Privacy Policy (EU-GDPR)

 

DALTON COSMETICS GERMANY GmbH is a company registered in Germany (collectively referred to as "DALTON", "we" or "us" in this policy).

 


 

OVERVIEW

Maintaining the security of your data is a priority at DALTON, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. DALTON is also dedicated to being transparent about what data we collect about you and how we use it.

This policy provides you with information about:

- how we use your data;

- what personal data we collect;

- how we ensure your privacy is maintained; and

- your legal rights relating to your personal data.

 


 

HOW WE USE YOUR DATA

GENERAL

DALTON uses your personal data:

- to provide goods and services to you;

- to make a tailored website available to you;

- to manage any registered account(s) that you hold with us;

- to verify your identity;

- for crime and fraud prevention, detection and related purposes;

- with your agreement, to contact you electronically about promotional offers and products and services which we think may interest you;

- for market research purposes - to better understand your needs;

- to enable DALTON to manage customer service interactions with you; and

- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).

 

PROMOTIONAL COMMUNICATIONS

DALTON uses your personal data for electronic marketing purposes (with your consent) and may send you postal mail to update you on the latest DALTON offers.

DALTON aims to update you about products, services and limited offers which are of interest and relevance to you as an individual.

You have the right to opt out of receiving promotional communications at any time, by:

1. making use of the simple “unsubscribe” link in emails; and/or

2. contacting DALTON via the contact channels set out in this Policy.

 

WEB BANNER ADVERTISING

If you visit our website, you may receive personalized banner advertisements. Any banner advertisements you see will relate to products you have viewed whilst browsing our website.

These advertisements are provided by DALTON via market leading online providers using ‘cookies’ placed on your computer or other devices (see further information on the use of cookies in our Cookie Policy). You can remove or disable cookies at any time - see below for further information.

 

SHARING DATA WITH THIRD PARTIES

OUR SERVICE PROVIDERS AND SUPPLIERS

In order to make certain services available to you, we may need to share your personal data with some of our online service partners.

DALTON only allows its online service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to DALTON and to you, and for no other purposes.

The newsletter software DALTON uses is Sendinblue. Your data will be transmitted to Sendinblue GmbH. Sendinblue is prohibited from selling your data and using it for purposes other than sending newsletters. Sendinblue is a certified German provider selected in accordance with the requirements of the EU General Data Protection Regulation (GDPR) and the German Bundesdatenschutzgesetz (BDSG). Find more information here: de.sendinblue.com/informationen-newsletter-empfaenger/.

 

OTHER THIRD PARTIES

Aside from our online service providers, DALTON will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organizations for marketing purposes.

We may share your data with:

- governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:

- to comply with our legal obligations;

- to exercise our legal rights (for example in court cases);

- for the prevention, detection, investigation of crime or prosecution of offenders; and

- for the protection of our employees and customers.

 

INTERNATIONAL TRANSFERS

To deliver products and services to you, it is sometimes necessary for DALTON to share your data outside of the European Economic Area. This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws.

If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers. Those clauses can be accessed here: https://ec.europa.eu/info/law/law-topic/data-protection_en.

 

HOW LONG DO WE KEEP YOUR DATA?

We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 10 years.

 

 

WHAT HAPPENS WHEN YOU PROVIDE US WITH DATA OF THIRD PARTIES?

We offer functionalities or services that require us to process the personal data of a third party that you provide, such as in the case of sending a Gift Card. If you provide us with personal data of third parties, you confirm that you informed them of the purposes and of the manner in which we need to process their personal data.

 


 

WHAT PERSONAL DATA DO WE COLLECT?

DALTON may collect the following information about you:

 

- your name, age/date of birth and gender;

- your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;

- purchases and orders made by you;

- your skin, skin concerns, skin care habits;

- your on-line browsing activities on DALTON websites;

- your communication and marketing preferences;

- your interests, preferences, feedback and survey responses;

- your correspondence and communications with DALTON.

 

Our websites are not intended for children and we do not knowingly collect data relating to children.

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an on-line account on our website, or send an email to our customer services team. Other personal data is collected indirectly, for example your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.

 


 

HOW WE PROTECT YOUR DATA

DALTON is committed to keeping your personal data safe and secure.

 

Our security measures include:

- encryption of data;

- regular cyber security assessments of all service providers who may handle your personal data;

- regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;

- security controls which protect the entire IT infrastructure from external attack and unauthorized access; and

- internal policies setting out our data security approach and training for employees.

 


 

WHAT YOU CAN DO TO HELP PROTECT YOUR DATA

DALTON will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from DALTON asking you to do so, please ignore it and do not respond.

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety both in relation to DALTON and more generally:   

- keep your account passwords private. Remember, anybody who knows your password may access your account.

- when creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. You can do this by accessing your account, clicking ‘overview’ and selecting ‘change password’.

- avoid using the same password for multiple online accounts.

 


 

YOUR RIGHTS

You have the following rights:

- the right to ask for a copy of personal data that we hold about you (the right of access);

- the right (in certain circumstances) to request that we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure or to be forgotten);

- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);

- the right to opt out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reasons to do so (the right to object);

- the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and

- the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organization (the right to data portability).

 

If you wish to exercise any of the above rights, please contact us using the contact details set out below.

 


 

LEGAL BASIS FOR USING DATA

GENERAL

DALTON collects and uses customers’ personal data because it is necessary for:

-          the pursuit of our legitimate interests (as set out below);         

-          the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or

-          complying with our legal obligations.

 

In general, we only rely on consent as a legal basis for processing personal data in relation to sending direct marketing communications to customers via email or text message.

 

Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

 

OUR LEGITIMATE INTERESTS

The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of DALTON, including:

 

-          selling and supplying goods and services to our customers;

-          protecting customers, employees and other individuals and maintaining their safety, health and welfare;

-          promoting, marketing and advertising our products and services;

-          sending promotional communications which are relevant and tailored to individual customers;

-          understanding our customers’ behavior, activities, preferences, and needs;

-          improving existing products and services and developing new products and services;

-          complying with our legal and regulatory obligations;

-          preventing, investigating and detecting crime, fraud or anti-social behavior and prosecuting offenders, including working with law enforcement agencies;

-          handling customer contacts, queries, complaints or disputes;

-          managing insurance claims by customers;

-          protecting DALTON, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to DALTON;

-          effectively handling any legal claims or regulatory enforcement actions taken against DALTON; and

-          fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.

 


 

COOKIE POLICY

Cookies are text files that are stored on the user’s computer when they visit a website. They serve to make your online experience more user-friendly and effective overall. There are different categories of cookies, which we describe in the following paragraphs.

The use of optional cookies is based on your consent (Art. 6(1) lit. a DSGVO).

 

COOKIE CATEGORIES

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Functional Cookies

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

 

 

TYPES OF COOKIES

We use the following necessary/functional and analytical/performance-related cookies on our website:

 

(1)   Cookie Name: OptanonConsent

Description:      This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor.

Lifetime: 365 Days

 

(2)   Cookie Name: _dc_gtm_UA-xxxxxxxx

Description:      This cookie is associated with sites using Google Tag Manager to load other scripts and code into a page.  Where it is used it may be regarded as Strictly Necessary as without it, other scripts may not function correctly. The end of the name is a unique number which is also an identifier for an associated Google Analytics account.

Lifetime: 1 Minute

 

(3)   Cookie Name: _ PHPSESSID

Description:      PHP session cookie associated with embedded content from this domain.

Lifetime: 1 Day

 

(4)   Cookie Name: _gid

Description:      This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google.  It appears to store and update a unique value for each page visited.

Lifetime: 1 Day

 

(5)   Cookie Name: SNS

Description:      This cookie is associated with analytics and customization. It collects information to help website owners better understand how their sites are being used.

Lifetime: 1 Minute

 

(6)   Cookie Name: _ga

Description:      This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.  By default it is set to expire after 2 years, although this is customisable by website owners.

Lifetime: 730 Days

 

(7)   Cookie Name: _gclxxxx

Description:      Google conversion tracking cookie

Lifetime: 90 Days

 

(8)   Cookie Name: _gat_UA-

Description:      This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.

Lifetime: 1 Minute

 

(9)   Cookie Name: SNC

Description:      This cookie is associated with analytics and customization. It collects information to help website owners better understand how their sites are being used.

Lifetime: 365 Days

 

(10)Cookie Name: __unam

Description:      This cookie is usually associated with the ShareThis social sharing widget placed in a site to enable sharing of content across various social networks. It counts clicks and shares of a page.

Lifetime: 274 Days

 

(11)Cookie Name: mage-translation-storage

Description:      This cookie is used to facilitate content caching on the browser to make pages load faster.

Lifetime: 1 Minute

 

(12)Cookie Name: mage-cache-storage-section-invalidation

Description:      This cookie is used to facilitate content caching on the browser to make pages load faster.

Lifetime: 1 Day

 

(13)Cookie Name: private_content_version

Description:      This cookie is used to facilitate content caching on the browser to make pages load faster.

Lifetime: 10 Years

 

(14)Cookie Name: section_data_ids

Description:      This cookie is used to facilitate content caching on the browser to make pages load faster.

Lifetime: 1 Day

 

(15)Cookie Name: form_key

Description:      This cookie is used to facilitate content caching on the browser to make pages load faster.

Lifetime: 1 Minute

 

(16)Cookie Name: _fbp

Description:      Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.

Lifetime: 90 Days

 

(17)Cookie Name: YSC

Description:      YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites.

Lifetime: 1 Minute

 

(18)Cookie Name: GPS

Description:      YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites.

Lifetime: 1 Minute

 

(19)Cookie Name: fr

Description:      Contains browser and user unique ID combination, used for targeted advertising.

Lifetime: 90 Days

 

(20)Cookie Name: test_cookie

Description:      This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange.

Lifetime: 1 Minute

 

(21)Cookie Name: VISITOR_INFO1_LIVE

Description:      This cookie is used as a unique identifier to track viewing of videos.

Lifetime: 180 Days

 

(22)Cookie Name: NID

Description:      This domain is owned by Google Inc. Although Google is primarily known as a search engine, the company provides a diverse range of products and services. Its main source of revenue however is advertising. Google tracks users extensively both through its own products and sites, and the numerous technologies embedded into many millions of websites around the world. It uses the data gathered from most of these services to profile the interests of web users and sell advertising space to organisations based on such interest profiles as well as aligning adverts to the content on the pages where its customer's adverts appear.

Lifetime: 183 Days

 

(23)Cookie Name: IDE

Description:      This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange.

Lifetime: 390 Days

 

(24)Cookie Name: recently_viewed_product

Description:      Stores product IDs of recently viewed products for easy navigation.

Lifetime: 1 Day

 

(25)Cookie Name: mage-translation-file-version

Description:      Tracks the version of translations in local storage.

Lifetime: 1 Minute

 

(26)Cookie Name: recently_viewed_product_previous

Description:      Stores product IDs of recently previously viewed products for easy navigation.

Lifetime: 1 Day

 

(27)Cookie Name: recently_compared_product_previous

Description:      Stores product IDs of previously compared products for easy navigation.

Lifetime: 1 Day

 

(28)Cookie Name: recently_compared_product

Description: Stores product IDs of recently compared products.

Lifetime: 1 Day

 

(29)Cookie Name: product_data_storage

Description:      Stores configuration for product data related to Recently Viewed / Compared Products.

Lifetime: 1 Day

 

(30)Cookie Name: X-Magento-Vary

Description:      Configuration setting that improves performance when using Varnish static content caching.

Lifetime: 1 Day

 

 

(31)Cookie Name: mage-messages

Description:      Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages. The message is deleted from the cookie after it is shown to the shopper.

Lifetime: 1 Day

 

(32)Cookie Name: mage-banners-cache-storage

Description:      Stores banner content locally to improve performance.

Lifetime: 1 Day

 

(33)Cookie Name: mage-cache-sessid

Description:      The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the Admin cleans up local storage, and sets the cookie value to true.

Lifetime: 1 Day

 

(34)Cookie Name: __cfduid

Description:      This describes if this specific cookie or localStorage is responsible for sharing, collecting or storing personal data. The retention period shows the length at which data is stored.

Lifetime: 30 Days

 

(35)Cookie Name: _pinterest_ct_rt

Description:      This cookie only contain a user id and the timestamp at which the cookie was created.

Lifetime: 365 Days

 

(36) Cookie Name: chatchamp-visitor-id

Description: Chatchamp is a chatbot software that helps website visitors to find the right products in the online store. The cookie stores the chat history, visited web pages and products ordered.

Lifetime: 4 Weeks 2 days

 

 

HOW DO I DISABLE COOKIES?

If you want to disable cookies you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers are set out below:

 

For Microsoft Internet Explorer:

Choose the menu “tools” then “Internet Options”

Click on the “privacy” tab

Select the appropriate setting

 

For Google Chrome:

Choose Settings> Advanced

Under "Privacy and security," click “Content settings”.

Click “Cookies” and select the relevant options

 

For Safari:

Choose Preferences > Privacy

Click on “Remove all Website Data”

 

For Mozilla Firefox:

Choose the menu “tools” then “Options”

Click on the icon “privacy”

Find the menu “cookie” and select the relevant options

 

WHAT HAPPENS IF I DISABLE COOKIES?

This depends on which cookies you disable, but in general the website may not operate properly if cookies are switched off or you do not receive the most appropriate information for you needs. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to complete a purchase on our sites.

 

GOOGLE TAG MANAGER

We use the Google Tag Manager on our website.

The Google Tag Manager helps us to integrate various codes and services on our website in an organized and simplified manner. Der Google Tag Manager implements tags or triggers integrated tags. When it triggers a tag, Google may process information (including personal data).

In particular, the following pieces of personal data are processed by Google Tag Manager:

 

Online markers (including cookie identifiers)

IP address

 

You can find more detailed information about the Google Tag Manager on https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

If you have deactivated certain tracking services (for example by rejecting a cookie), the deactivation persists for all tracking tags implemented by Google Tag Manager.

Information about this third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

 


 

CHATCHAMP

Communicating via the chat widget on the website uses the service of chatchamp UG (limited liability) (hereinafter referred to as "Chatchamp"). In the process, the conversation data is forwarded to the servers of Chatchamp and evaluated there. This may include the following data, among others: Conversation histories, first and last names and answers to questions asked in the chat. This data is required to enable personalized communication.

You can object to the processing of data by Chatchamp by rejecting the privacy notice [in the chat/on the website].

Further information on data protection at Chatchamp can be found at https://www.chatchamp.com/privacy/.

 


 

YOUTUBE

Our website includes embedded videos hosted by Youtube (“Third party services”). Youtube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). The embedded Youtube videos on our website have privacy-enhanced mode enabled, which means that Youtube will not store information about visitors of the website, unless they play the video. Please refer to Youtube’s privacy policy for more information regarding the purpose and scope of data collection, processing and use by Youtube as well as your rights and available settings for protecting your privacy: https://www.youtube.com/static?template=terms.

 

View Google’s privacy policy here: https://policies.google.com/privacy

 


 

PAYMENT

1. We offer the following payment options for your purchase in our online shop: PayPal, credit card (Mastercard, Visa), Klarna pay later, pay now, pay in instalments and direct debit.

2. For the payment methods Klarna pay later, pay now, pay in instalments and direct debit, the personal data is entered on the pages of the Klarna Group after completing the order. Please note the data protection provisions on the Klarna website, which you can find here.

 


DATA PROTECTION OFFICER

DALTON has appointed a Data Protection Officer to ensure we protect the personal data of our customers (and others) and comply with data protection legislation.

 

If you have any questions about how DALTON uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact our Data Protection Officer’s team by

- e-mail: dpo@dalton-cosmetics.com or

- write to:

DALTON COSMETICS GERMANY GmbH
Data Protection Officer
Hauptstrasse 6
94571 Schaufling
GERMANY

 


 

UPDATES

This policy was last updated in May 2022.