) Essential Cookies:
We use cookies to make our website or shop more user-friendly. Some elements of our website / shop require that the calling browser can be identified even after leaving or changing the website. Technically necessary, so-called essential cookies serve the smooth experience of your visit to our website. This includes, for example, the implementation of fraud prevention and detection by our payment provider (see section "VII.4 Use of payment and logistics service providers") or the storage of your individual cookie settings for our website or your search queries, shopping basket functions and wish lists. These cookies are necessary for a secure visit of our website and for the operation of our webshop and cannot be switched off.

The following essential or technically necessary cookies are stored on your device and transmitted to us each time you visit our website:

(1) COOKIECONSENT: Stores the consent of the user (validity: two years),
(2) JSESSIONID: Reference of the user session (validity: session),
(3) __stripe_mid: Fraud prevention and detection (valid for one year),
(4) __stripe_sid: Fraud prevention and detection (validity: session),
(5) i.u.v2: Reference to personal data: search request, interest in categories and products, etc. (validity: two years).

(b) Tracking Cookies:
We also use cookies on our website that allow us to analyse the surfing behaviour of our users.

The following data can be transmitted in this way:

(1) Search terms entered
(2) Frequency of page views
(3) Use of website function
(4) Duration of visit

The user data collected in this way is anonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.

The use of the statistics cookies is for the purpose of improving the quality of our website and our shops and their contents. Through the statistics cookies, we learn how the website is used and can thus constantly optimise our offer. For a description of the technical measures used, the cookies set, how they work, their purpose and the options for objecting to them, please refer to the information on each analyses tool under "X. Website analyses services". Website analyses services".

(c) Marketing cookies:
In addition, third-party cookies are set through the use of advertising and marketing services. These cookies are used to display advertisements on third-party sites as well as social media platforms that may be of interest to you based on your browsing behaviour. The third party providers may combine information collected on our site with existing information to serve you personalised and interest-based ads.

For our advertising and marketing services, we use the following technical measures for conversion tracking and remarketing: Google Ads and Facebook Pixel. We use the technical measures to track cost-benefit analyses of the ads we serve and to optimise our ad placement. They are also used for interactions with other websites and social media platforms. For a description of the cookies, how they work, their purpose and the options for objecting to them, please refer to the explanations under "XI. Advertising and marketing services for advertising & retargeting" and "XII. Social media".

2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies (cf. (a)) is Art. 6 (1) (f) GDPR.

The legal basis for the processing of personal data using cookies for statistical or marketing purposes (cf. (b) and (c)), based on your given consent via the cookie banner, is Art. 6 (1) (a) GDPR.

3. Purpose of the data processing
The purpose of using essential or technically necessary cookies is to enable you to use our website or shop. Some functions of our website / shop cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. The user data collected through essential or technically necessary cookies are not used to create user profiles.

For information on the purpose of cookies for statistical or marketing purposes and the options for objecting to them (see (b) and (c)), please refer to the information provided under "X. Website analyses services" and to the explanations under "XI. Advertising and marketing services for advertising & retargeting" and "XII. Social media".

4. Duration of storage as well as revocation, objection and elimination options
Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website or shop.

You can change your settings for cookie use configured via our cookie banner at any time via the cookie settings, which can be accessed via a link in the footer of the website. By removing the active tick, you switch off the respective cookies or technical measures for each cluster.


VII. Use of the IONIQ Shop

In order to provide our shop and the products for for your purchases in our shop, the processing of personal data is necessary. Orders in our shop are currently possible with or without a user account. The scope of the processing of personal data depends on which option you choose for ordering. We use service providers for the technical provision of our shop system as well as for the provision of your payment options. In the process, personal data is often transmitted to our service providers or automatically analysed. The type, scope and purpose of this processing of personal data are listed and explained below.

VII.1 Shop system

We use the provider Novomind AG, Bramfelder Chaussee 45, 22177 Hamburg (hereinafter "Novomind") to provide our shop. We have concluded the required data protection agreement on processing on behalf with Novomind in accordance with Art. 28 GDPR. In this agreement, Novomind is obliged to protect the data of our users and to process it exclusively on our behalf in accordance with the applicable data protection regulations.

VII.2 Registration of a customer account and login

1. Description and scope of data processing
To purchase products in the shop, you can either create a user account or place a guest order. Your user account is intended to make subsequent orders easier for you by automatically filling in the information you provided once when setting up the account when placing a subsequent order. In the process, the information stored in the account is saved in the central customer database. The data is only stored in our customer database when you initiate this by clicking on the button marked "Create customer account" as part of the new customer registration or when you create a account as part of the ordering process. In addition, we offer further services with the user account, such as the display of your purchase history, the administration of your billing and delivery addresses as well as payment methods. You can view, update, add to or delete the information in your account at any time.

To set up your personal account, you need to register once by providing the following personal data. If you have registered, we will collect, process and use the data you have provided exclusively for the provision of your account and the associated services:

(1) Your salutation*,
(2) Your first name* and surname*,
(3) Your email address*,
(4) Your phone number,
(5) Your address (street*, house number*, address suffix, postcode*, city*, country*),
(6) Your password* (min. 8 digits, upper and lower case letters, numbers and special characters),
(7) a different delivery address, if applicable.

Mandatory (*) and optional information is indicated in the registration form.

In addition, we process further data within the process of the creation of the user account, such as the time of registration, the time of the last login, the account status and the last products viewed.

After successful registration, you will automatically receive a welcome e-mail from the system. You can then log in at any time using your e-mail address and the password you have been given. Logged in under "My account" we offer you the possibility to change your password as well as your billing and delivery addresses and to view your wish list at any time. We also offer the option of deleting your customer account.

2. Purpose and legal basis for data processing
The processing of personal data serves us exclusively to set up and provide a user account or to make our online shop available to our customers in accordance with the valid terms of use.

The legal basis for the processing of the data collected and processed by us in the context of the provision and management of your user account is the fulfilment of the service owed under the concluded user agreement, Art. 6 (1) (b) GDPR.

3. Duration of storage and possibility of disposal
Your data is stored on Novomind servers hosted in Germany. The password is stored in a protected area and secured with a cryptographic procedure before storage.

If you do not provide us with your personal data, in particular the data necessary for setting up your customer account, we will not be able to offer you this service or the functions.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data, this is the case if you object to the processing and request deletion of your data.

You have the option of deleting your customer account at any time via the function found under "My data". Alternatively, you can request the deletion of the assigned user account via the contact details under section I and II.

VII. 3 Processing of data within the scope of the purchase transaction

1. Description and scope of data processing
We process the personal data you have provided on the basis of the orders you have placed in the shop and for the processing of the purchase contract entered into as well as for the delivery of your order and for invoicing.

When you use our services, i.e. order a product in the shop, we process the data you provide in the shop solely in connection with your shopping and payment behaviour. This includes the following data:

(1) Your salutation*,
(2) Your first name* and surname*,
(3) Your email address*,
(4) Your password (for optional creation of a user account),
(5) Your billing and delivery address (street*, house number*, address suffix, postcode*, city*, country*),
(6) Payment information (depending on the selected payment method),
(7) Information about your purchasing behaviour in the web shop (ordered and abandoned shopping cart, wish lists, viewed items, etc.).

Mandatory (*) and optional information is indicated on the order form.

In connection with the respective purchase contract concluded and your method of payment, we may also check your creditworthiness or transmit the data provided to our logistics and payment service providers for the payment or shipping of your ordered goods (see also "VII.4 Use of logistics and payment service providers").

If you are already logged in with your existing user account when placing your order, you do not need to enter the above data ((1) - (5)) and we will forward you directly to the order overview or subsequently to the payment process.

Following your order, the system will send you a confirmation of receipt to the e-mail address you provided when placing your order. For further information on our system e-mails, please refer to section "VII. 7 Submission of transaction e-mails".

2. Purpose and legal basis for data processing
We process your personal data exclusively for the purpose of initiating and processing the purchase contract: The processing of the named data takes place in order to be able to enter into the purchase contract with you and to be able to process the contractually entered obligations as well as to be able to deliver the ordered goods. This includes data processing for the purposes of dispatching, shipping, payment processing, granting discounts and redeeming vouchers, status updates of the respective order, return of goods or warranty for defective products.

The legal basis for processing the data provided is the contractual relationship within the scope of the purchase contract, Art. 6 (1) (b) GDPR. This also includes delivery of the goods to the recipient specified by you.

3. Duration of storage
We store your personal data only as long as this is necessary to achieve the respective storage purpose. Afterwards, your data will be deleted by us, unless we are obliged to store it for a longer period of time according to Art. 6 (1) (c) GDPR due to tax, commercial or other legal retention or documentation obligations.

Your data is stored on Novomind servers hosted in Germany.

4. Possibility of objection and removal
You are not obliged to provide us your personal data when making purchases. However, ordering and purchasing our products is not possible without processing personal data. In addition, we draw your attention to your data subject rights (further information under "XIII. Data subject rights").

VII. 4 Use of logistics and payment service providers

1. Description and scope of data processing 
In order to process your order, we transmit the personal data required for the delivery of the goods ordered by you to our service provider FIEGE Logistik Stiftung & Co. KG, Joan-Joseph-Fiege-Straße 1, 48268 Greven, Germany (hereinafter "Fiege") in compliance with the applicable data protection regulations and the necessary security measures. The agreement on processing on behalf required under data protection law in accordance with Art. 28 GDPR has been concluded with Fiege. In this agreement, Fiege is obliged to protect the data of our users and to process it exclusively on our behalf in accordance with the applicable data protection regulations.

We transmit the data necessary for the processing of the shipment, such as first and last name, address, e-mail address as well as the necessary information about the goods ordered in each case to our service provider Fiege. Fiege transmits the necessary information to our logistics partners for the processing of the delivery, with the exception of the e-mail address. The logistics partner sends our customers tracking information for existing deliveries. Your contact data will not be forwarded to the logistics partner. A list of the logistics partners used can be found here. For the processing of your data by the payment services, we refer to their terms of use and data protection regulations. 

Depending on the payment method you have chosen, the data required to process the payment will be transmitted to the respective credit institution, credit card company or PayPal (Europe) S.à.r.l. & Cie, S.C.A.. Google Pay, Apple Pay or Klarna GmbH. Our service provider Stripe Payments Europe, Ltd. 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe") is responsible for the technical connection of the payment service providers. The required data protection agreement on processing on behalf in accordance with Art. 28 GDPR has been concluded with Stripe. In this agreement, Stripe is obliged to protect the data of our users and to process it exclusively on our behalf in accordance with the applicable data protection regulations. We transmit the respective data to service providers commissioned by us, insofar as this is necessary for payment processing or delivery. A list of the payment service providers or payment methods used can be found here. For the processing of your data by the payment services, we refer to their terms of use and data protection provisions. 

2. Legal basis for data processing
The legal basis for the transmission of data to our logistics and payment service providers is, based on the fulfilment of the contractual obligation within the framework of the purchase contract, Art. 6 (1) (b) GDPR. 

3. Purpose of data processing and duration of storage
We store your personal data as long as this is necessary to achieve the respective storage purpose. Afterwards, your data will be deleted by us, unless we are obliged to store it for a longer period of time according to Art. 6 (1) (c) GDPR due to tax, commercial or other legal retention or documentation obligations or you have consented to a storage beyond this according to Art. 6 (1) (a) GDPR in the event that the storage purpose is no longer applicable.

The transfer of your data to the respective logistics and payment provider serves exclusively to fulfil our contractual obligations and is thus subject to the statutory retention obligations.

VII.5 Identity and credit check when selecting Klarna payment methods

1. Description and scope of data processing
Various payment options are offered in the shop. If you choose one of the payment options offered by our partner Klarna GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "Klarna"; see also https://www.klarna.com/de/), your data provided during the ordering process will be forwarded to Klarna for the purpose of processing the payment and carrying out an identity and credit check. If you select the payment method on account, your data (first and last name, street, house number, postcode, city, date of birth, telephone number) as well as the data in connection with your order will be transmitted to Klarna and, if applicable, to the factor cooperating with Klarna.

For the purpose of its own identity and credit assessment, Klarna or partner companies commissioned by Klarna transmit data to credit agencies and receive information from them as well as, if applicable, creditworthiness information on the basis of mathematical-statistical procedures, a calculation which includes, among other things, address data. Detailed information on this and on the credit agencies used can be found in the data protection provisions https://www.klarna.com/de/datenschutz/ of Klarna GmbH.

Furthermore, Klarna may use third-party tools to detect and prevent fraud. Data obtained with these tools may be stored at third parties in encrypted form so that it can only be read by Klarna. Only if you select a payment method from our cooperation partner Klarna, this data will be used, otherwise the data will automatically expire after 30 minutes due to a system-side measure.

2. Legal basis for data processing
The legal basis for the transmission of data to Klarna is based on your given consent through the selection of the payment method in the ordering process as well as the contractual relationship in the context of the purchase contract Art. 6 (1) (a) and (b) GDPR.

3. Purpose of data processing and duration of storage
The transmission of your specified data is necessary for the performance of the purchase contract. Klarna processes your data exclusively for the purpose of its own identity and creditworthiness check. We do not store the data.

VII.6 Submission of product ratings

1. Description, purpose and scope of data processing 
In our webshop we offer our customers the rating of our products. We use the functions of the online shop to send us feedback on our offered products as well as to exchange information about our offered products with other customers.

By using the product evaluation, we process the following personal data from you:

(1) Your name* (you can also choose a pseudonym here),
(2) Your email address*,
(3) the subject ("In a nutshell")* and your comment*.

When you submit your product review in our webshop, the product review is stored on our server and checked by us. After successful verification and approval by us, your comment will be published and thus be visible for all other webshop users, together with your name / pseudonym below the rated product in the webshop.

2. Legal basis for data processing
The processing serves the above-mentioned purpose and is carried out in accordance with Art. 6 (1) (a) GDPR on the basis of your voluntary submission ("submit rating") of your respective product rating. 

3. Duration of storage
After submitting the product review, it will first be saved in our backend of the webshop on the servers of Novomind and checked by us. If the product review is approved, your comment will be published in our webshop together with your name / pseudonym. We store the data you have provided on our web server at Novomind until you revoke your consent or as long as relevant product reviews are available on the site.

If we do not release your product review, the data you provided will be deleted from our web server within seven days. 

4. Possibility of objection and removal
The user has the possibility to revoke his consent to the processing of personal data at any time. The revocation can be made at any time via the contact details under section I. or II. See also "XIII. Rights of the data subject". All personal data stored in the context of the evaluation will be deleted in this case.

VII. 7 Sending transactional emails

1. Description and scope of data processing
For the technical implementation of sending system emails or for email communication of our webshop (e.g. for sending confirmations of receipt and invoices or for implementing the password reset function), we use the service of Novomind.

2. Purpose and legal basis for data processing
The processing of personal data by us and our service provider Novomind is solely for the purpose of processing and sending our system emails. The legal basis for this data processing is Art. 6 (1) (b) GDPR.

3. Storage period
We store your personal data as long as this is necessary to achieve the respective storage purpose or your consent to storage has been given. We will then delete your data unless we are obliged to store it for a longer period of time in accordance with Art. 6 (1) (c) GDPR due to tax, commercial or other legal retention or documentation obligations or you have consented to storage beyond this in accordance with Art. 6 (1) (a) GDPR in the event that the purpose of storage no longer applies.

4. Possibility of objection and removal
The processing of the data is absolutely necessary for the processing of the orders. There is no possibility for the customer to object. 


VIII. Communication

VIII.1 E-mail and contact form

1. Description and scope of data processing
In our shop, it is possible to contact us or make a complaint / product enquiry via a contact form. In all cases, the user's personal data submitted will be transmitted to our support staff. The scope of the processed personal data as well as which personal data is processed in each individual case can be regulated according to the mandatory fields of the contact form. This includes in particular the following data: 

(1) Your salutation;
(2) Your first name* and surname*;
(3) Your communication data (e-mail address*, telephone number);
(4) resulting correspondence (subject*, message*).

If you provide further personal data via the comment field, this will be treated as strictly confidential and will only be made available to the employees entrusted with processing your enquiry. 

When you select a complaint about a product or product enquiry, we also process the information provided by you on  our product. This includes the product name, the expiry date of the product and the required product identification. 

Your data or the resulting correspondence will be processed exclusively by us. It may be necessary to forward the data to one of our trade or product partners in order to process your request. In principle, only the data or information about the product is affected by the forwarding. Should it be necessary in individual cases for us to forward the data you have provided to us to the trade or product partner, we will inform you of this in advance and, if necessary, obtain your consent. Beyond this, the data will not be passed on to third parties. The data is used exclusively for the conversation started by the user in order to contact you via the contact options communicated to us regarding your enquiry.

Mandatory (*) and optional information is clearly indicated in the contact forms.

2. Purpose and legal basis for data processing
The processing of your personal data voluntarily provided to us via e-mail or contact form serves us solely to process the contact or to process the complaint or enquiry.

The legal basis for the processing of data transmitted in the context of sending an e-mail or via the contact form is Art. 6 (1) (a) GDPR. If the contact by the user is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR.

3. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data transmitted by e-mail or via our contact form, this is the case when the respective conversation with the user has ended. Your entries in our contact form are deleted from our web server by the system after 30 days. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

4. Possibility of objection and removal
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail or via the form, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. The revocation can also be made at any time via the contact details under section I. and II. See also our explanations under section "XIII. Rights of the data subject". All personal data stored in the context of contacting us will be deleted in this case.

VIII.2 Newsletter (Mailchimp) and tracking

1. Description and scope of data processing
On our website you have the option of registering for a newsletter to receive news about promotions and our products. Which personal data is processed when ordering the newsletter can be seen from the input mask (the e-mail address is mandatory). This information is necessary to send you the newsletter and to address you personally. If you do not provide your e-mail address, we will not be able to offer this service.

The registration for our e-mail newsletter is carried out in a double opt-in process, i.e. after providing your personal data, you will receive an e-mail to the e-mail address provided to us with a confirmation link. This confirmation e-mail serves to authorise the receipt of the newsletter by the owner of the specified e-mail address. The e-mail address will only be included in the distribution list after confirmation. Stored are: Registration data, registration, confirmation, unsubscription time, IP address as well as changes to the stored data. The collection of this data is necessary in order to be able to trace any misuse of the e-mail address of the persons concerned and to safeguard the data controller. 

If you have subscribed to our newsletter by confirming the button provided for this purpose and entering your required personal data, we will process this data exclusively for the purposes stated here.

For the technical implementation of the mailing, your personal data will be transmitted to the service of the company The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (hereinafter "Mailchimp"), which processes the data provided for us as a processor on behalf within the meaning of Art. 28 GDPR while complying with the necessary data security measures. The contractual relationship was agreed on the basis of the EU standard contractual clauses. The data is used by Mailchimp exclusively for sending the newsletter and for evaluating the success of the newsletter. The agreement can be viewed at any time at https://mailchimp.com/legal/data-processing-addendum/. Further information on Mailchimp can be found on the website https://mailchimp.com/en/. The privacy policy of Mailchimp can be found at https://mailchimp.com/legal/privacy/.

In order to further improve the offer via the newsletter, data on the use and the associated interests of the recipients are collected and processed for statistical purposes. For this purposes, the newsletters sent contain so-called web beacons or tracking pixels, with the help of which we analyse the opening and clicking behaviour of the newsletter subscribers. We use the information received from Mailchimp for the statistical evaluation of our newsletters, for the optimisation and further development of our newsletter content as well as for personalised content in our newsletters.

2. Legal basis for data processing
The legal basis for the processing of the data transmitted in the context of consenting to receive the newsletter and for the temporary storage of the data for the evaluation of success is Art. 6 (1) (a) GDPR. We have an interest in direct advertising and the evaluation of the success of your reaction to the contents of the newsletter in order to be able to successfully stand up in the market. 

3. Purpose of the data processing
The processing of personal data by us and our service provider Mailchimp serves solely to process and send a newsletter and to evaluate the success of a respective newsletter. Anonymised statistics about your use of and reaction to our newsletter help us to better align our offers with the interests of our subscribers. This also constitutes the necessary legitimate interest in processing the data.

4. Duration of storage
Your data is stored on certified Mailchimp servers. Mailchimp uses this information to send and evaluate the newsletter usage on our behalf, as well as for service optimisation. Mailchimp does not use the data itself, for example to contact you, nor does it submit your data  to third parties.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data that you have given to us for the purpose of requesting and sending the newsletter, this is the case when the consent for processing has been revoked. After unsubscribing from the newsletter, all stored data will be deleted.

5. Possibility of objection and removal
You have the option to revoke your consent to the processing of personal data for the receipt of the newsletter at any time. You can unsubscribe from the newsletter at any time. It can be done by sending an e-mail (hello@ioniqskin.com) to us or via a designated unsubscribe link in the newsletter.

VIII. 3 Live Chat "Violet 

1. Description and scope of data processing
We use a chatbot called "Violet" from the provider Novomind AG, Bramfelder Chaussee 45, 22177 Hamburg (hereinafter "Novomind") for our webshop. The agreement on processing on behalf required under data protection law in accordance with Art. 28 GDPR has been concluded with Novomind. In this agreement, Novomind is obliged to protect the data of our users and to process it exclusively on our behalf in accordance with the applicable data protection regulations.

With the help of the chatbot you have the possibility to ask questions about our products and to receive further information about the offers, services and other topics of our webshop. A chatbot is a computer programme that interprets and analyses a written text and automatically responds to the written queries. You also have the option of retrieving generally valid information on predefined topic blocks similar to a FAQ list.

You start our chatbot "Violet" by calling up the chatbot window and activating the chat window by clicking on it. If you have voluntarily activated the chatbot by the described action, we will process your data exclusively for the purposes communicated here.

2. Purpose and legal basis for data processing
The processing of your data provided via the chatbot serves solely to process the contact or to process the complaint or enquiry.

The legal basis for data processing by our chatbot is Art. 6 (1) (a) GDPR. You give your consent by taking a clear active action to launch the chatbot by opening the chatbot window.

3. Duration of storage
We store your personal data only as long as this is necessary to achieve the respective storage purpose. Afterwards, your data will be deleted by us, unless we are obliged to store it for a longer period of time according to Art. 6 (1) (c) GDPR due to tax, commercial or other legal retention or documentation obligations.

4. Possibility of objection and removal
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail or via the form, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation via the chatbot cannot be continued. The revocation can also be made at any time via the contact details under section I. and II. See also our explanations under section "XIII. Rights of the data subject". All personal data stored in the context of the contact via the chatbot will be deleted in this case.

VIII.4 Other contacts in case of need

If necessary, we process personal data of our customers to ensure product safety in the event of defective products, to avoid possible personal injury or property damage and to carry out product recalls or warnings. In addition, we contact you in case of queries regarding product returns. The legal basis for this data processing is Art. 6 (1) (c) and (d) GDPR, i.e. the fulfilment of a legal obligation to which we are subject and the protection of vital interests of the data subject or another natural person.


IX. Jobs / Applications

We link to job advertisements on our website at https://ioniqskin.com/info/career/ to draw attention to vacancies at IONIQ. This data protection declaration does not cover the online recruiting system at https://www.wagner-group.com/de/karriere/ or https://careers.wagner-group.com/ (hereinafter "recruiting system"), which is made available to the companies of the WAGNER GROUP by J. Wagner GmbH, Otto-Lilienthal-Str. 18, 886777 Markdorf, Germany (hereinafter "WAGNER").

The concept for the application process has been defined equally for all companies of the WAGNER GROUP in order to ensure a uniform procedure throughout the Group that complies with data protection law. WAGNER puts great emphasis to the protection of your privacy and that of your personal data as well as the necessary data security and has thus set up the necessary data protection measures. In addition, the uniform system offers you the possibility to centrally manage, edit and delete your application with your login data and to make it available to other companies of the WAGNER GROUP. Your application documents submitted to a company, e.g. IONIQ, can only be viewed by this company as the responsible body for the respective application procedure and processed within the scope of the application process. Only you can make changes to and delete the data provided.

For further information on data processing in the context of your application procedure or for our recruiting system, we therefore refer you to our separate data protection declaration.

Please note that when you are redirected to the recruiting system, you leave our website and cookies and tracking technologies are used within the recruiting system.



X. Website analytics services

We use statistics and analyses services and offers from third-party providers on our website to evaluate and analyse your use of our website and our shop. In the process, personal data is often transmitted to third-party providers or analysed automatically. The type, scope and purpose of this processing of personal data are listed and explained below.

X.1 Google Universal Analytics

1. Description and scope of data processing
In our shop, we have integrated functions of the web analyses service Google Universal Analytics of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google" or "Google Analytics"). 

Google uses so-called "cookies" or "third-party cookies". These are text files that are stored on your computer or the device you are using (tablet, smartphone, etc.) which enables the analyses of your use of our website (see VII. Use of cookies).

The following tracking cookies are set:
(1) _ga (validity: two years),
(2) _gid (validity: 24 hours),
(3) _gat (validity: one minute),
(4) AMP_TOKEN (validity: 1 year),
(5) _gac_... (validity: 90 days). 

Through the features provided in the website analytics services, it is possible for Google to associate data, sessions and interactions across multiple devices with an anonymised user ID and thus analyse the activities of an anonymised user across devices. 

The information generated by the cookies about your use of this website (including your IP address) will also be transmitted to and stored by Google on servers in the United States. It is not excluded that the data processing takes place outside the scope of EU law. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Due to the activation of IP anonymisation on our website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission in order to exclude direct personal reference. Outside the European Union or the European Economic Area, IP anonymisation is not set up by Google on its systems.

We have concluded the required data protection agreement with Google for processing on behalf in accordance with Article 28 GDPR. In this agreement, Google is obliged to protect our users' data and to process it exclusively on our behalf in accordance with the applicable data protection regulations.

More information on the handling of user data with Google Universal Analytics can be found, for example, in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=

2. Purpose and legal basis for data processing
We use the analyses and tracking technologies of Google on the basis of your consent via our cookie banner (Art. 6 (1) (a) GDPR), among other things, to monitor the correct functioning of our website or our offers in our webshop, the KPI reporting within our webshop, to statistically record usage and perform data analyses to optimise the usability, performance and content of our website and our webshop, to debug technical errors to evaluate key performance indicators or for product optimisation.

3. Duration of storage
Sessions are terminated after 30 minutes without activity and campaigns after six months. The time limit for campaigns can be a maximum of two years. 

4. Possibility of revocation, objection and removal
You can object to the collection, storage and use of information by Google at any time with effect for the future via the following channels or revoke your consent given via the cookie banner:

a) You can deactivate the storage of cookies through corresponding settings of your browser so that you are notified as soon as cookies are set. To do this, you must change the necessary settings in the browser menus Preferences or Options. We would like to point out that some areas of our website may then no longer function properly, i.e. only to a limited extent.

b) You can object by installing the deactivation add-on provided by Google. You can find more information on this at https://tools.google.com/dlpage/gaoptout?hl=en.
  
c) You can change your settings for cookie use configured via our cookie banner at any time via the cookie settings (accessible via our website footer). Under the section “Tracking”, you can switch off the relevant cookies or the use of Google Universal Analytics by changing the checkbox.

However, we would like to point out that in the event of deactivation or opt-out, you may not be able to use all the functions of the website to their full extent.


XI. Ads and marketing services for advertising and retargeting

We use third-party advertising and retargeting services and offers on our website. In the process, personal data is often submitted to third-party providers or transmitted automatically. The type, scope and purpose of this processing of personal data are listed and explained below.

XI.1  Use of Google Ads

1. Description and scope of data processing
We use the online advertising programme "Google Ads" from the provider Google to draw attention to our offers in the shop on third-party websites with the help of advertising media (so-called "ads"). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

These advertisements are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our shop via a Google ad, Google will store cookies on your device. These cookies are not intended to identify you personally and lose their validity after 30 days. Usually, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are stored as  values in the cookies.

The following marketing cookies are set by Google:

(6) _Secure-3PSID (validity: 2 years),
(7) SID  (validity: 2 years),
(8) SIDCC  (validity: 1 year),
(9) _Secure-3PAPISID (validity: 2 years),
(10) _Secure-3PSIDCC (validity: 1 month),
(11) APISID  (validity: 2 years),
(12) HSID  (validity: 2 years),
(13) SSID  (validity: 2 years),
(14) _Secure-APISID (validity: 1 month),
(15) SAPISID (validity: 2 years),
(16) IDE  (validity: 1 year),
(17) DV  (validity: 1 month),
(18) DSID  (validity: 1 month),
(19) 1P_JAR (validity: 1 month),
(20) ANID  (validity: 1 year),
(21) NID  (validity: 1 year). 

These cookies enable Google to recognise your internet browser. If a user visits certain pages of an Ads-customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognise that the user has clicked on the ad and has been redirected to that page. A different cookie is assigned to each Google Ads customer. Cookies can therefore not be tracked across Google Ads customers' websites. 

We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify the users based on this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Ads Conversion, Google receives the information that you have visited the corresponding part of our website or clicked on an advertisement from us. If you are registered for a Google service, Google can assign the visit to your account. Even if you are not registered at Google or have not logged in to Google services, it is possible that the provider may obtain and store your IP address.

For information from Google on GoogleAds Conversion: 
In addition to GoogleAds Conversion, we also use Ads Remarketing. This is a procedure with which we would like to re-address you. Through this application, our advertisements can be displayed to you when you continue internet surfing after visiting our website. This is done by means of cookies stored in your browser, which Google uses to record and analyse your usage behaviour when you visit various websites. In this way, Google can determine your previous visit to our website. According to its own statements, Google does not combine the data collected in the context of remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymisation is used in remarketing.

For Google's information on Google Ads Remarketing: https://support.google.com/google-ads/answer/9028179?hl=en.

The data collected by Google is made available to us in aggregated statistics. Here, we learn the total number of users who clicked on an ad and were redirected to a page marked with the Google Ads. This information is used by us to create conversion statistics as well as Custom Audiences and to evaluate these as well. We would like to point out that we do not provide Google with any data for the purpose of carrying out a Custom Audiences process.

2. Purpose and legal basis for data processing
It is important for us to make our website or shop attractive and to increase the interaction with our visitors with the help of this service. We use the advertising and marketing services, in particular the use of Google Ads, for our conversion tracking and remarketing. We use the statistics provided by Google via the GoogleAds service exclusively for the performance measurement of our advertisements in order to measure the success of specific marketing measures. 

The legal basis for the processing of personal data using marketing cookies as well as functions of GoogleAds is based on your consent via the respective cookie settings or our cookie banner (Art. 6 (1) (a) GDPR). 

3. Duration of storage
We will delete the information provided to us by Google after six months at the latest.

4. Possibility of revocation, objection and removal
You can revoke your consent via the cookie banner or object to the collection, storage and use of information by Google at any time with effect for the future via the following channels /:

a) You can deactivate the storage of cookies through corresponding settings or configure your browser so that you are notified as soon as cookies are set. To do this, you must change the necessary settings in the browser menus Preferences or Options. We would like to point out that some areas of our website may then no longer function properly, i.e. only to a limited extent.

b) You can object by installing the deactivation add-on provided by Google. You can find more information on this at https://tools.google.com/dlpage/gaoptout?hl=en.    

c) You can change your settings for cookie use configured via our cookie banner at any time via the cookie settings (accessible via our website footer). Under Marketing, you can switch off the relevant cookies or the use of Google Ads by changing the checkbox.

However, we would like to point out that in the event of deactivation or opt-out, you may not be able to use all the functions of the website to their full extent.


XII. Social media

We use extensions, plug-ins and offers from third-party providers on our website for the uniform presentation of the website and for displaying social media content. In the process, personal data is often submitted to third-party providers or transmitted automatically. The type, scope and purpose of this processing of personal data are listed and explained below.

XII.1 Links to social media networks

Links to the following social networks are integrated on our website:
• Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; privacy policy: https://www.facebook.com/policy.php,
• Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA; privacy policy: https://help.instagram.com/519522125107875,
• YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, Privacy Policy: https://policies.google.com/privacy

When you visit our website, no personal data is initially submitted to the respective providers of the social networks. You can recognise the providers by the marking on the button via the initial letter or the logo. We give you the opportunity to communicate directly with the provider of the respective social network via the button. Only if you click on the marked logo and thereby activate it, the provider will receive the information that you have accessed the corresponding website of our website.

We have no influence on the scope of the data that Facebook, Instagram and YouTube process with the help of this linking and therefore inform you according to our state of knowledge: By establishing the link, the providers receive the information that you have visited the corresponding website from our website. We have no influence on the data collected by and data processing procedures at the providers named above, nor are the full extent of the data collection, the purposes of the processing or the storage periods known. The usage and data protection provisions of the providers apply. The provider stores the data collected about you in terms of usage profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. If you are logged in to services of Facebook, Instagram or YouTube, they can assign the information to your respective account.

The legal basis for the forwarding to the respective linked social network is your given consent pursuant to Art. 6 (1) (a) GDPR by voluntarily clicking on the logo-button of the respective social network.

XII.2 Use of Facebook Pixel

1. Description and scope of data processing
We use the online advertising programme "Facebook Business" and, as part of Facebook Business, the Facebook Pixel. The Facebook Pixel in Facebook Business is an analytics service provided by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; (hereinafter collectively "Facebook").

After you have given your consent to the setting of retargeting/advertising cookies, we integrate a Facebook pixel on our website using the Google Tag Manager and enable Facebook to analyse your surfing behaviour. The Google Tag Manager is a service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"), which enables us to manage so-called website tags via an interface. The Google Tag Manager does not process any personal data and is used solely to display the tags and control the technical measures involved.

Via your visit to our website and the  pixel inserted, a direct connection is established between your browser and a Facebook server. Via the connection, Facebook collects the following information: Your browser type, your device, the website accessed and, for example, the effect of a Facebook ad is stored in this cookiesored on your device. Facebook makes the fact that this information is processed transparent in its privacy policy. We have no influence on the collected data and data processing procedures by Facebook, nor are the full extent of the data collection, the purposes of the processing and the storage periods known. We use the Facebook Pixel and the information generated in this way for a cost-benefit analyses and to optimise our Facebook ads. Facebook provides anonymised statistical evaluations for this purpose.

When you click on an ad placed by Facebook, a cookie for the Facebook Pixel is placed on your respective device. The following cookies are set by Facebook:

(1) _fr (validity: 90 days),
(2) _fbp (validity: 90 days),
(3) tr (validity: session),
(4) oo (validity: 5 years).

For more information on cookies, see section "VI. Use of cookies".

If you visit certain web pages on our website and the cookie has not yet expired, Facebook and we can recognise that you have clicked on one of our ads on Facebook and have been redirected to that page. Each Facebook Business customer receives a different pixel. Thus, there is no way that cookies can be tracked across Facebook Business customers' websites.

The data collected by Facebook using the pixel is made available to us in aggregated statistics. We learn the total number of users who clicked on their ad and were redirected to a page with a Facebook pixel. We use this information to create conversion statistics as well as Custom Audiences or Lookalike Audiences and also evaluate these. We would like to point out that we do not provide Facebook any data for carrying out a Custom Audiences process and do not carry out any list matching.

If you are logged in to Facebook with your profile, Facebook can link the information obtained via the pixel to your profile. Further information on data processing can be found in Facebook's privacy policy at http://www.facebook.com/policy and on the Facebook pixel at https://www.facebook.com/business/learn/facebook-ads-pixel.

2. Purpose and legal basis for data processing
It is important for us to make our website attractive and to increase the interaction with our visitors using the service. We use our advertising and marketing services, in particular the use of the Facebook Pixel, for our conversion tracking and remarketing. With the help of the Facebook Pixel, a cost-benefit analyses of placed Facebook ads as well as the optimisation of our ad placement is possible. The processing, i.e. the activation of the pixel as well as the setting and evaluation of information stored in cookies, takes place exclusively on the basis of your consent given in the cookie banner for the setting of retargeting or advertising cookies (Art. 6 (1) (a) GDPR).

3. Duration of storage
Sessions are terminated after 30 minutes without activity and campaigns after three months. The time limit for campaigns can be a maximum of one year.

4. Possibility of revocation, objection and removal
You can object to the collection, storage and use of information by Facebook at any time with effect for the future via the following channels or withdraw your consent via the cookie banner:

a) You can deactivate the storage of cookies through corresponding settings or configure your browser so that you are notified as soon as cookies are set. To do this, you must change the necessary settings in the browser menus Preferences or Options. We would like to point out that some areas of our website may then no longer function properly, i.e. only to a limited extent.

b) You can object to the creation of user profiles for registered Facebook users by contacting Facebook directly to exercise this right. As a Facebook member, you can edit your Facebook settings at https://www.facebook.com/settings?tab=ads and object to the collection of data using Facebook pixels. In addition, we would like to point out that you can prevent assignments to your profile by logging out of your respective social media profile before visiting the website and additionally deleting the cookies used by the social media platform.

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: YourOnlineChoices.eu- Your ad choices

c) You can change your settings for cookie use configured via our cookie banner at any time via the cookie settings (accessible via our website footer). Under Marketing, you can switch off the relevant cookies or the use of the Facebook Pixel by changing the checkbox.

However, we would like to point out that in the event of deactivation or opt-out, you may not be able to use all the functions of the website to their full extent.


XIII. Rights of the data subjects

If your personal data is processed, you are a data subject within the meaning of GDPR and you have the following rights with respect to the controller.

1. Right to information
You may request confirmation from the controller as to whether personal data concerning you are being processed by him. If such processing is taking place, you can ask the controller for the following information:

(1) the purposes for which the personal data are processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage duration;
(5) the existence of a right to rectify or erase personal data concerning you, a right to have processing restricted by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.

To exercise your right to free information, please contact us directly using the contact details provided in our imprint or contact our data protection officer (see sections I and II).

2. Right of rectification
You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

3. Right to restrict processing
You may request the restriction of the processing of personal data concerning you under the following conditions:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data,
(2) the processing is unlawful and you refuse to erase the personal data and instead request the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims, or
(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.

Where the processing of personal data relating to you has been restricted, those data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to delete

You may request the controller to erase the personal data concerning you without undue delay and the controller is subsequently obliged to erase this data without undue delay if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing is based pursuant to Art. 6 (1) (a) and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) The personal data concerning you has been processed unlawfully.
(5) The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject. 
(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.

c) Exceptions

The right to erasure does not exist insofar as the processing is necessary

(1) to exercise the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for the assertion, exercise or defence of legal claims.

5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right against the controller to be informed about these recipients.

6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that 

(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR and 
(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons. 

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) GDPR.

In addition, you have the right to object at any time to the processing of your personal data for direct marketing purposes; this also applies to profiling insofar as it is associated with such direct marketing.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. 

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The data protection authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg, Königstraße 10a, 70171 Stuttgart (postal address: Postfach 102932, 70025 Stuttgart). Further information at https://www.baden-wuerttemberg.datenschutz.de/


XIV. Automated individual decision-making and profiling

As a responsible company, we do not carry out profiling or use automatic individual decision-making.


XV. Links to other websites

This declaration on data protection applies exclusively to the website or shop at https://ioniqskin.com/. The Internet pages on this website may contain links to Internet pages of other companies that are associated with us or third parties. Our data protection declaration does not extend to these websites. When you leave the website, we recommend that you carefully read the privacy policy of any website that collects personal data.


XVI. Security

We take the necessary security measures to protect your personal data against unlawful or accidental access, deletion, alteration or loss and against unauthorised disclosure. We encrypt your data during transmission via our website and use so-called SSL (Secure Socket Layer) or TLS (Transport Layer Security) connections. We secure our website and our other systems and personal data through appropriate technical and organisational measures, in particular against loss, destruction, unauthorised access, modification or disclosure to third parties.


XVII. Availability and changes

You can view this privacy policy at any time on our website / in our webshop. In addition, you can save or print out this data protection declaration by using the corresponding functions of your browser.

We reserve the right to change this privacy policy from time to time or to adapt it to legal requirements and therefore ask you to check the current privacy policy each time you visit our website.


Version: July 2021