data protection

Data protection

Responsible

Dennis Grischek
Grazbachgasse 30
A-8010 Graz

Email: office@kosmetikstudio.de

Tel.: +43 (0) 699 / 17 310 310


kosmetik.at attaches great importance to your privacy and the protection of all data provided at www.kosmetik.at. Personal data is processed for contract fulfillment, delivery and accounting purposes. We do not pass on any personal data without the customer's consent.


Data collection and processing
You can visit our site without providing any personal information. We only save access data that does not contain any personal information, such as the name of your Internet service provider, the site from which you visit us or the name of the file you requested. This data is evaluated solely to improve our service and does not allow any conclusions to be drawn about you personally.

We do not collect personal data independently. However, you have the option of setting up a customer account on this website, for which personal data such as name, address and an email address are required. In addition, you can voluntarily provide your date of birth and telephone number.

Creating a customer account is not necessary for orders in the online shop, but personal data is required to fulfill the contract (order processing), in particular name, address, email address and, depending on the payment method, certain account or payment information. Once the contract has been fully processed and the purchase price has been paid in full, your data will be blocked for further use and deleted after the tax and commercial law regulations have expired, unless you have expressly consented to the further use of your data.

If you actively register (double opt-in) for the newsletter, your name and email address will be used exclusively for our own advertising purposes in accordance with your consent until you unsubscribe from the newsletter.

Your data will not be passed on to third parties unless you have expressly consented to the transfer, there is a legal obligation to pass on the data or the third parties are contractual partners who are used to fulfil the contract (order processing) (e.g. for payment processing or for shipping), whereby the transfer of personal data to third parties is limited to the necessary extent.

By entering your data when creating a customer account or placing an order, you expressly consent to the storage, processing, use and transfer of this data to the extent stated above and confirm its factual accuracy.


Legal basis for processing
We process your data primarily in accordance with Art. 6 Para. 1 lit. b GDPR to fulfill the contract (order processing). In addition, personal data concerning you will be processed in accordance with Art. 6 Para. 1 lit. a and f GDPR exclusively within the scope of your consent and to protect our legitimate interests. All consents are obtained in accordance with Art. 7 GDPR.


Rights of data subjects
You have the right to revoke all consents granted in accordance with Art. 7 Para. 3 GDPR with effect for the future.

Furthermore, you have the right to information as to whether personal data concerning you is being processed in accordance with Art. 15 GDPR.

Based on your right to rectification in accordance with Art. 16 GDPR, you can request the immediate rectification or completion of data concerning you.

In addition, you have the right to erasure (“right to be forgotten”) under Article 17 of the GDPR. This gives you the opportunity to request the immediate erasure of personal data concerning you.

If this step goes too far for you, you also have the option to request the restriction of the processing of personal data concerning you in accordance with Art. 18 GDPR.

Furthermore, according to Art. 20 GDPR, you have the right to receive the data you have provided in a structured, common and machine-readable format and to transfer it to another controller.

You can also object to the future processing of personal data concerning you at any time in accordance with Art. 21 GDPR.

If you believe that the GDPR has been violated during the processing of personal data concerning you, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.


Subscribe to the newsletter
When you subscribe to the newsletter, your email address will be used for our own advertising purposes until you unsubscribe from the newsletter. You can unsubscribe at any time.


Contract text storage
We save the contract text and send you the order data and our terms and conditions by email. You can view and download the terms and conditions here at any time. You can view your past orders in our customer login.


Data transfer to third countries
In principle, all processing steps are carried out by us within the territory of the European Union. However, since a transfer to a third country (outside the EU or EEA) cannot be ruled out when using third-party services, we would like to point out that this only takes place within the scope of contract performance, on the basis of your consent and due to legal obligations, in compliance with Art. 44 ff. GDPR. In particular, we would like to inform you that the third parties concerned must provide special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU (e.g. for the USA through "Privacy Shield").


Cookies
By visiting the website, information about the access (date, time, page viewed, purchases) can be saved in the form of a cookie. A cookie is a short entry in a database or in a special file directory and is used to exchange information such as the creation of a shopping cart, which is provided by the provider. This anonymized data is recorded exclusively for statistical purposes and also evaluated anonymously. Under no circumstances will the collected data be sold or passed on for other reasons. The visitor has the option of refusing data processing using cookies at any time. In this case, you are asked to deactivate the corresponding option in the system settings of your browser. Saved cookies can be deleted in the system settings of the browser. Excluding cookies can lead to functional restrictions of this online offer.


##cookiebot##


This website uses retargeting technology from releva GmbH , Feilnerstr. 10, 10969 Berlin ( www.releva.nz ). This makes it possible to specifically target visitors to our website with personalized, interest-based advertising. The advertising is displayed based on a cookie-based analysis of previous usage behavior, but no personal data is stored. In the cases of retargeting technology, a cookie is stored on your computer or mobile device in order to record pseudonymized data about your interests as part of a pseudonymized user profile and thus individually adapt the advertising to the stored information. These cookies are small text files that are stored on your computer or mobile device. This means that you will see advertising that is highly likely to correspond to your product and information interests. If the information collected is personal, the processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in displaying personalized advertising and in market research.
The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not combined with personal data about the bearer of the pseudonym. To generally object to the use of cookies on your computer, you can set your Internet browser so that no more cookies can be stored on your computer in the future or cookies that have already been stored are deleted. You can also permanently object to the setting of cookies or the creation of a pseudonymized user profile by using the opt-out function available under the following link:
https://releva.nz/privacy
Further information and the data protection provisions regarding advertising and releva GmbH can be found at https://releva.nz/datenschutz .


This website uses retargeting technology from Criteo GmbH ( www.criteo.com ). This makes it possible to specifically target visitors to our website with personalized, interest-based advertising. The advertising is displayed based on a cookie-based analysis of previous usage behavior, but no personal data is stored. In the case of retargeting technology, a cookie is stored on your computer or mobile device in order to record pseudonymized data about your interests as part of a pseudonymized user profile and thus individually adapt the advertising to the stored information. These cookies are small text files that are stored on your computer or mobile device. This means that you will see advertising that is highly likely to correspond to your product and information interests. If the information collected is personal, the processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in displaying personalized advertising and in market research.
We may share data such as technical identifiers derived from your registration information on our website or CRM system with our trusted advertising partners so that these devices or browsers can be linked together and provide you with a seamless experience across the various environments you are likely to or actually use.

By browsing our website, you accept the use of cookies and cookie-independent technologies to show you tailored content and advertising across websites.

Our [website/app] uses cookies/advertising IDs for advertising purposes. This enables us to show our advertising to visitors who are interested in our products on partner websites, apps and emails. Retargeting technologies use cookies or advertising IDs and display advertising based on your previous browsing behavior. To opt out of this interest-based advertising, please visit the following websites:
http://www.networkadvertising.org/choices/
http://www.youronlinechoices.com/

We may share information such as technical identifiers from your registration information on our [website/app] or CRM system with trusted advertising partners. This allows them to link your devices and/or environments and offer you a seamless experience across the devices and environments you use.

To learn more about the technologies used by our partner and their matching methods, please read their privacy policy, which is available on the platforms mentioned above or below:
Criteo privacy policy: http://www.criteo.com/de/privacy/


Conversion measurement with Facebook's visitor action pixel
We use the “visitor action pixel” from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA on our website. This allows us to track user actions and record the effectiveness of Facebook ads for market research purposes after you have seen or clicked on a Facebook ad. The data collected in this way is anonymous to us. We do not see the personal data of individual users. However, the data is stored and processed by Facebook, about which we will inform you accordingly. Facebook can link the data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's data usage policy (see Facebook privacy). You can allow Facebook and its partners to place advertisements on and outside of Facebook. A cookie can usually be stored on your computer. This consent may only be given by users who are older than 13 years. If you are younger, we ask that you ask your legal guardians for advice.


Data protection notice regarding the use of WhatsApp
You can contact us and start a conversation via WhatsApp. We are responsible within the meaning of Art. 4 No. 7 GDPR for subsequent data processing in connection with WhatsApp. To offer and use WhatsApp, we use the software solution of Charles GmbH, Gartensstr. 86-87, 10115 Berlin, as part of a data processing agreement. Charles stores all personal data in the EU. As an official WhatsApp partner, Charles uses the WhatsApp Business API, with the result that no other third parties or WhatsApp within the scope of our responsibility have access to your communication content.

The use of WhatsApp is subject solely to the agreements you have made with WhatsApp. In accordance with WhatsApp's terms of use, we have your telephone number and username when you contact us. We use this and other information you provide to recognize you and your preferences and to respond to your WhatsApp messages. The legal basis here is your consent to be contacted in accordance with Art. 6 (1) (a) GDPR. We will also send you newsletters via WhatsApp if you have given us your consent to do so.

You can revoke your consent at any time with effect for the future. According to the GDPR, you also have the right to information, correction, transferability and deletion of your personal data as well as the right to restrict or object to certain processing. You also have the option of complaining to the supervisory authority responsible for you.

For further information please refer to our data processors:

Charles GmbH: https://www.hello-charles.com/c-com-blog/whatsapp-newsletters

WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland: https://www.whatsapp.com/legal/privacy-policy-eea


Additional services
Data collection and processing for payments via InfinitePay “Purchase on account” or “Purchase by SEPA direct debit”
When paying using the InfinitePay payment methods “Purchase on account” or “Purchase by SEPA direct debit”, the purchase price claim is assigned to Financial Management Solutions GmbH (under the InfinitePay brand), Isaac-Fulda-Allee 5, 55124 Mainz (hereinafter referred to as “InfinitePay”). The data required to process the payment is transmitted to InfinitePay. The data transmission serves, among other things, the purpose of enabling InfinitePay to carry out an identity and credit check in order to process your purchase using the payment method you have requested. The processing is carried out on the basis of Art. 6 Para. 1 lit. for GDPR due to the legitimate interest in offering a variety of payment methods and the legitimate interest in protecting against payment default. For reasons arising from your particular situation, you have the right to object at any time to this processing of personal data concerning you based on Art. 6 Para. 1 lit. f GDPR by notifying us. You can find InfinitePay’s privacy policy here: https://www.infinitepay.de/datenschutzhinweise

If you would like to receive information about the use of your personal data, you can contact datenschutz@fms-mainz.de at any time. The provision of the data is necessary for the conclusion of the contract with the payment method you requested. Failure to provide the data means that the contract cannot be concluded with the payment method you requested.

----

In cooperation with mollie we offer the following payment options.

As a financial institution, Mollie processes large amounts of data from customers and consumers who use Mollie's services when purchasing the customer's products or services digitally. Both the customer and the consumer are of inestimable value to Mollie. It is therefore very important for Mollie to ensure careful and secure processing of customer and consumer data, especially personal data.

- What is Mollie
- How can I contact Mollie?
- Personal data processed by Mollie
- Does Mollie process special and/or sensitive personal data?
- Why are your personal data processed?
- How long does Mollie store your personal data?
- Does Mollie share your personal data with third parties?
- How does Mollie analyze your website visit?
- Your rights
- Protection of your personal data
- Responsibilities of Mollie
- Data Protection Officer

1. What is Mollie?
Mollie is a payment service provider that offers customers (for example webshops) the possibility to accept payments online from their consumers (payers). With Mollie, a customer can let their consumers choose between several payment methods. So you can deal with Mollie if you have a webshop or want to use Mollie's payment services for other reasons, as consumers have paid via a website that uses Mollie's services, or visit Mollie's website(s).

For more information about Mollie, visit the About Mollie page .

2. How can I contact Mollie?
On our contact page you will find several ways to contact Mollie.

3. Personal data processed by Mollie
Mollie processes data about you when you use Mollie's services and/or when you provide this data to Mollie yourself. Below you will find an overview of the personal data that Mollie processes depending on the service you use.

If you as a customer use a Mollie service, the following personal data will be processed:

- Your first and last name
- Your date of birth
- Your place of birth
- Your nationality
- Your address details
- Your phone number
- Your email address
- Your IP address
- Your internet browser and device type
- Other personal data that you actively provide, for example by creating a profile on this website, by correspondence or over the telephone.

If you use a Mollie service as a (paying) consumer, the following personal data will be processed:

- Your payment details (for example bank account number or credit card number)
- Your IP address
- Your internet browser and device type
- In some cases your first and last name
- In some cases your address details
- In some cases, information about the product or service you purchased from our customer
- Other personal data that you actively provide, for example through correspondence or over the telephone.

When you use Mollie's website and apps, the following personal data is processed:

- Your location data
- Data about your activities on the website(s) and apps
- Your IP address
- Your internet browser and device type.

4. Does Mollie process special and/or sensitive personal data?
Unlike processing payments, Mollie's website and services are not geared towards activities that require the processing of special and/or sensitive personal data. Mollie therefore asks you not to provide this data. Furthermore, it is in no way Mollie's intention to collect data about minor visitors to the website, even if they have the consent of their parents or guardians. Unfortunately, Mollie cannot verify whether a visitor is a minor. Mollie therefore recommends that parents and guardians supervise their children's online activities to prevent Mollie from processing data from minors.

If you nevertheless believe that Mollie has wrongfully processed special or sensitive data, we ask you to contact Mollie by email at info@mollie.com or by phone at +49 (0)30 22 40 90 20. Mollie will then remove this data as quickly as possible.

5. Why are your personal data processed?
Mollie processes your data to fulfill a contract and based on legal obligations.

When you use Mollie's services, your personal data will be processed for the following purposes:

- Assessment of your application
- Preparation and execution of the contract
- Processing of payments
- Sending information about (changes to) products or services
- Ensuring the quality and integrity of the financial sector, for example by identifying, investigating, preventing and actively combating (attempted) criminal conduct
- Analyses for statistical and scientific purposes
- Training and assessment of Mollie employees
- Establishment of evidence
- Establishment that Mollie has actually had contact with you or one of your (legally authorized) representatives as a customer, for example by telephone or written correspondence
- Compliance with legal requirements as a financial institution, for example under the Dutch Financial Supervision Act (Wet op het financieel toezicht – Wft) and the Dutch Money Laundering and Terrorist Financing Prevention Act (Wet ter voorkoming van witwassen en financieren van terrorisme – Wwft)

If you use Mollie's services as a consumer (payer), your personal data will be processed for the following purposes:

- Processing of payments
- Ensuring the quality and integrity of the financial sector, for example by identifying, investigating, preventing and actively combating (attempted) criminal conduct
- Analyses for statistical and scientific purposes
- Training and assessment of Mollie employees
- Recording of evidence
- Determining whether Mollie has actually had contact with you as a consumer, for example by telephone or written correspondence
- Fulfillment of legal obligations as a financial institution, for example pursuant to the Dutch Financial Supervision Act (Wet op het financieel toezicht – Wft) and the Dutch Money Laundering and Terrorist Financing Prevention Act (Wet ter voorkoming van witwassen en financieren van terrorisme – Wwft).

When you use the Mollie website, your personal data will be processed for the following purposes:

- Setting up an individual environment (dashboard) on the Mollie website(s)
- Granting access to the individual environment
- Analysis of your behavior on Mollie's website(s) in order to improve the websites and adapt the range of products and services to your preferences
- Analysis of your surfing behavior on Mollie's website(s) so that Mollie can adapt products and services to your needs
- Analyses for statistical and scientific purposes
- Ensuring the quality and integrity of the financial sector, for example by identifying, investigating, preventing and actively combating (attempted) criminal conduct
- Compliance with legal requirements as a financial institution, for example under the Dutch Financial Supervision Act (Wet op het financieel toezicht – Wft) and the Dutch Money Laundering and Terrorist Financing Prevention Act (Wet ter voorkoming van witwassen en financieren van terrorisme – Wwft)

If Mollie intends to process your personal data for purposes other than those described above, for example for commercial purposes, Mollie will do so on the basis of a legitimate interest or only after you have been explicitly asked for your consent and Mollie has received this consent. You can then withdraw this consent at any time and without giving any reason.

6. How long does Mollie store your personal data?
Mollie will store your personal data for a maximum of until the end of the statutory period or, if there is no such statutory period, for as long as it is necessary to achieve the purposes for which we received your personal data. For the personal data that Mollie receives in connection with the assessment of your application, the creation and execution of the agreement and the processing of payments, this means in any case that Mollie will not store your personal data for longer than five years after your application has been rejected or the agreement has been terminated. This retention period is laid down in the Dutch Financial Supervision Act (Wet op het financieel toezicht – Wft) and the Dutch Money Laundering and Terrorist Financing Prevention Act (Wet ter voorkoming van witwassen en financieren van terrorisme – Wwft).

The retention period also applies to payments made on the basis of the agreement between the customer (webshop owner) and Mollie for Consumers (payer).

7. Does Mollie share your personal data with third parties?
Mollie shares your personal data with third parties if this is necessary for the execution of the agreement, to comply with legal obligations or due to a legitimate interest. Mollie enters into processing agreements with third parties who process your personal data on Mollie's behalf. In this way, Mollie ensures that your personal data always enjoys the same level of protection and that the confidentiality of your personal data is guaranteed. Nevertheless, Mollie remains solely responsible for any processing and therefore takes all appropriate administrative, technical and physical measures to protect your personal data against unauthorized access, accidental loss or alteration.

It is possible that your personal data will also be shared with third parties for purposes other than those described above. In this case, Mollie will only share your data after we have explicitly asked for and received your consent.

Mollie may also share your data with third parties who are also considered data controllers. In this case, Mollie has entered into contracts that ensure comprehensive protection of your personal data.

An overview of the controllers and processors with whom Mollie shares data can be found here. We advise you to consult this overview regularly, as parties may be added or deleted.

8. How does Mollie analyze your website visit?
Mollie uses functional, analytical and tracking cookies. A cookie is a small text file that is stored in the browser of your device (computer, tablet or smartphone) when you first visit one of Mollie's websites. On the one hand, Mollie uses cookies that have a purely technical function. These cookies ensure that the website functions properly and can, for example, save your preferred settings so that Mollie can optimise the websites. On the other hand, Mollie uses cookies that record your browsing behaviour so that Mollie can show you own, tailored content and advertising. When you first visited the website, Mollie already informed you about these cookies and asked for your consent to use these cookies.
Reject cookies

You can refuse cookies by setting your internet browser so that it no longer stores cookies. You can also delete any information that has already been stored in your browser settings.

Third parties, such as advertising companies and/or social media companies, may also place cookies on Mollie's website(s). You can find more information about this here: Cookies .


Integration of the Trusted Shops Trustbadge / other widgets
Trusted Shops widgets are integrated into this website to display Trusted Shops services (e.g. seal of approval, collected reviews) and to offer Trusted Shops products to buyers after an order.

This serves to safeguard our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, which prevail within the framework of a balancing of interests. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, with whom we are jointly responsible for data protection in accordance with Art. 26 of GDPR. As part of this data protection notice, we will inform you below about the essential contractual contents in accordance with Art. 26 Paragraph 2 of GDPR.

The Trustbadge is provided by a US CDN (content delivery network) provider as part of a joint responsibility. An appropriate level of data protection is ensured by standard data protection clauses and other contractual measures. Further information on data protection at Trusted Shops GmbH can be found in their privacy policy.

When you access the Trustbadge, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to you personally. The anonymized data is used in particular for statistical purposes and for error analysis.

After completing the order, your email address, hashed using a cryptographic one-way function, will be sent to Trusted Shops GmbH. The legal basis is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary to fulfil our and Trusted Shops' overriding legitimate interests in providing the buyer protection linked to the specific order and the transactional evaluation services in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. If this is the case, further processing will take place in accordance with the contractual agreement concluded between you and Trusted Shops. If you are not yet registered for the services, you will then be given the opportunity to do so for the first time. Further processing after registration is also governed by the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and personal reference will then no longer be possible.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 Para. 1 lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An appropriate level of data protection is ensured in the case of the USA through standard data protection clauses and other contractual measures and in the case of Israel through an adequacy decision.

As part of the joint responsibility between us and Trusted Shops GmbH, if you have any data protection questions or wish to assert your rights, please contact Trusted Shops GmbH using the contact options provided in the data protection information linked above. Regardless of this, you can always contact the responsible party of your choice. Your request will then be forwarded to the other responsible party for response if necessary.


Search technology “​doofinder, boosting on site search​”
In order to make visiting our website more attractive and to present you with suitable search results more quickly, we use the search technology “DooFinder” (hereinafter DF). This serves to safeguard our legitimate interest in an optimized presentation of our offer, which takes precedence over other interests, in accordance with Art. 6 Paragraph 1 lit. f GDPR. The operator of the technology is DooFinder SL, Madrid 28037, Rufino González 23 bis, 1o 1, Spain.

DF uses pseudonymized usage data to collect information about which products you interact with in our online shop. The aim is to better adapt the shop search to your individual preferences and thus offer a better shopping experience.

To identify individual users, DF uses so-called "cookies", text files that are stored on your computer. An individual number is stored in these, which is used to recognize returning visitors when they visit the website again. The data collected by DF is not merged with your personal data unless you have given us your consent to do so.
If you want to object to the use of pseudonymised usage data by DF, you can click the following link. If you delete the cookies on your computer via the browser settings or certain plug-ins, you must object to the use of pseudonymised usage data again. Regardless of your chosen preference for the collection of pseudonymised usage data, when you interact with a DF server, e.g. when
When you use our shop search, this automatically saves a so-called server log file, which contains, for example, your IP address, browser type/version, date and time of retrieval, the amount of data transferred and the requesting provider (access data) and documents the retrieval.

9. Your rights
You have the right to view, correct, object to, restrict, transfer or delete the personal data processed by Mollie, unless Mollie is unable to do so due to a legal obligation. Mollie is, among other things, obliged to retain data processed in the context of making a payment for a legally stipulated period, as described under 6.

You can send your objection or your request for access, correction, restriction, transfer or deletion to info@mollie.com . In this context, Mollie wants to establish in advance whether this request actually comes from you. Mollie therefore asks you to enclose a copy of your identity card with the request. Mollie will then respond to your request as quickly as possible, but in any case within thirty days.
complaints

If you believe that Mollie has used your personal data wrongfully, or if you are not satisfied with Mollie's response to your request, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or to go to court. For more information, see https://www.autoriteitpersoonsgegevens.nl/ .

10. Protection of your personal data
Mollie attaches great importance to the protection of your personal data. Mollie has taken several technical and organizational security measures to protect your data and to comply with applicable (legal) regulations. We use, among other things, network segmentation, techniques such as firewalls, DDoS protection systems and file integrity monitoring, strong authentication of users, encrypted transmission of information, monitoring and alerting and apply industry best practices for appropriate encryption and system configuration.

The organizational measures include, for example, role separation, least privilege principles, screening of personnel, strict procedures for managing adjustments, incidents, vulnerabilities and suppliers, and recurring training for personnel. In addition, the appropriateness of our security measures is regularly reviewed.

To report any issues with the security of Mollie's systems, we have published a Responsible Disclosure Policy document.

11. Responsibilities of Mollie
Mollie is the controller within the meaning of the General Data Protection Regulation (EU) 2016/679. As an authorised financial institution, Mollie takes this position for the following reasons:

- Mollie determines which personal data must be processed for the correct execution of a payment.
- Mollie determines for what other purposes the personal data may be processed, as long as those purposes are consistent with the purpose for which Mollie received the personal data.
- Mollie must comply with the legal requirements that apply to it, such as requirements under the Dutch Financial Supervision Act (Wet op het financieel toezicht – Wft), the Dutch Money Laundering and Terrorist Financing Prevention Act (Wet ter voorkoming van witwassen en financieren van terrorisme – Wwft) and the Dutch Civil Code (Burgerlijk Wetboek – BW).
- Mollie has established its own general terms and conditions, which apply directly to customers and consumers.

Mollie has registered the data processing with the Dutch Data Protection Authority under number 1449126.

12. Data Protection Officer
Mollie has employed a Data Protection Officer (DPO). The DPO is responsible, among other things, for supervising Mollie's processing of personal data, recording data processing and providing advice on technology and protection. The DPO is registered with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) under registration number FG000763.

If you nevertheless suspect that your data is not sufficiently protected, believe that your personal data has been misused, or believe that Mollie does not adequately ensure the correct processing of personal data, you can send an email to dpo@mollie.com .

Amsterdam, 30 November 2018

----

In cooperation with Klarna AB we offer the following payment options.

General Terms and Conditions / Privacy Policy for purchase on account with BillPay - a Klarna Group Company
(Switzerland – as of 6 September 2018)

I have read the following general terms and conditions and data protection provisions of BillPay GmbH, registered office Zinnowitzer Straße 1 D-10115 Berlin (BillPay). I consent to the use of my personal data in accordance with these data protection provisions.

General terms and conditions for purchase on account with BillPay

BillPay offers the payment method "purchase on account" (purchase on account) for customers of the online shop or its operator (retailer) as an external service provider. Purchase on account is only available to consumers aged 18 and over. Please note that when purchasing on account, the delivery address, residential address and billing address must be identical.

The purchase contract for the goods is concluded exclusively between you and the dealer. The processing of the purchase contract is governed by the dealer's contractual terms and conditions. In particular, the dealer remains responsible for general customer inquiries (e.g. regarding goods, delivery times, shipping), returns, complaints, revocations and claims as well as credit notes.

After the purchase agreement has been concluded, Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm Sweden, initially takes over the merchant's invoice claim and then transfers it to BillPay. BillPay is responsible for the payment modalities in connection with the processing of the purchase agreement. The amount invoiced to you by the merchant must be paid to the BillPay account specified in the invoice by the due date stated on the invoice form at the latest."

If you fail to meet your payment obligation, you will be in default without further notice after the payment deadline has expired and will have to pay interest on arrears of 8%. BillPay is entitled to charge a reminder fee of up to CHF 30 per payment reminder as well as other fees, in particular the costs of any debt collection proceedings. Furthermore, BillPay may refuse to process the payment terms of purchase contracts in the future, including in relation to other retailers.

You will not receive a payment slip from BillPay by post. If you want to make your payment at the post office counter, please fill out a red blank payment slip, which are available free of charge at all post offices. Any postal charges incurred when making a payment at the post office counter will be passed on to you.

In the "My BillPay" customer portal (hereinafter: "customer portal") you will receive an overview of the orders that you have placed in the shop of an online retailer using the "purchase on account" payment method offered by BillPay GmbH. All outstanding payments as well as all payments already completed for each order placed are displayed. The information for each order from the respective online retailer includes: order number and date, article name and number, shipping status, selected payment method, payment due date and status, amount due and, if applicable, service fees. Under the "My account" function, you can view your first and last name as well as your email address and change your password.

The customer portal can be used by natural persons who are 18 years or older and have already placed an order in an online shop using the “purchase on account” payment method offered by BillPay. When registering for the first time, the email address and order number used for the respective order from the online retailer must be entered. The user receives a confirmation email and then selects a password once, which is used together with the email address from the order for further registrations. The user sees all orders placed with all email addresses. The access data may not be passed on or made available to others. It is the registered user’s duty to prevent unauthorized use of this access data and to notify BillPay if he suspects that a third party has unauthorized access to his customer account. BillPay limits any guarantee, liability or warranty for possible damage to the registered user to the legal minimum. There is no legal right to use the customer portal.

A registered user can delete their customer account at any time in the customer portal under "My Account". BillPay can change, restrict or interrupt the customer portal and its functions and design at any time and to any extent. This also applies to maintenance work, further development and disruptions of any kind. In particular, BillPay does not provide any guarantee, liability or warranty for such cases or for loss of data, unless due to mandatory legal regulations. BillPay reserves the right to delete the customer account in the event of a breach of contract, infringement or misuse.

Klarna Privacy Policy

1. Consent to the use of your data

a. BillPay checks whether your request for purchase on account or installment purchase with BillPay can be met, taking into account possible risks of non-payment, or whether another payment method can be offered in consultation with the merchant. For this purpose, BillPay carries out its own identity and credit check after confirmation of the desired payment method "purchase on account".

b. By agreeing to these data protection provisions, you consent to the merchant transmitting your data (first and last name, title, street, house number, postcode, city, date of birth, telephone number, email address, personal information in each case) and the data related to your order (such as shopping cart, order history, payment history, IP address, together with the personal information also the personal data) to Klarna for the purpose of identity and credit checks in order to enable your transaction with the merchant and the purchase on account. Klarna uses the data in accordance with this and Klarna's own data protection policy. Klarna arranges the purchase on account. In addition, Klarna uses the data that was transmitted to Klarna either by the merchant or through a previous transaction with a BillPay or Klarna purchase on account in order to be able to offer you special pre-made offers in the Klarna Global Checkout. You have the option of expressly rejecting this feature if you do not wish to benefit from the pre-made offers.

c. If you choose to purchase on account, you further agree that Klarna will transmit your personal data (first and last name, title, street, house number, postcode, city, date of birth, telephone number, email address, personal information in each case) as well as the data in connection with your order (such as shopping cart, order history, payment history, IP address, together with the personal information also the personal data) to BillPay as received from the merchant, both for the purpose of identity and credit checks and to process the purchase on account. You further agree that BillPay stores and processes your data in its own database in accordance with these data protection conditions.

d. You also agree that BillPay or partner companies commissioned by BillPay may transmit your personal information to credit agencies (credit agencies) for the purpose of identity and credit checks (see above) and may receive information about you from them, as well as creditworthiness information based on mathematical and statistical procedures, the calculation of which includes address data, among other things. You also agree that BillPay or partner companies commissioned by BillPay may store your personal information in their own database and also use it for other contractual partners, provided that they have credibly demonstrated a legitimate interest in the data transmission within the meaning of the Federal Data Protection Act in the individual case.

BillPay uses the following credit agencies:

Germany:
CRIF Bürgel GmbH, Radlkoferstrasse 2,
81373 Munich, Tel.: +49 40 89803-0, Fax: -777/ 778

Creditreform Boniversum GmbH, Hellersbergstrasse 11,
D-41460 Neuss, Tel.: +49 (0)2131-109-501, Fax: -557

SCHUFA Holding AG, Kormoranweg 5, D-65201 Wiesbaden
(Information about the data stored concerning you can be obtained from SCHUFA Holding AG, Consumer Service, PO Box 5640, 30056 Hanover)

Regis24 GmbH, Wallstrasse 58,
D-107191 Berlin, Tel.: +49 (0)30 44350-240, Fax: -249

Bisnode Deutschland GmbH, Robert-Bosch-Strasse 11,
D-64293 Darmstadt, Tel.: +49 (0)6151 380-0, Fax: -360

Austria:
CRIF GmbH, Diefenbachgasse 35/1,
A-1150 Vienna, Tel.: +43 (0)1 897 42 440, Fax: +43 (0)1 897 42 431

Bisnode Austria Holding GmbH, Geiselbergstrasse 17,
A-1110 Vienna, Tel.: +43 (0)1 58861-0, Fax: +43 (0)1 58861-3444

Switzerland:
CRIF AG, Hagenholzstrasse 81,
CH-8050 Zurich, Tel.: +41 (0)44 913 50 58

Bisnode D&B Schweiz AG, Grossmattstrasse 9,
CH-8902 Urdorf, Tel.: +41 (0)44 735 61 11, Fax: +41 (0)44 735 61 61

e. With consent to these data protection provisions and within the framework set out in the Federal Data Protection Act (DSG), BillPay and partner companies commissioned by BillPay are also entitled to store, process, use and transmit data on any non-contractual conduct (e.g. undisputed outstanding claims) to credit agencies. The credit agencies store and transmit the data to their contractual partners in the EU internal market in order to provide them with information for assessing the creditworthiness of natural persons.

f. All data transfers are carried out within the scope of what is legally permissible and taking into account your legitimate interests in the exclusion of transmission or use. You can obtain information about the data stored concerning you from the respective credit agencies as well as from BillPay.


2. Further use of your personal data / Klarna

a. BillPay is aware that the careful handling of your personal data is important to you. Therefore, beyond the purposes of identity and credit checks, your personal data will only be collected, processed, used, stored and, if necessary, transmitted for the following purposes in compliance with the relevant data protection regulations:

Processing of payments for invoice purchases or installment purchases (including dunning and debt collection procedures) as well as for the provision of customer service by the merchants connected to BillPay and/or by us

Analysis of our customers’ payment behavior (internal analysis of end customers’ payment behavior and inquiries to credit agencies), if necessary also for affiliated retailers

Analysis and data sharing for fraud prevention (use of tools to identify and block potential fraudsters)

Offering additional payment options and/or financial services through us or through our partner companies, including companies in the Klarna Group

Sending emails and letters in connection with the provision of our services to you as an end customer and your online retailer

Analysis and maintenance of our databases and customer lists

Disclosure in case of legal or regulatory obligation as well as to enforce BillPays rights and to protect other BillPays customers

b. BillPay reserves the right to transmit personal data to service providers or financial partners commissioned by BillPay for the purposes stated above or to grant them access to it, insofar as this is necessary to fulfill their tasks.

c. BillPay will not sell personal data to third parties for advertising purposes.

d. To ensure the full functionality of the website, your data (title, date of birth, telephone number and, if applicable, business form, company name, VAT number, commercial register number, bank details) are stored in your browser. If you so wish, this information will only be stored until you clear your browser's cache.

3. BillPay endeavours to process your data within the EU or the European Economic Area (EEA). In exceptional cases, data processing outside the EU or the EEA may be carried out by a company affiliated with BillPay or a partner company on behalf of BillPay. BillPay takes all necessary legal precautions to ensure that your data is processed securely and with an appropriate level of protection that is at least equivalent to the level in the EU or the EEA.

4. Use of Akamai

To improve the use of this website, BillPay uses the services of the Content Delivery Network ("CDN") of Akamai Technologies AB, Hemvärnsgatan 9, 17154 Solna, Sweden and its parent company Akamai Inc., 150 Broadway, Cambridge, 02142 MA, USA. For this purpose, the web content retrieved from BillPay's websites is controlled via Akamai's server network. As a rule, servers close to the site visitor's retrieval location are used. In exceptional cases (e.g. in the event of an attack, when pages are accessed outside the EU or when connections within the EU are overloaded), control may take place via servers outside the EU, particularly in the USA. As part of the use of the CDN, your IP address and the data about your Internet usage are processed by Akamai for technical reasons and analyzed for the purposes of fraud prevention. Contracts exist with both Akamai Technologies AB and Akamai Inc. in accordance with data protection requirements.

5. This website uses technologies from etracker GmbH (www.etracker.com) to collect and store data for marketing and optimization purposes. User profiles can be created from this data under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the website visitor's Internet browser. The cookies enable the Internet browser to be recognized. The data collected using etracker technologies will not be used to personally identify the visitor to this website without the separate consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym. The collection and storage of data can be objected to at any time with effect for the future.

6. Revocation of consent , information, correction, blocking and deletion of personal data

a. You can revoke your consent to the collection, processing, use or transmission of your personal data at any time without incurring any costs other than the transmission costs according to the basic rates. Even if you revoke your consent, BillPay remains entitled to process, use or transmit your personal data to the extent that this is necessary for the contractual processing of invoice purchases with BillPay or is legally required or is required by a court or authority.

b. Furthermore, you are entitled to receive information about the data stored by BillPay free of charge and, if necessary, to have this data corrected, blocked or deleted.

7. Company Data Protection Officer

If you have any questions regarding the collection, use, processing or transmission of your personal data or if you would like information, correction, blocking or deletion of this data, please contact the company data protection officer in writing:
External company data protection officer
Michael Schramm
c/o HK2 competition GmbH
Hausvogteiplatz 11A
D-10117 Berlin
data protection officer@billpay.de


We use the web analysis services Google Analytics and Microsoft Bing to analyze and optimize our online presence. Google Analytics is a product of Google Inc., Amphitheatre Parkway 1600, Maintainview, California, USA; Microsoft Bing is a product of Microsoft Corporation, Microsoftway 1, Redmond, Washington, USA. Since both services can transmit and store information about the use of the website via servers in the USA, we would like to point out that both Google and Microsoft guarantee compliance with European data protection law under the Privacy Shield Agreement. The analysis services use the data about your activity on our website and your IP address to compile reports on activity on our website. Pseudonymized user profiles can be created, and your IP address is usually also pseudonymized or shortened. The data collected by Google Analytics is automatically deleted after a period of 26 months.

Click here to view Google's privacy policy: https://policies.google.com/privacy?hl=de

Click here to view Microsoft’s privacy policy: https://privacy.microsoft.com/de-de/privacystatement


We also evaluate visit action data using the Google AdWords service from Google Inc., Amphitheatre Parkway 1600, Maintainview, California, USA, to analyze the effectiveness of our advertising. This conversion tracking registers when you click on an ad placed by Google, confirms that you were redirected to our online offering via a Google ad, and provides interaction data to assess the success of the advertising. No personal data is processed and each user receives a different cookie, which is why we do not receive any information from which you as a user can be personally identified. Google guarantees under the Privacy Shield Agreement that European data protection law is adhered to.

Click here to view Google's privacy policy: https://policies.google.com/privacy?hl=de


In order to be able to offer you improved customer service, we give you the opportunity to chat with us as part of our online offering. This live chat function is handled with tawk.to, a product of tawk.to Inc., 187 East Warm Springs Rd, Las Vegas, Nevada, USA. It is not necessary to enter personal data; all enquiries via this function reach us anonymously. Only the country from which you contact us and your IP address are transmitted together with your input. Since the transmission of this data by tawk.to to a third country cannot be ruled out, we would like to point out that tawk.to guarantees compliance with European data protection law.

Click here for tawk.to's privacy policy: https://www.tawk.to/data-protection/dpa-data-processing-addendum/
Click here for the data protection guarantee: https://www.tawk.to/data-protection/gdpr/


Payment guarantee via Novalnet:
When paying using the payment methods “purchase on account” and “direct debit”, the purchase price claim is assigned to Financial Management Solutions GmbH (under the brand InfinitePay) (hereinafter referred to as “InfinitePay”) via Novalnet AG as the payment institution. The data required for payment processing is transmitted to InfinitePay. The data transmission serves, among other things, the purpose of enabling InfinitePay to carry out an identity and credit check in order to process your purchase using the payment method you have requested. The processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to the legitimate interest in offering various payment methods and the legitimate interest in protection against payment default. For reasons arising from your particular situation, you have the right to object at any time to this processing of personal data concerning you based on Art. 6 Para. 1 lit. f GDPR by notifying us. InfinitePay’s privacy policy can be found here: https://www.infinitepay.de/datenschutzhinweise

If you would like to receive information about the use of your personal data, you can contact datenschutz@fms-mainz.de at any time. The provision of the data is necessary for the conclusion of the contract with the payment method you requested. Failure to provide the data means that the contract cannot be concluded with the payment method you requested.


Shore online appointment booking
This website uses the online appointment booking and customer management system of Shore GmbH, Ridlerstraße 31, 80339 Munich, Germany (hereinafter "Shore"). When using the online appointment booking, personal data is transmitted to Shore as part of the order processing. In this context, we ask you to send us certain data such as your name, email address and, if applicable, your telephone number (further information is possible voluntarily depending on the data sheet). This serves the sole purpose of identifying you without a doubt, processing your request and thus being able to inform and advise you as desired. Contacting us is voluntary and the data is collected based on our legitimate interest in accordance with Art. 6 Paragraph 1 Letter f) GDPR. Before the appointment, you will receive a booking confirmation and an appointment reminder by SMS and/or email. We process your data for the purpose of providing the service and as a reminder of the upcoming appointment.
When you make your first booking, a customer profile is created in which the data you provide is stored. We remain the responsible party in accordance with Art. 4, 28 GDPR. The information you provide is processed by Shore for us and stored on Shore's servers in Germany.
As part of the online booking, Shore uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the booking system. You can find Shore's privacy policy here: https://www.shore.com/de/datenschutz. Shore is used on the basis of legitimate interest in accordance with Art. 6 Paragraph 1 Letter f) GDPR. Furthermore, it is also in the interest of our customers to have the option of booking appointments quickly and effectively. Specifically, Google Analytics is integrated into the booking system in order to evaluate the use of the online booking system, compile reports on activities and receive other services associated with the use of the online booking system, such as Google Analytics reports on performance according to demographic characteristics and interests. Shore uses Google Analytics in the data protection-compliant configuration with the extension "_anonymizeIP()" to ensure anonymous collection of IP addresses (so-called IP masking). For more information about Google Analytics and the option to opt out, please visit https://support.google.com/analytics/answer/181881?hl=en .
https://developers.google.com/analytics/devguides/collection/analyticsjs/user-opt-out

Shore Online Payment
When booking an appointment, you have the option of making a payment transaction directly and paying for the booked service. The data processed by the payment service provider includes contact details and your credit card number, as well as the amount to be paid. The information is required to carry out the transactions. The payment information entered is only processed by the payment service provider. The payment service provider uses so-called "cookies", text files that are stored on your computer to enable online payment. The processing is carried out on the basis of Art. 6 Para. 1 lit. b) GDPR to fulfill the contract.Newsletter
When booking an appointment, you have the option of signing up for our newsletter. In the newsletter, we will inform you about product news and other interesting news, offers and similar products or services. For this purpose, the data entered in the input mask during registration is collected. This is: title, name, e-mail address. This data is used exclusively for the purpose of sending the newsletter. Processing is based on your consent in accordance with Art. 6 Paragraph 1 Letter a) GDPR. This consent can be revoked at any time. If you no longer wish to receive a newsletter, you can object to its use by clicking on the link at the end of the respective e-mail. The newsletter is sent via a Shore service. We remain the responsible body within the meaning of Art. 4 and 28 GDPR for the content and legality of the processing.


Enhanced Conversions - Google Ads
If you as a customer click on our Google ads and then use the advertised service (so-called 'conversion'), certain user data, such as email addresses, names, home addresses or telephone numbers, may be transferred to Google. This data is sent to Google in encrypted form (hash values) and compared with the users' existing Google accounts. This enables us to better analyze the interaction behavior of users with the ads, such as clicks or views, and to optimize the performance of the ads. The legal basis for this data processing is the consent of the users in accordance with Article 6 paragraph 1 sentence 1 letter a) of the General Data Protection Regulation (GDPR).

-------------------