(As at 22.05.2018)
We, QRSKIN GmbH (hereinafter also referred to as QRSKIN), take the protection of your personal data seriously. We adhere strictly to the rules of the data protection laws of the Federal Republic of Germany (Datenschutzgesetz, BDSG), the German Telemedia Act (Telemediengesetz, TMG) and the European Union's General Data Protection Regulation (GDPR). Insofar as reference is made to the GDPR in this privacy statement, please note that this only applies from 25 May 2018. Prior to that, the legal basis is the BDSG.
This data privacy statement extends to the use of the digital offerings of QRSKIN via PC, smartphones, tablets and all other internet-enabled mobile end-devices.
The digital offerings may contain links to other websites of third-party service providers, to which this data privacy statement does not relate.
1. Data controller
The data controller for the processing of your personal data is
2. Purpose of processing personal data
2.1 Data processing for provision of the contractual services
We process your data in order to handle the contractual relations between you and ourselves, and to be able to circulate contractual offers matched to your needs to you. Data are collected for this purpose particularly on the conclusion of a contract concerning one of our products, if you make contact with us via our website.
We make our contact details available to you on our website. You can get in touch with us at any time using these details. You hereby decide on a voluntary basis whether you wish to provide us with data, and with which data.
For an order, we require your accurate name, address and payment details. Was ask for your e-mail address and telephone number so that we can confirm receipt of your order and communicate with you if there are any problems with the service you have ordered
The basis for the data processing is point (b) of Article 6 (1) GDPR, which permits the processing of data for fulfilment of a contract or of steps prior to entering into a contract.
2.2 Data processing for communication with you
In addition to the contract data, we process the communication data you provide (address, telephone number, e-mail address) in order to be able to get in contact with you. Personal data that you communicate to us via e-mail are only processed for correspondence with you or only for the purpose for which you have provided us with the data.
The basis for the data processing is Art. 6 (1) (b) GDPR, which permits the processing of data that are necessary for the performance of a contract or in order to take steps prior to entering into a contract.
2.3 Data processing for advertising purposes
In the event that your data are used for advertising purposes for our products and for other products from our cooperation partners, we will obtain your prior consent.
The data are therefore processed on the basis of your consent (point (f) of Art. 6 (1) GDPR). You can withdraw your consent at any time. Withdrawal does not affect the lawfulness of the data processing operations that have already occurred.
2.4 Data processing for fulfilment of legal obligations
In addition, we process your data to fulfil legal obligations (e.g. requirements under supervisory legislation, obligations for retention and duties to keep records under commercial and tax law).
The basis for the data processing is point (c) of Art. 6 (1) (b) GDPR, which permits processing to fulfil a legal obligation.
2.5 Use of data for the purposes of preventing fraud
The data given by you as part of an order may be used by us to check whether an atypical order process exists. On our side, we have a fundamental legitimate interest in undertaking such checks. The data are processed on the legal basis of point (f) of Art. 6 (1) GDPR.
2.6 Sending data regarding open receivables to collection service providers
Should you not settle outstanding invoices/instalment payments despite repeated reminders, we may transfer the data necessary for collection of the debt to be carried out (name, address, e-mail address, details of the company and, where necessary, data on the contract and the receivable) to a collection service provider for the purpose of selling the outstanding receivables and also for the purpose of collecting the receivable and handling the collection process. If the outstanding receivables are sold, that party then becomes the owner of the receivable and asserts the claim in its own name.
Cookies are small text files that are stored on the computer of a visitor and contain data about the respective user, in order to enable that person to have access to various functions. On our website, both session cookies and persistent cookies are used. A session cookie is stored temporarily on the computer you use, while you navigate the website. A session cookie is erased as soon as you close your internet browser or as soon as your session expires after a given time. A persistent cookie remains on your computer until it is deleted. Storing a cookie guarantees that you are not required to enter your personal settings and preferences repeatedly every time you visit the site. This saves you time and makes using our website a more convenient experience for you.
2.8 Google Analytics
For more information on conditions of use and data privacy, visit http://www.google.com/analytics/terms/ or https://www.google.com/policies.
We would like to advise you that on this website Google Analytics was enhanced using the code "anonymizeIp" in order to guarantee the anonymised recording of IP addresses (a process known as IP masking).
The storing of Google cookies and the evaluation for statistical purposes is conducted on the basis of point (f) of Art. 6 (1) GDPR. We have a legitimate interest in analysing user behaviour in order to optimise both our offering and also advertising for our offering, as needed.
2.9 Log files
With every access to our websites, usage data is transferred by the respective internet browser and stored in log files, known as server log files. The data sets that are stored in this process contain the following data: the date and time of download, the name of the page viewed, the IP address, the referrer URL (the originating URL identifying from where you have come to our web pages), the data volume transferred, and the product and version information on the browser used. The IP addresses of users are erased or anonymised following the end of the use.
The basis for the data processing is point (f) of Art. 6 (1) GDPR, which permits the processing of data to safeguard the legitimate interests of the controller, where these are not outweighed by the interests or basic rights and basic freedoms of the data subject.
3. Categories of recipients of personal data
Your personal data are only forwarded to third parties or otherwise transferred if this is necessary for the purpose of handling the contract or settlement or you have previously given your consent to this or a legal basis exists for the forwarding.
Where necessary for contract handling or for the sending and delivery of products and rewards, data is forwarded to partner companies who have been commissioned to assist in contract handling.
Our partners are obligated to respect and observe the provisions under data protection law. Our partners are not permitted to use the data for purposes other than for handling the contract.
Additionally, personal data may be forwarded as part of checks of creditworthiness.
In the case of co-operation agreements where we only take on the of intermediary, your personal data are only forwarded to the co-operation partner insofar as this is necessary for the purposes of concluding the contract and contract handling for the co-operation partner. Both we and the co-operation partner are obliged, as part of the co-operation, to respect the provisions of the data protection laws. This obligation also continues beyond the ending of the respective contract.
Service providers who support us in the provision of our service to you are sales and marketing partners, credit checking and collection service providers, cloud services and software as a service (SaaS) providers, IT service providers, particularly service providers for software and hardware maintenance, hosting providers and e-mail service providers.
4. Duration of data storage
We will normally delete your data as soon as they are no longer necessary for the purposes stated above, unless temporary retention continues to be required. For instance, we store your data on the basis of the legal duties of retention and to keep records arising amongst others from the German Commercial Code (Handelsgesetzbuch) and the Fiscal Code (Abgabenordnung). These impose storage periods of up to ten full years. In addition, we retain your data for the period during which claims can be lodged against our company (statutory limitation period of three or up to thirty years).
5. Data security
Your personal data are transferred securely in our company via encryption. This applies both for your order and also for the customer log-in. We use the SSL (Secure Socket Layer) coding system to this end. In addition, we implement technical and organisational measures on our web pages and other systems to prevent the loss, destruction, access, manipulation or distribution of your data by unauthorised persons.
6. Rights as data subject
The prevailing legal provisions give you the right at any time to receive information free of charge on the personal data stored concerning you, their origin and recipients and the purpose of the data processing and, where applicable, the right to have these data rectified, blocked or erased. You can contact us using the contact data stated in section 1 at any time for more information on this or any other issues relating to personal data.
Moreover, you may have a right to demand the restriction of processing of your data and a right to receive the data you have provided in a structured, commonly used and machine-readable format.
If you have given us consent for processing of personal data for particular purposes, you may withdraw your consent at any time with future effect.
You may object to the processing of your data for direct advertising purposes.
You may similarly object to the use of your data for market research and opinion polling at any time, either entirely or for particular measures.
We process your data to safeguard legitimate interests, and you are have the right to object to this processing on grounds relating to your particular situation.
In addition, you have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:
Bayerisches Landesamt für Datenschutzaufsicht
Telefon: +49 (0) 981 53 1300
Telefax: +49 (0) 981 53 98 1300