Data Protection

1. Declaration Website
2. Data Protection Declaration Social Media

1. General

1. Personal Data (Art. 4 Nr. 1 GDPR)

Subject to the data protection law is personal data. This means any information relating to an identified or identifiable natural person. This includes, for example, information such as name, address, profession, e-mail address, state of health, income, marital status, genetic characteristics, telephone number and, where applicable, user data such as the IP address.

1.2 Controller (Art. 4 Nr. 7 GDPR)

Controller in terms of the GDPR for processing your personal data in the context of the use of the website www.gloriellas.com (hereinafter website) is Gaby Wurth (hereinafter operator or controller). The contact details are:

Gaby Wurth Health & Beauty

Von-Keppenbach-Str. 20
77955 Ettenheim

phone: +49 (0) 171 - 8037275
mail: kontakt@gloriellas.com

1.3 Right to object

If you wish to object to the processing of your data by the operator in accordance with this data protection declaration as a whole or for individual measures, you can do so using the contact details given in the imprint. Please note that in case of such an objection, the use of the website and the retrieval of the services offered through it may only be possible to a limited extend or not at all.

2. Scope and purposes of data processing, legal basis, provision of data and duration of storage

2.1 Access and use of the website

Every time the website and its sub-pages are accessed, usage data is transmitted by the respective Internet browser and stored in log files (server log files). The data records stored in this process contain the following data: date and time of access, name of the accessed subpage, IP-address, referrer URL (the URL from which you came to the website), amount of the data transmitted and product and version information of the browser you used.

The lawfulness of this processing is based on Art. 6 para. 1 b), f) GDPR (user relationship, legitimate interest). The legitimate interest of the operator lies in the provision of a website with information, the offering of services to customers, the online processing of contracts and the optimization of website operation. The data processed by the operator is required to enable you to use the website.

The log files are evaluated by the operator in anonymized form in order to further improve the website and make it more user-friendly, to find and correct errors faster and to control server capacities. For example, it can be traced at which time the use of the website is particularly popular and the operator can provide the appropriate data volume.

Your IP address will be deleted or made anonymous after the end of use. In the case of anonymization, the IP addresses are changed in such a way that they can no longer be assigned to a specific or determinable or identified or identifiable natural person, or only with a disproportionate expenditure of time, cost and workforce.

The website is hosted by Profihost GmbH, Expo Plaza 1, 30539 Hannover (hereinafter "Profihost"). Profihost acts as an external service provider and processor in terms of Art. 28 GDPR for the controller. Thus, those personal data that are collected on this website are stored on the servers of Profihost. The legal basis for the incorporation of the hosting service provider is Art. 6 para. 1 f) GDPR (legitimate interest). The legitimate interest of the operator lies in the reliable and secure provision of its Internet presence.

2.2 Contact form an e-mail on click

If you wish to get in touch with the operator, a contact form is available. Within this form you have to provide the following information: e-mail address, message (topic and comment), title. Furthermore you can provide the following information: first name, last name, phone.

In some places on the website, you also have the option of opening an e-mail addressed to the operator with just one click. In this case, the e-mail address that is linked to your e-mail program is automatically used as the sender. If you do not want your e-mail address to be retrieved in this way, you can change this in your settings of your respective e-mail program.

The lawfulness of this processing is based on Art. 6 para. 1 b) GDPR (pre-contractual measure). The provision of the data is necessary, otherwise you will not be able to send the operator any message and your request cannot be serviced.

If a contract is concluded between you and the operator, the duration of storage is determined by the applicable legal storage obligations. If no contract is concluded, your personal data will be deleted after a maximum of 30 days. In individual cases, the data can be stored longer if the operator has an predominant legitimate interest in this.

2.3 Newsletter

To receive further information about the services of the operator, you can additionally subscribe to an e-mail newsletter. The so-called double opt-in procedure is being used for sending the newsletter. This means. you will only receive a newsletter by e-mail if you have previously expressly confirmed that the newsletter service should be activated. After you have activated the newsletter, you will receive a notification e-mail with an activation link. Only by clicking on this link you will receive the newsletter. You can deactivate the newsletter at any time. To do so, contact the operator or use the unsubscribe link provided in each newsletter.

The lawfulness of this processing is based on Art. 6 para. 1 a) GDPR (consent). The provision of the data is voluntary, but necessary for reception of the newsletter.

Your data will be deleted after you withdraw your consent, except the controller has a predominant legitimate interest in the continuing storage of your data. This may be the case if the operator must continue to store your data due to a contract with you. In any case, only those data will continue to be stored which are really required to achieve the intended purpose.

You can withdraw your consent in this processing here.

2.4 Usage of cookies

The operator uses so-called cookies. These are small data packages, usually consisting of letters and numbers, which are stored on a browser when you visit certain websites. The cookies allow the website to recognize your browser, follow you as you browse through different sections of the website and identify you when you return to the website. Cookies do not contain any data that identifies you personally, but the information stored by the operator about you can be associated with the data received from and stored in the cookies.

Information that the operator receives from you by using cookies can be used for the following purposes:

· Recognition of the user computer when visiting the website

· Tracking of the user’s browsing activities on the website

· Improvement of the usability of the website

· Evaluation of the use of the website

· Website operation

· Prevention of fraud and improvement of website security

· Individual design of the website taking into account the users’ needs.

Cookies do not cause any damage on a browser. They do not contain viruses and do not allow the operator to spy on you. 2 types of cookies are used:

· Temporary cookies are automatically deleted when you close your browser (session cookies).

· Permanent cookies, of the other hand, have a longer lifetime of up to 2 years. This type of cookies allows you to be recognized when you return to the website after leaving it.

With the help of cookies, it is possible for the operator to track your usage behavior for the above-mentioned purposes and to the appropriate extent. They should also enable you to surf the operator's website in an optimized way. The operator also collects this data only in anonymous form. The lawfulness of this processing is based on Art. 6 para. 1 f) GDPR (legitimate interest). The legitimate interest of the operator lies in the optimized presentation of his website.

As far as a technically necessary cookie is stored in your browser, the permissibility of this processing is governed by Section 25 para. 2 No. 2 TTDSG, according to which the storage of information in the end user's terminal equipment is permissible if it is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.

The provision of the data is necessary to be able to call up the operator's website without errors. If you do not accept cookies or delete cookies that have already been set, this can lead to functional limitations of the website.

2.5 Usage of tracking tools

Google Tag Manager

The operator uses the Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to monitor the stability, performance and quality of the website.

In some cases, the data may also be transferred to servers in the USA. The transfer of your personal data to the USA is carried out using standard data protection clauses pursuant to Art. 46 para. 2 c) GDPR which were issued by the European Commission pursuant to Art. 93 para. 2 GDPR. Information on the standard data protection clauses can be found on the website of the European Commission (https://ec.europa.eu/info/index_de). Further information can be found directly at Google.

This use of the data is anonymized or pseudonymized. You can find more information about this directly at Google.The lawfulness of this processing is based on Art. 6 para. 1 a) GDRP (consent).

The personal data collected will be deleted unless the controller has a legitimate interest in its continued storage. In any case, only those data will continue to be stored which are really required to achieve the intended purpose. As far as possible, the personal data will be anonymized.

The provision of the data is neither contractually nor legally required. Without the provision, Google Ads cannot be used. You can withdraw your consent here.

2.6 Adobe Fonts

The operator uses external fonts via Adobe Fonts on the website. These are offered by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA. The fonts are used to better display the offer and the website of the operator.

In this process, various personal data is collected, such as the IP address, and transmitted to Adobe's servers. Data may also be transferred to the United States and other third countries. Adobe guarantees that data is transferred to the United States and other third countries in compliance with applicable law. The transfer of data takes place using standard data protection clauses in accordance with Art. 46 para. 2 c) GDPR, which were issued by the European Commission in accordance with Art. 93 para. 2 GDPR. Information on the standard data protection clauses can be found on the website of the European Commission (https://ec.europa.eu/info/index_de). For more information, please contact Adobe directly.

The lawfulness of this processing is based on Art. 6 para. 1 a) (consent). The consent can be withdrawn at any time with effect for the future.

The provision of the data is neither contractually nor legally required. Without the provision, the website will be displayed in another font.

The operator does not store any personal data about the integration of Google Fonts. The data is stored and transmitted by Adobe in accordance with its own privacy policy. For further information, please refer to Adobe's privacy policy and terms of use.

2.7 reCAPTCHA

The Google service reCAPTCHA is integrated on the website for forms, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This is intended to contribute to the security of the website and to distinguish between a natural person and a machine when entering data.

In this process, various personal data is collected, such as the IP address, and transmitted to Google in Ireland. Data may also be transferred to the United States. The transfer of data takes place using standard data protection clauses in accordance with Art. 46 para. 2 c) GDPR, which were issued by the European Commission in accordance with Art. 93 para. 2 GDPR. Information on the standard data protection clauses can be found on the website of the European Commission (https://ec.europa.eu/info/index_de). For more information, please contact Google directly.

Further information can be found in the terms of use and the privacy policy of Google.

The lawfulness of this processing is based on Art. 6 para. 1 f) GDPR (legitimate interest). The legitimate interest of the operator is the secure use of the website.

The provision of the data is neither contractually nor legally required. Without the provision, the forms cannot be used by you.

The operator does not store any personal data about the integration of reCAPTCHA. The personal data collected by Google will be deleted unless Google has a legitimate interest in its continued retention. In any case, only those data will continue to be stored which are really required to achieve the intended purpose. As far as possible, the personal data will be anonymized. The data is stored by Google in accordance with its own data protection provisions. Further information on this can be found in Google's privacy policy and terms of use.

2.8 YouTube

The Operator uses videos from YouTube on the website. YouTube is a service of and provided by YouTube LLC (“YouTube”), 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, further information about the website use (e.g. date and time of access, IP address etc.) may be transferred to Google servers (probably in a third-country such as the USA) and stored there. This occurs regardless of whether YouTube provides a user account that you are logged in or whether there is no user account. The transfer of your personal data to the USA is carried out using standard data protection clauses pursuant to Art. 46 para. 2 c) GDPR, which were issued by the European Commission pursuant to Art. 93 para. 2 GDPR. Information on the standard data protection clauses is available on the European Commission’s website. You will find further information at Google.

The data is used by Google for the purposes of advertising, market research and/or designing its website to meet specific needs. This can also be a link to your account provided you are logged in there. If you do not want this, you need to log out before use. Google’s terms of use and privacy provisions apply.

The Operator uses YouTube videos in order to provide you with different videos on various topics.

The lawfulness of the processing is based on Art. 6 para. 1 f) GDPR (legitimate interest). The legitimate interest of the operator lies in the provision of further information, including audiovisual information, which the customer can access as needed and requested.

The provision of the data is not legally required. Without the provision, you cannot watch the videos.

2.9 Webshop & registration

The controller runs a webshop on the website. In this you can view and purchase the products of the operator. For this purpose, the entry of the following personal data is necessary:

· title

· first name

· last name

· adress

· postal code

· place

· country

· e-mail adress and passwort

Furthermore you can provide following information:

· federal state

During the ordering process you have the possibility to create a customer account with the entered data. For this purpose, the assignment of an individual password is necessary. The customer account is linked to the e-mail address. You are not obliged to do this. You have the option to place the order as a guest. Then no customer account will be created. The controller uses the personal data provided to process the order.

The lawfulness of this processing is based on Art. 6 para. 1 b) GDPR (contract/ pre-contractual measure). The provision of the data is required, otherwise you cannot place your order. In terms of the registration you are not obliged to provide the data. You can purchase the products of the controller without a customer account (guest account).

The processed personal data will be deleted after the expiry of the legal storage obligations unless the controller has a legitimate interest in the further storage.

As a payment option, the services of the payment service provider PayPal are available to you. PayPal is a payment service of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal uses the personal data entered by you to carry out the payment process. Data may be transferred to countries outside the European Economic Area and to Switzerland. PayPal has adopted Binding Corporate Rules for this purpose, which you can find here https://www.paypal.com/de/webapps/mpp/ua/bcr?locale.x=de_DE.

In all other respects, the data protection provisions of PayPal apply: https://www.paypal.com/de/webapps/mpp/ua/privacy-prev?locale.x=de_DE.

Furthermore, PayPal also offers you the option of express checkout. If you use this, the contact, address and payment information you have provided to PayPal will be automatically transmitted to us.

However, you can also make the payment by SofortÜberweisung and credit card.

3. Rights of the data subject

You have the following rights: You have a right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) as well as data portability (Art. 20 GDPR).

You have the right to lodge a complaint with a supervisory authority. (e.g.. Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart).

If your personal data is processed on the basis of Art. 6 para. 1 f) GDPR, you have the right to object, on grounds relating to your particular situation or the objection is directed against direct marketing purposes (Art. 21 GDPR). If you object to direct marketing purposes, the operator will no longer send you promotional messages.

Any consent given for the processing of personal data can be withdrawn at any time with effect for the future. However, the lawfulness of the processing based on the consent (e.g. newsletter, evaluation of your usage data for analysis purposes) until the withdrawal remains unaffected.

For your communication, please use the contact address of the controller given in the imprint.

4. Recipients

The data collected when calling up and using the website and the information you provide when contacting us are transmitted to the server of the operator and stored there. Furthermore, your data may be passed on to persons at the responsible party who are involved in the processing ('administrator', 'customer service'). Other potential recipients are processors (e.g. data processing center), contractual partners of the operator (e.g. tax advisors), the German Federal Bank, the Federal Financial Supervisory Authority, the European Banking Authority, the European Central Bank, law enforcement agencies and supervisory authorities. The transfer to these recipients takes place either on the basis of a legal obligation of the operator, for the processing of your contract or within the framework of processing in terms of Art. 28 GDPR.

5. Links to third party websites

When you visit the website, content may be displayed that is linked to the websites of third parties. The operator has no access to the cookies or other functions used by third party sites, nor can the operator control them. Such third-party sites are not subject to the operator's privacy policy.

II. Data Protection Declaration SocialMedia

1. General and scope of use

This data protection declaration applies to the following profiles on Facebook and Instagram (hereinafter together referred to as “fanpage”) and to the following YouTube-channel:

https://www.instagram.com/gloriellas.official/

https://de-de.facebook.com/GLORIELLAS.OFFICIAL

https://www.youtube.com/@GLORIELLAS

The fanpage is provided to the operator by Meta Platforms Ireland Limited. (hereinafter referred to as "Meta Ireland") and the operator administers it with a corresponding user account. Via the fanpage the operator has the opportunity to present himself to the users of Facebook and Instagram and to get in contact with you.

Whilst use of the fanpage, so-called insights data (page insights) is collected. This is anonymized data, with the help of which the operator is able to view statistical evaluations of the use of the fanpage.

Personal data is also processed when this insights data is collected. This processing is the joint responsibility of Meta Ireland and the operator in terms of Art. 26 GDPR. The essential content of the agreement concluded between Meta Ireland and the operator is explained below.

2. Controller

Controller in terms of the GDPR for the processing of your personal data is Gaby Wurth (“operator”):

The contact details of the operator are:

Gaby Wurth

Gaby Wurth Health & Beauty

Von-Keppenbach-Strasse 20
77955 Eppenheim

phone: +49 (0) 7822 300 5086
e-mail: kontakt@gloriellas.com

Regarding the processing operations in the context of the use of the fanpage, there is a joint controllership with Meta Ireland:

The contact details of Meta Ireland are: Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4 Irland. Meta Ireland is represented by Richard Kelley.

3. Data protection officer

The operator is under no legal obligation to appoint a data protection officer.

Meta Ireland has appointed a data protection officer. You can contact this person here.

4. Degree of responsibility

Meta Ireland assumes primary responsibility for the processing of insights data on the operator's fanpage: https://www.facebook.com/legal/terms/page_controller_addendum.

5. Right to object

If you wish to object to the processing of your data by the operator in accordance with this data protection declaration as a whole or for individual measures, you can do so by sending a personal message via the fanpage or the YouTube-channel. You can also object to the processing of insights data directly to Meta Ireland. You can also object to the processing of data by Meta Ireland by contacting the operator. Your objection will be passed on immediately.

Please note that in case of such an objection, the use of the social media channels and the retrieval of the services offered through it may only be possible to a limited extend or not at all.

6. Scope of processing on the fanpage (Facebook & Instagram)

6.1 Page insights

When calling up and using the fanpage, statistics on the access to the fanpage of the operator are made available with the help of the page insights function to and processed by the operator. There is no possibility for the operator to identify you personally or to assign you to your account. This function is a part of the usage agreements with Meta Ireland that cannot be waived by the operator. This means that the operator cannot unilaterally decide whether the page insights are collected or not.

Further information on the page insights function and the use of cookies as well as the settings options can be found here.

Please note that the page insights function can also be used to collect personal data from people who do not have a profile on Facebook nor Instagram.

You can also restrict or completely prevent the setting of cookies in your browser settings. In addition, you can also arrange for the automatic deletion of cookies when closing the browser window.

Information on the legal basis and the purpose of the processing on behalf of Meta Ireland as well as the particular storage period can be viewed here.

Insofar as your personal data is processed by the operator by visiting the fanpage, the lawfulness of this processing is based on Art. 6 para. 1 f) GDPR (legitimate interest). The legitimate interest of the operator lies in the evaluation of the anonymized insights data in order to track usage behavior on the respective fanpage and to optimize the content. In order to market the services in the best way possible, many fanpage views are required. The insights data helps with this.

The insights data collected via the fanpage is made available to the operator in anonymized form. This means that the data has been modified in such a way that it can no longer be assigned to a natural person, or only with a disproportionate amount of time, cost and labor.

If you are registered on the platforms Facebook and Instagram, the provision of insights data is contractually required. Otherwise, you will not be able to open an account. For non-registered users, the processing of insights data is voluntary. However, objecting to the processing or deactivating certain settings will result in you not being able to access the fanpage.

6.2 Communication via the fanpage functions

You can get in touch with the operator via the fanpage direct messages, likes or comments. In the context of these contacts, your username will be displayed.

The lawfulness of this processing is based on Art. 6 para. 1 f) DS-GVO (legitimate interest). Communication with users is important for the operator to answer questions, respond to criticism, build a relationship and exchange information. Only in this way services can be improved and the needs of customers addressed in a more targeted manner. Communication via social media is an important building block in this context, especially to reach younger customers. Direct messages are deleted at regular intervals. Comments and likes are stored indefinitely on the fanpage and can be viewed by other users.

The provision of your data is not required by law or contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide this data. However, the provision of the data is necessary so that you can contact the operator in the manner described above.

7. Scope of processing on the YouTube-channel

You can get in touch with the operator via the YouTube-channel listed above using direct messages, likes or comments. In the context of these contacts, your username will be displayed.

YouTube is a service of YouTube LLC ("YouTube"), 901 Cherry Ave, San Bruno, CA 94066, USA and is provided by the same. YouTube LLC is a subsidiary of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The data collected on YouTube may be transferred to Google LLC, Menlo Park, California, USA. The transfer of your personal data to the USA is carried out using standard contractual clauses. You will find further information here.

8. Access on information in your terminal equipment, e.g. Smartphone

When calling up and using the aforementioned social networks, the providers of the respective network may access information stored on your terminal equipment (laptop, tablets, smartphones), e.g. IMEI, or store temporary information, e.g. cookies, on your terminal equipment.

The legality of accessing information stored in your terminal equipment as well as the storage of information in your terminal equipment is governed by Section 25 para. 2 no. 2 TTDSG. According to this, the storage of information in the terminal equipment or the access to information already stored in the terminal equipment is lawful if it is absolutely necessary for the provision of a telemedia service expressly requested by the user.

9. Rights of the data subject

In the context of the use of the fanpage, you have the right to assert all rights described under this chapter against Meta Ireland as well as against the operator. Within the framework of the agreement that exist between the operator and Meta Ireland, the operator will, insofar as Meta Ireland alone has to comply with your data subject rights, immediately forward your request to Meta Ireland.

You have a right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) as well as data portability (Art. 20 GDPR). The operator will make every effort to process requests promptly.

Insofar as your personal data is processed on the basis of Art. 6 para. 1 f) GDPR, you have the right to object, on grounds relating to your particular situation or the objection is directed against direct marketing purposes (Art. 21 GDPR). If you object to direct marketing purposes, the operator will no longer send you promotional messages.

Any consent given for the processing of personal data can be withdrawn at any time with effect for the future. However, the lawfulness of the processing until the withdrawal remains unaffected.

You have the right to lodge a complaint with a supervisory authority at any time. You can obtain an overview of the responsible supervisory authorities by following this link.

10. Recipients

The data collected when calling up and using the fanpage and the information you provide when contacting the operator are transmitted to Meta Ireland and stored there.

The data collected when calling up and using the YouTube-Channel and the information you provide when contacting the operator are transmitted to Google LLC and stored there.

Your data may also be viewed by employees who are involved in the maintenance of the fanpage and respond to your messages.

The insights data is partially transmitted to the servers of Meta Platforms, Inc. in the USA and stored there. For the cases of data transfer to the USA, Meta Platforms, Inc. relies on the EU standard contractual clauses. For more information, please visit https://de-de.facebook.com/help/566994660333381.

11. Links to third parties

When you visit the social media channels, content may be displayed that is linked to the profiles or websites of third parties. The operator has no access to the cookies or other functions used by third party sites, nor can the operator control them. Such third-party sites are not subject to the operator's privacy policy.