Privacy policy

Privacy policy of MetricsCosmetics GmbH (AVE EDAM)

as amended in December 2019

1. Scope of application

MetricsCosmetics GmbH ("AVE EDAM" or "we") is particularly concerned about protecting your privacy and personal data. With this data protection declaration we would like to inform you comprehensively about how we handle your personal data.This data protection declaration applies to the handling of your personal data when you visit our Internet pages at www.aveandedam.com, when you contact us by e-mail, post or telephone and we subsequently provide you with services.

2. Who is responsible and to whom can I turn?

MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin is responsible for the processing of personal data described in this data protection declaration.

You can contact the following office with regard to all inquiries on data protection issues:

MetricsCosmetics GmbH

Fasanenstrasse 47

10719 Berlin

E-mail: info@aveandedam.com

We are not legally obliged to appoint a data protection officer. You are welcome to contact Dr. Franziska Leonhardt as your contact person for data protection issues.

3. Which data we process from you?

We collect and process various personal data from you, depending on the specific processing situations. Below you will find a list of the data relating to the respective processing situation:

3.1 Which data do we process when you visit our website?

When you visit our Internet pages, we process data from you among other things:Data on the use of the Internet pages provided (e.g. browser used, operating system used, referrer url, time of the server inquiry, contents called up, duration of use, type of use);

IP address; and

other technical data comparable with the previous ones.

We process these data in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our legitimate interest in ensuring technical functionality.

3.2 Which data do we process when you contact us?

Depending on your request, you can contact us via our Internet pages by e-mail or in writing. When contacting us by e-mail or post, we regularly save and process only your e-mail address, telephone number, address and the information you have provided us with in the course of contacting us.

In this case, we process your data in accordance with Art. 6 Para. 1 lit. b DSGVO on the basis of contractual or quasi-contractual obligations or to establish a contract with you.

3.3 What data do we process when you register on our website?

You can register voluntarily on our website. In this case, we only process the data entered during the registration process.

In this case, we process your data in accordance with Art. 6 Para. 1 lit. b DSGVO on the basis of contractual or quasi-contractual obligations or to establish a contract with you.

3.4 What data do we collect when you register for our newsletter?

You can receive our newsletter. To do so, you need to enter your e-mail address. In this case we will use your e-mail address exclusively for sending our newsletter. In order to verify your ownership of the e-mail address provided, we carry out the so-called "double-opt-in procedure". After registering for the newsletter, we will first send you a confirmation email. Only after clicking on the link contained in the confirmation email will we add your email address to our newsletter distribution list.

In this case we process your data in accordance with Art. 6 Para. 1 lit. a DSGVO on the basis of your consent.

If you purchase products via our online shop and provide your e-mail address, we may use this data to inform you about similar products by means of a newsletter. The legal basis for this data processing is Art. 6 para. 1 lit. f DSGVO in conjunction with § 7 paragraph 3 of the law against unfair competition (UWG). Our legitimate interest is to provide you with current information about our products and services.

You can object to receiving the newsletter at any time by sending an e-mail to info@aveandedam.com or via the link contained in the newsletter.

3.5 Which data do we process when we personalize your cosmetics?

If you decide to create cosmetics on our website using our special algorithm and just do our skin test, you can provide various information about your skin type, nutrition and work habits. The more data you share with us, the better we can adapt our products to your needs or assess your skin.

In this case we also use your data to improve our algorithm. This enables us to offer you and other customers even better products in the future. It is not necessary to process your name for this purpose. Nevertheless, it cannot be excluded that these data can be assigned to you.

In this case we process your data in accordance with Art. 6 Para. 1 lit. a DSGVO in conjunction with Art. 9 para. 2 lit. a DSGVO of your express consent. You can revoke this consent at any time with effect for the future without giving reasons.

4. With whom do we collect your personal data?

Personal data is mainly collected directly from you, for example by visiting our website or by using the services offered, such as the possibility to contact you by e-mail.

If you interact with us through a social media site or third-party service, for example, if you "link", follow or share our content on Facebook or other websites, we may receive social network information, including your profile information, your picture, your user ID linked to your social media account, and any other information that you allow the social network to share with third parties.

5. For what purposes do we process your data and on what legal basis?

We process your personal data exclusively in accordance with the provisions of the relevant data protection laws. In certain situations, we also process your personal data to fulfill other legal obligations or on the basis of your express consent.

5.1 To fulfil contractual obligations

We process your personal data to fulfill contractual or quasi-contractual obligations or to establish a contract, for example to provide our services or to sell the products we offer. In this case, the legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

5.2 To fulfil legal obligations

Insofar as we are subject to legal obligations, the compliance of which requires the processing of your personal data, we process your personal data on the basis of these legal obligations. In this case, the legal basis for processing is Art. 6 para. 1 lit. c DSGVO.

5.3 Based on legitimate interests

We process your personal data also for the protection of our legitimate interests, unless your interests or fundamental rights and freedoms, which require the protection of your personal data, outweigh. Subject to a weighing decision to be made in individual cases, we regularly assume that our legitimate interests prevail in the following processing situations, which are not exhaustively listed:

  • Optimization of our offers and services;
  • Analysis of the use of our Internet pages;
  • Guaranteeing the confidentiality and integrity of our IT systems; and
  • Cooperation with state authorities.

The legal basis for the processing in this case is Art. 6 para. 1 lit. f DSGVO.5.4 Based on your consent

If you have given us separate consent for the processing of your personal data, we will process your personal data within and on the basis of this consent. Consent is required, for example, for the personalization of your cosmetics. Consent may also relate, for example, to the transfer of data for targeted advertising measures or the sending of newsletters.

Consent is always voluntary and can be revoked at any time and without giving reasons with effect for the future.

The legal basis for processing in this case is Art. 6 Para. 1 lit. a DSGVO or Art. 6 Para. 1 lit. a DSGVO in conjunction with Art. 9 para. 2 lit. a DSGVO.

6. To whom do we pass on your data?

Within the company, those persons receive your data who absolutely need it to fulfill our contractual and legal obligations.We only pass on your personal data to external recipients if there is a legal justification for doing so or if you have consented to this. External recipients can be:

  • processors: service providers we use to provide services or who are entrusted with the maintenance of our IT systems.
  • Public bodies: Authorities and state institutions, such as public prosecutors, courts or financial authorities, to which we may need to transfer personal data in individual cases.
  • Private bodies: Private bodies to which we transmit your personal data, for example lawyers (disputes, debt collection, etc.), tax consultants, auditors.

7. Do we transfer your data to third countries?

As part of the processes described in this privacy policy, your personal data may be transferred to entities whose registered office or place of business is not located in a member state of the European Union or in another state that is a party to the Agreement on the European Economic Area. In doing so, we will ensure prior to the transfer that, except in exceptional cases permitted by law, the recipient either has an adequate level of data protection (e.g. by means of an adequacy finding by the European Commission, by means of suitable guarantees such as certification of the recipient in accordance with the EU-U.S. Privacy Shield or the agreement of so-called EU standard data protection clauses of the European Commission with the recipient) or your express consent has been obtained. You can obtain a copy of these guarantees from us. Please use the contact details under point 2.

8. How long do we store your personal data?

We process and store your personal data only as long as it is necessary for our processing purposes.If we use your e-mail address for our e-mail newsletter, we generally store the data until you unsubscribe from our newsletter. This does not affect our legal option to store this data for other purposes, e.g. maintaining a blacklist to ensure that e-mail addresses are no longer used for marketing purposes after un-subscription.

We store purely technical information for a maximum of 400 days.

The data collected and stored in the context of the use and provision of our Internet pages will be deleted by us at any time on request, independently and regularly within a few days, unless we have a special interest in continued storage in individual cases, such as cyber attacks.

Insofar as a longer storage period is required due to legal storage and documentation obligations or to protect our legitimate interests, e.g. in the event of possible legal disputes, your personal data will continue to be stored and processed after the expiry of the above-mentioned period. Upon full implementation of a contract or a relationship similar to a contract, we will, as far as possible, immediately block your personal data for further processing.

In the context of a contact request, we will only store your data for the time necessary to answer your contact request. Data that we process on the basis of your consent will be stored until you revoke your consent.

A final deletion will take place after expiry of the periods resulting from the statutory storage and documentation obligations, which range between two and ten years and are based, among other things, on the German Fiscal Code or the German Commercial Code.

9. Your rights

Below you will find a summary of your rights regarding the processing of your personal data by us:

9.1 Rights of access, deletion, correction, restriction of processing 

According to Art. 15 DSGVO, you have the right to information, according to which you can request confirmation as to whether we process your personal data. If this is the case, you have the right to request comprehensive information on this personal data from us.

Under Art. 16 DSGVO, you can demand that incorrect data concerning you be corrected immediately.

According to Art. 17 DSGVO, you have the right to request the deletion of your personal data if they are either (i) no longer necessary for the purposes for which they were collected, (ii) you have withdrawn your consent to processing, (iii) you are entitled to request the deletion of your personal data according to Art. 21 para. 1 DPA and there are no overriding legitimate reasons for continuing the processing, (iv) your personal data have been processed unlawfully, (v) the deletion of the personal data is necessary to comply with a legal obligation under European Union law or the law of the Member States to which Ave + Edam is subject, or (vi) the personal data have been collected in relation to information society services offered in accordance with Article 8 (1) DPA.

According to Art. 18 DSGVO, you have the right to demand the restriction of processing under the following conditions. Such a right exists if (i) you have disputed the accuracy of your personal data, (ii) the processing is unlawful and you refuse to delete the personal data and instead demand the restriction of use, (iii) the data are no longer needed for the purposes of the processing but you need them for the assertion, exercise or defence of legal claims, or (iv) you have lodged an objection to the processing in accordance with Art. 21 Para. 1 DSGVO, as long as it is not yet clear whether we have legitimate reasons for processing that outweigh yours.

According to Art. 19 DSGVO, you have the right to request information about the recipients of data to whom a correction, deletion of your personal data or a restriction of processing has been communicated.

According to Art. 20 DSGVO, you have the right to receive personal data concerning you from us in a structured, common and machine-readable format and to transfer this data to another responsible party.

If the processing or transmission of your personal data is based on your declared consent, you can revoke this consent at any time with effect for the future.

You also have the right to appeal to the competent supervisory authority against the processing of your data or against a decision taken by AVE EDAM with regard to any of the rights you have exercised.

9.2 Contact

For the assertion of your rights listed under point 9.1, you can contact us informally by post or e-mail at the contact details listed under point 2.

9.3 RIGHT OF OBJECTION ACCORDING TO ART. 21 DSGVO

9.3.1 CONTRADICTION ON GROUNDS OF YOUR PARTICULAR SITUATION

BY TYPE. 21 ABS. 1 DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, IF SUCH PROCESSING IS CARRIED OUT FOR THE PURPOSE OF OUR LEGITIMATE INTERESTS, INCLUDING PROFILING BASED ON SUCH DATA (E.G. FOR CREDIT ASSESSMENT). FURTHER PROCESSING OF YOUR PERSONAL DATA WILL THEN NO LONGER BE CARRIED OUT UNLESS WE CAN PROVE THAT THERE ARE COMPELLING REASONS FOR PROCESSING WHICH ARE WORTHY OF PROTECTION AND WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR UNLESS THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

9.3.2 WIDERSPRUCH GEGEN DIREKTWERBUNG

BY TYPE. 21 ABS. 2 DSGVO YOU HAVE THE RIGHT TO OBJECT TO THE USE OF YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING AT ANY TIME. THIS SHALL ALSO APPLY TO PROFILING, INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT TO THE PROCESSING FOR DIRECT MARKETING PURPOSES, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR THESE PURPOSES.

9.3.3 CONTACT POSSIBILITY

YOU CAN INFORMALLY DECLARE YOUR OBJECTION BY MAIL OR E-MAIL, ADDRESSED TO:

METRICSCOSMETICS GMBH

Fasanenstrasse 47

10719 BERLIN

GERMANY

E-MAIL: INFO@AVEANDEDAM.COM

10. Is there an obligation on your part to provide personal data?

For the use of our internet pages there is neither a contractual nor a legal obligation to provide us with your personal data. However, if you wish to contact us or purchase our cosmetic products, certain information may be required in order for us to process your request.

11. Is the processing based on automated decision making or profiling?

You have the right not to be subject to a decision based solely on automated processing, including profiling, where the decision is not necessary for the conclusion or performance of a contract, is not required by mandatory law or is not based on your explicit consent.

Ave + Edam does not use automated decision making procedures, including profiling, unless we have explicitly informed you of this.

12. What kind of cookies and tracking technology do we use?

For the provision, maintenance and analysis of our websites and their use, we use various third-party software tools and ourselves, which are regularly based on the use of cookies, Flash cookies (also called Flash Local Shared Objects), web beacons or similar technologies (collectively, "tracking technologies"). Tracking technologies can help us learn how you use our services (e.g., the pages you view or the links you click and other actions you take with the services), give us information about your browser and online usage patterns (e.g., IP address, log data, browser type, browser language, referring/exit pages and URLs, pages viewed, whether you opened an email, links clicked on, etc.), and information about the devices you use to access our services. Tracking technologies enable us to link the devices you use to access our services in such a way that we can recognize you on the various devices you use and contact you if necessary.

You can limit the use of tracking technology by changing your browser settings. You can determine which access you grant us to your devices and whether and for how long cookies can be stored on your device. Furthermore, you can delete already stored cookies at any time. Please note that the functionality of our Internet pages may be impaired after deactivating all cookies. Similar functions (such as Flash cookies), which are used by so-called browser add-ons, can be deactivated or deleted by changing the settings of the browser add-on or via the website of the manufacturer of the browser add-on.

12.1 What are cookies?

A cookie is a small file that is transferred from the website's host server during the use of a website and stored on the user's device (desktop computer, laptop, tablet, smartphone, other Internet-enabled devices) by the browser used. Cookies are used to store information about the user and to be able to retrieve it when the website is called up again.

12.2 What are cookies used for?

Cookies help us understand how our Web sites are used, analyze trends, administer the site, track user's movements around the site, gather demographic information about our user base as a whole, allow you to navigate efficiently between pages, remember your preferences and settings on our sites, and generally improve your browsing experience. We use tracking technologies to (i) remember information so that you do not have to re-enter it during your visit or a subsequent visit, (ii) recognize you across multiple devices, (iii) monitor the functionality and performance of our websites, (iv) to collect aggregate metrics regarding total number of visitors, total traffic, usage and demographic patterns on our websites, (v) to diagnose and resolve technical issues, and (vi) to implement other plans and improvements to our website.

Common Internet browsers offer the option of not accepting certain cookies. If you set these preferences, you may not be able to use all the features of our website without preferences.

12.3 What types of cookies are used on our website?

The cookies used on our website can generally be classified into one of the following categories: Mandatory cookies, analysis cookies and function-related cookies.

12.3.1 Mandatory cookies

These cookies are indispensable for the functioning of our website and enable you to navigate our website and use its functions. Without these cookies, certain services that are necessary for the full use of our website cannot be provided.We process mandatory cookies in accordance with Art. 6 Para. 1 lit. b DSGVO.

12.3.2 Analysis cookies

With the help of these cookies, we collect information about how users use our website, e.g. which pages are most frequently accessed and read, or how users move from one link to the next. All information collected by this type of cookie does not relate to a single user, but is aggregated and processed with the information of other users. The cookies provide us with analytical data about how our websites work and how we can improve them. We only use these cookies after you have given your consent.

We process analytical cookies in accordance with Art. 6 Para. 1 lit. a DSGVO on the basis of your consent.

12.3.3 Function-related cookies (convenience functions)

These cookies allow us to store a specific selection you have made and to adapt our Internet pages so that they offer you extended functions and content. These cookies can be used, for example, to save your language selection or country selection.We process function-related cookies in accordance with Art. 6 para. 1 lit. a DSGVO.

12.4 How long are cookies stored on my devices?

The length of time the cookie is stored depends largely on whether it is a "permanent" or "session-related" cookie. Session-related cookies are deleted after you leave the website that set the cookie. Persistent cookies remain on your device even after you have finished surfing, until they are deleted or until they expire.

12.5 Further information on cookies

For the provision of our website we use the services of the third party providers listed below. These third party tools belong to the categories of cookies described above and help us to provide our services on our website or to advertise our products and services over the Internet.

Below you will find additional information about the data processing in connection with these cookies:

Category/ purpose  Designation Provider/ Recipient Third country transfer/Adequacy Decision Cookie validity/ retention period Exercise of the revocation or opposition
Performance
Used to evaluate user behaviour on the website
Shopify  Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

2 years link
Performance
Used to evaluate user behaviour on the website
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

30 minutes link
Performance
Used to evaluate user behaviour on the website
Hotjar Hotjar Ltd, Level 2
St Julians Business Centre,
3, Elia Zammit Street
St Julians STJ 3155, Malta
EU-GDPR compliant Session link
Performance
Used to distinguish users
Google Analytics Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA USA /
EU-U.S. Privacy Shield Certification

1 day link
Performance
Used to identify a unique user
Google Analytics Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA USA /
EU-U.S. Privacy Shield Certification

2 years link
Performance
Used to reduce the request rate
Google Analytics Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA USA /
EU-U.S. Privacy Shield Certification

1 minute link
Performance
Used to evaluate user behaviour on the website
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

30 minutes link
Performance
Used to evaluate user behaviour on the website
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

30 minutes link
Performance
Used to evaluate user behaviour on the website
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

2 years link
Performance
Used to evaluate user behaviour on the website
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

30 minutes link
Performance
Used to evaluate user behaviour on the website
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
"USA /
EU-U.S. Privacy Shield Certification
"
2 years link
Performance
Use to evaluate user behaviour on the landing page
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

2 weeks link
Marketing
Used for the idendification of a unique user
Hotjar Hotjar Ltd, Level 2
St Julians Business Centre,
3, Elia Zammit Street
St Julians STJ 3155, Malta
EU-GDPR compliant 1 year link
Marketing
Used for evaluation of user behaviour for marketing
Facebook Facebook Inc., 1 Hacker Way in Menlo Park, CA 94025, USA USA /
EU-U.S. Privacy Shield Certification

3 months link
Marketing
Used for targeted advertising.
Facebook Facebook Inc., 1 Hacker Way in Menlo Park, CA 94025, USA USA /
EU-U.S. Privacy Shield Certification

3 months link
Marketing
Used to identify the users brower
Google Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA USA /
EU-U.S. Privacy Shield Certification

15 minutes link
Functionality
Used to secure checkout and payment function
Shopify MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany EU-GDPR compliant 2 weeks link
Functionality
Used to secure checkout and payment function
Shopify MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany EU-GDPR compliant 2 weeks link
Functionality
Used to secure checkout and payment function
Shopify MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany EU-GDPR compliant 1 hour link
Functionality
Used to secure checkout and payment function
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

Session link
Functionality
Used to track landing pages
Shopify MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany EU-GDPR compliant 1 year link
Strictly necessary
Used to store customer credentials securely when processing a purchase
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

18 years link
Strictly necessary
Used for the secure checkout and payment function
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

2 weeks link
Strictly necessary
Used for the shopping cart functionality
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

2 weeks link
Strictly necessary
Used to collect information of a visitor
Shopify Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland
USA /
EU-U.S. Privacy Shield Certification

2 weeks link
Strictly necessary
Used to accelerate the loading times of the page
CloudFlare Cloudflare, Inc.
101 Townsend St,
San Francisco, CA 94107
USA
USA /
EU-U.S. Privacy Shield Certification

1 month link

13. Technical protection measures

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, we use SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Version: December 2019