Data Privacy Statement

 

1) Information about the collection of personal data and the contact data of the controller

1.1 Thanks for visiting our website! We appreciate your interest. The following will inform you about how your personal data will be treated when you use our website. “Personal data” means all data which can be used to identify you.

1.2 For the purposes of the General Data Protection Regulation (GDPR), the controller for data processing on this website is MBR Medical Beauty Research® GmbH, Edelhofweg 8–9, 08301 Bad Schlema, Germany. Phone: +(49) 37 72 – 39 52 8-0, Fax: +(49) 37 72 – 39 52 8-19, e-mail: info@nullm-b-r.de. The “controller” for the processing of personal data is the natural person or legal entity who, alone or in conjunction with others, decides on the purposes and means of processing personal data.

1.3 The controller has appointed a data protection officer who can be reached as follows: “Nico Lange, MBR GmbH, Edelhofweg 8–9, 08301 Bad Schlema, 03772/395280, datenschutz@nullm-b-r.de

1.4 This website uses SSL or TSL encryption, for security reasons and to protect the transmission of personal data and other confidential content (such as orders or questions sent to the controller). You can recognise an encrypted connection by the character sequence “https://” and the padlock icon in your browser line.

2) Data collection during visits to our website

If you use our website only for informational purposes, and thus do not register or otherwise transmit information to us, we collect only data which your browser transmits to our server (known as “server log files”). If you access our website, we will collect the following data, which are technically necessary for us to show you our website):

– Which website of ours you visited

– Date and time of access

– Quantity of data sent, in bytes

– Source or reference from which you arrived at the site

– Browser used

– Operating system used

– IP address used (possibly in anonymised form)

The data are processed under Art. 6 (1) f GDPR, based on our legitimate interest in improving our website’s stability and functionality. The data will not be used for other purposes or forwarded. However, we reserve the right to check the server log files at a later time if there are specific indications of illicit use.

3) Cookies

To make visiting our website attractive and to allow for the use of certain functions, we use cookies on different sites. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and allow us or our partner companies (“third-party cookies”) to recognise your browser when you visit us again (“persistent cookies”). If cookies are placed, they collect and process certain individualised user information, such as browser and location data, as well as IP address values. Persistent cookies are deleted automatically after a specified period, which can differ according to the cookie.

Some cookies serve the purpose of simplifying the order process by storing your preferences (e.g. saving the content of a virtual shopping cart for later use). If personal data are also processed through individual cookies we implement, that processing will take place under Art. 6 (1) b GDPR to implement the contract or, under Art. 6 (1) f GDPR, to guard our legitimate interests in having our website function at its best and our site visit be customer-friendly and effective.

Under certain circumstances, we cooperate with advertising partners who help us design our internet presence to be more interesting for you. To that end, cookies from partner companies (third-party cookies) will also be stored on your hard drive when you visit our website. If we collaborate with such advertising partners, you will be individually and separately informed within the following paragraphs about the use of such cookies and the scope of the information collected thereby.

Please note that you can change your browser settings to inform you when cookies are being placed, so you can decide to accept them individually or to exclude them in certain cases or in general. Every browser manages its cookie settings differently. This is described in every browser’s “Help” menu, which will tell you how to change your cookie settings. You will find these for the browser in question under the following links:

Internet Explorer: support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: help.opera.com/en/latest/web-preferences/#cookies

Deciding to refuse cookies can limit our website’s functionality.

4) Contact

When you contact us by contact form or email, personal data will be collected. Each contact form specifies the data that will be collected if it is used. These data will be stored and used exclusively to address your concerns or establish contact, and for the technical administration this entails. The legal basis for processing the data is our legitimate interest in addressing your concerns under Art. 6 (1) f GDPR. If you are contacting us to conclude a contract, processing will also be legally based on Art. 6 (1) b GDPR. After your request has been handled, your data will be erased. This is the case if circumstances indicate that the matter has been cleared up, insofar as erasing your data would not oppose any statutory retention requirements.

5) Data processing for the purpose of registering a customer account and implementing a contract.

As per Art. 6 (1) f GDPR, personal data will continue to be collected and processed if you share these data with us in order to implement a contract or register a customer account. The nature of the data collected depends on the respective entry forms. You can delete your customer account at any time by contacting the controller using the aforementioned contact details. We store the data you share with us and use it to complete your contract. After the completion of the contract or deletion of your customer account, your data is blocked in consideration of tax and commercial law retention periods, but it is blocked for any other purposes and deleted after these periods, unless you have expressly consented to the further use of your data or we have reserved the right to process your data further within the scope permitted by law, as described below.

6) Utilisation of your data for direct advertising

6.1 Subscription to our e-mail newsletter

If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. We only need your e-mail address to do this. You can provide additional data voluntarily, and we will use this data to address you personally. For our newsletter, we use the ‘double opt-in’ system. This means that we will only start sending you our e-mail newsletter once you have explicitly confirmed that you consent to receiving it. We will send you a confirmation e-mail containing a link, which you need to click in order to confirm that you wish to receive the newsletter in future.

By clicking the confirmation link, you consent to our using your personal data as per Art. 6 (1) a GDPR. When you subscribe to the newsletter, we store your IP address as entered by your internet service provider (ISP) and the date and time of your subscription for later reference in the case of abuse of your e-mail address. The data we collect when you subscribe to our newsletter will be used exclusively for addressing advertising to you in the newsletter. You can cancel your subscription at any time by clicking the corresponding link in the newsletter or sending a message to the controller specified above. Following your cancellation, your e-mail address will be deleted from our mailing list immediately unless you have explicitly consented to our further use of your data or we reserve the right to process your data further within the scope permitted by law, as described in this declaration.

6.2 Distribution of our e-mail newsletter to existing customers

If you have given us your e-mail address when purchasing goods or services, we reserve the right to send you regular e-mails containing information about similar goods or services from our range. We do not need to obtain your consent separately to do this. Data processing is based solely on our legitimate interest in personalised direct advertising under Art. 6 (1) f GDPR. If you object to the use of your e-mail address for this purpose during the purchasing process, we will not send you any advertising e-mails. You have the right to object to the continued use of your e-mail address for the aforementioned advertising purposes at any time by messaging the controller specified at the beginning of this document. This will only incur transmission costs as per the basic tariffs. After we receive your objection, we will immediately cease to use your e-mail address for advertising purposes.

6.3 Newsletter distribution via CleverReach

The distributor of our e-mail newsletter is the technical service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede (“CleverReach”), to whom we transfer the data you share with us when subscribing to our newsletter. The data are transferred as per Art. 6 (1) f GDPR based on our legitimate interest in using a promotionally effective, secure, user-friendly newsletter system. The data you enter for the purpose of obtaining our newsletter (e.g. your e-mail address) are stored on the servers of CleverReach in Germany or the Republic of Ireland.

CleverReach uses this information to dispatch our newsletter and evaluate them statistically on our behalf. To facilitate this evaluation, our sent e-mails contain ‘web beacons’ or ‘tracking pixels’, image files of a single pixel that are saved on our website. This allows us to find out whether a newsletter has been opened and which links (if any) were clicked. This ‘conversion tracking’ system can also analyse whether a pre-defined action (e.g. purchase of a product from our website) took place after the link was clicked. It further records technical information (e.g. time of access, IP address, browser type and operating system). We collect all data in a pseudonymised format and do not link them to your other personal data to ensure that they cannot be connected to a particular individual. These data are used for the exclusive purpose of analysing newsletter campaigns statistically. The results of these analyses can be used to adapt future newsletters to their recipients’ interests more effectively.

If you want to object to the analysis of your data for the purpose of statistical analyses, you will need to cancel your subscription to our newsletter.

We have concluded a processing agreement with CleverReach in which CleverReach undertakes to protect our customers’ data and not to share them with third parties.

For more information about data analysis by CleverReach, see:

www.cleverreach.com/en/features/reporting-tracking/

For the CleverReach privacy policy, see:

www.cleverreach.com/en/privacy-policy/

6.4 Postal advertising

Based on our legitimate interest in personalised direct advertising, we reserve the right to save your first and last name, mailing address and – if we have received this additional information from you in the context of the contractual relationship – your title, academic degree, birth year as well as your professional, industry or business name under Art. 6 (1) f GDPR and to use said information for sending interesting offers and information about our products by post.

You can object to the storage and use of your data for this purpose at any time by sending a corresponding message to the controller.

7) Processing of personal data for order processing

7.1 To the extent necessary to deliver the goods, the personal information we collect will, as part of the contract execution, be passed on to the transport company that is commissioned with the delivery. We provide your payment data to the authorised credit institution as part of the settlement of payments if this is necessary to process your payment. If we use any payment service providers, we will inform you about them in detail in the following section. The legal basis for disclosing the data is Art. 6 (1) f GDPR.

7.2 Disclosure of personal data to shipping providers

– DHL

If the delivery of goods is carried out by the transport provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we provide your e-mail address to DHL prior to the delivery of the goods as per Art. 6 (1) a GDPR for the purpose of agreeing upon a delivery date or notifying you of the delivery, provided that you have expressly consented to this during the order process. Otherwise, we only provide the recipient’s name and the delivery address to DHL for the purpose of delivering your order as per Art. 6 (1) b GDPR. We only disclose this data if required for the delivery of the goods. In this case, prior coordination of the delivery date with DHL and the issuance of a notification regarding the delivery by DHL are not possible.

You can withdraw your consent from the aforementioned controller or the shipping service provider DHL for future effect at any time.

– UPS

If the delivery of goods is carried out by the transport provider DHL UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we provide your e-mail address to UPS prior to the delivery of the goods as per Art. 6 (1) a GDPR for the purpose of agreeing upon a delivery date or notifying you of the delivery, provided that you have expressly consented to this during the order process. Otherwise, we only provide the recipient’s name and the delivery address to UPS for the purpose of delivering your order as per Art. 6 (1) b GDPR. We only disclose this data if required for the delivery of the goods. In this case, prior coordination of the delivery date with UPS and the provision of shipping status information by UPS are not possible.

You can withdraw your consent from the aforementioned controller or the shipping service provider UPS for future effect at any time.

7.3 Utilisation of payment service providers

– Heidelpay

Credit card payments are processed by Heidelberger Payment GmbH, Vangerowstraße 18, 69115 Heidelberg (“Heidelpay”), to whom we will disclose your personal data as shared with us during the order process for the exclusive purpose of processing your payment under Art. 6 (1) b GDPR. We only disclose this data if it is actually required to process your payment. To process the payment Heidelpay discloses your data – if required – to HUELLEMANN & STRAUSS ONLINESERVICES S.A., 1, Place du Marché, 6755 Grevenmacher, Luxemburg under Art. 6 (1) b GDPR.

If you select the payment option “purchase on account via Heidelpay” or “direct debit via Heidelpay”, you will be prompted during the ordering process to provide your personal data (first and last name, street, house number, postcode, city, date of birth, e-mail address and phone number). To protect our legitimate interest in determining the solvency of our customers, we disclose those data under Art. 6 (1) f GDPR to Heidelberger Payment GmbH, Vangerowstr. 18, 69115 Heidelberg (“Heidelpay”) for the purpose of a credit check. On the basis of the personal data that you provide as well as other data (such as shopping cart, invoice, order history, payment history), Heidelpay checks whether your selected payment option can be granted in terms of payment and/or debt risks. To facilitate our decision on entering into or completing a contractual relationship, we are also entitled to obtain information about your identity and solvency from the following credit agencies under Art. 6 (1) f GDPR:

– SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden

– CRIF Bürgel GmbH, Friesenweg 4, Haus 12, 22763 Hamburg

– Arvato Infoscore GmbH, Rheinstraße 99, 76532 Baden-Baden

– Deltavista GmbH, Kaiserstraße 217, 76133 Karlsruhe

– UNIVERSUM Business GmbH, Hugo-Junkers-Straße 3, 60386 Frankfurt am Main

– Bisnode International Group, Robert-Bosch-Straße 11, 64293 Darmstadt

– Regis24 GmbH, Wallstraße 58, 10179 Berlin

– Creditreform AG, Hellersbergstraße 12, 41460 Neuss

The credit report can include probability values (so-called score values). If score values are incorporated in the result of the credit check, they are based upon a scientifically recognised mathematical and statistical method. The calculation of the score values includes address data (among other information).

You can object to this use of your data at any time by messaging the data processing officer or Heidelpay. Heidelpay may retain the right to process your personal data if this is necessary to complete your payment in accordance with the contract.

– Paypal

In the case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment in instalments” via PayPal, we provide your payment information (within the payment process) to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The disclosure of the data takes place as per Art. 6 (1) f GDPR and within the scope required for processing the payment.

PayPal reserves the right to conduct a credit check for the payment methods of credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment in instalments” via PayPal. To this end, your data may be disclosed to credit agencies under Art. 6 (1) f GDPR, based on PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check with respect to the statistical probability of default for the purpose of the decision concerning the provision of the respective payment method. The credit report can include probability values (so-called score values). If score values are incorporated in the result of the credit check, they are based upon a scientifically recognised mathematical and statistical method. The calculation of the score values includes address data (among other information). For more information about data protection, including the credit agencies used, please refer to the Privacy Policy of PayPal: www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this use of your data at any time by messaging PayPal. PayPal may, however, retain the right to process your personal data if this is necessary to complete your payment in accordance with the contract.

8) Use of graphic rating and certification marks

EHI certification mark widget

On our website, we use the seal “EHI Geprüfter Online-Shop” [EHI-certified online shop], a widget by EHI Retail Institute GmbH, Spichernstraße 55, 50672 Cologne (“EHI”). Whenever an user visits our website, the EHI servers upload dynamic content (current shop ratings, certificate etc.) to the widget. In this context, your IP address, your previously visited website, the date and time of your access, the transferred data volume, your browser type and version, your operating system and the requesting provider (referrer data) are transferred to the EHI servers. Those data are processed based on our legitimate interest in optimising our service under Art. 6 (1) f GDPR.

For more information about data protection at EHI, see: www.ehi-siegel.de/datenschutz

9) Online marketing

Use of Google AdWords conversion tracking

This website uses the online ad programme “Google AdWords” and, as part of Google AdWords, the conversion tracking of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use the services of Google AdWords so we can use promotional materials (Google AdWords) on external websites to draw attention to our attractive offerings. We can determine how successful the individual promotional measures are in relation to the data of those ad campaigns. Therefore, we pursue our interest in showing you ads that will intrigue you, making our website more appealing, and invoicing advertising costs fairly.

The cookie for conversion tracking is set when a user clicks on an AdWords placed by Google. Cookies are small text files that are stored on your computer system. After 30 days, these cookies will normally become ineffective and unable to identify you personally. If the user visits certain pages of this site and the cookie has not yet expired, we and Google can recognise that the user has clicked on the ad and proceeded to that page. Each Google AdWords advertiser receives a different cookie. Cookies therefore cannot be tracked via the sites by AdWords customers. The information collected with the aid of conversion cookie are used to create conversion statistics for AdWords customers that have opted for conversion tracking. Customers receive information as to the total number of users who have clicked on their ad and proceeded to a page tagged with a conversion tracking tag. However, they do not receive any information that can personally identify a user. If you don’t want to participate in tracking, you can block this function by deactivating Google conversion tracking on the user settings of your internet browser. You will then not be included in the conversion tracking statistics. We use Google AdWords based on our legitimate interests in targeted advertising under Art. 6 (1) f GDPR.

Google LLC, with registered office in the USA, is certified for the US-European data privacy treaty “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU.

You can find more information about the Google Privacy Policy at the following Internet address: policies.google.com/privacy

You can deactivate cookies for advertising procedures by changing the settings of your browser software accordingly or by downloading and installing the browser plug-in available under the following link:

www.google.com/settings/ads/plugin?hl=gb

Please note that deactivating the use of cookies might render certain functions of this website unusable or not fully usable.

10) Web analysis services

Google (Universal) Analytics

– Google Analytics

Our website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies, text files that are stored on your computer and allow us to analyse how you use our website. The information the cookie generates about your use of this website (including the truncated IP address) is normally transmitted to a Google server in the USA and stored there.

This website uses Google Analytics exclusively with the extension “anonymizeIP()”, which anonymises the IP address by truncating it to prevent it from being traced to you. Google will use that extension to truncate your IP address in advance within the member states of the European Union or in other Contracting Parties to the EEA Agreement. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. In these exceptional cases, the data is processed under Art. 6 (1) f GDPR, based on our legitimate interest in statistically analysing user behaviour for optimisation and marketing purposes.

On our behalf, Google will use this information to evaluate your use of the website, create reports about website activities and render additional services for us which are related to website use and internet use. The IP address that is transmitted from your browser in the context of Google Analytics will not be merged with other data from Google.

You may prevent the storing of cookies by appropriately adjusting your browser software; however, we would like to point out that, in that case, you may not be able to use all of the features of this website to their full extent. You can also prevent the collection of the data generated by the cookie and about your use of the website (including your IP address) to Google as well as the processing of these data by Google by downloading and installing the browser plug-in which is available at the following link:

tools.google.com/dlpage/gaoptout?hl=gb

Alternatively to the browser plug-in or within browsers on mobile devices, please click on the following link in order to place an opt-out cookie which will prevent the collection by Google Analytics on this website in the future (this opt-out cookie will only work in this browser and only for this domain; to delete your cookies in this browser, you have to click on this link again): <a onclick=”alert(‘Google Analytics has been deactivated’);”href=”javascript:gaOptout()”>Deactivate Google Analytics</a>

Google LLC, with registered office in the USA, is certified for the US-European data privacy treaty “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU.

You can find more information about how user data is treated in Google Analytics in Google’s data privacy statement: support.google.com/analytics/answer/6004245?hl=de

11) Retargeting / remarketing / advertising for recommendation

Google Adwords remarketing

Our website uses the functions of Google AdWords remarketing, through which we advertise for this website in the Google search results and third-party websites. The provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). To this end, Google places a cookie in the browser of your end device, which automatically enables interest-based ads by using a pseudonymous cookie ID based on the pages you have visited. The processing is based on our legitimate interest in optimally marketing our website under Art. 6 (1) f GDPR.

Data is processed beyond this only if you have given Google your consent to connect your internet and app browser history with your Google account and to use information from your Google account to personalise ads you see in the web. In this case, if you are logged into Google while you visit our website, Google will use your data together with Google Analytics data to compile and define target group lists for cross-device remarketing. In addition, Google will temporarily combine your personal data with Google Analytics data to form target groups.

You can deactivate the setting of cookies for ad purposes permanently by downloading and installing the browser plug-in available under the following link: www.google.com/settings/ads/onweb/

Alternatively, you can get information from the Digital Advertising Alliance at the internet address www.aboutads.info about the placement of cookies and change your settings to that end. Finally, you can set your internet browser to inform you about the placement of cookies and decide to accept them individually or exclude their acceptance for individual cases or in general. Choosing to reject cookies might restrict our site’s functionality.

Google LLC, with registered office in the USA, is certified for the US-European data privacy treaty “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU.

Further information as well as the privacy policy regarding advertising and Google can be found here:

www.google.com/policies/technologies/ads/

12) Tools, miscellaneous

Google Maps

On our website, we use Google Maps (API) of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for presenting interactive maps to show geographic information. Using this service will show you our location and make getting there easier.

By accessing the subpages which incorporate the maps of Google Maps, information about your use of our website (such as your IP address) will be transmitted to Google servers in the USA and stored there. This will occur regardless of whether Google provides a user account into which you are logged, or whether a user account exists. If you are logged in with Google, your data will be assigned directly to your account. To keep this from happening, you must log out of Google before activating the button. Even if you aren’t logged in, Google will store your data as a usage profile and evaluate that profile. The collection, storage and evaluation will be carried out in particular under Art. 6 (1) f GDPR, based on Google’s legitimate interest in inserting personalised ads, market research, or designing needs-based Google websites. You may object to this user profile being formed. To exercise that right, you must contact Google.

Google LLC, with registered office in the USA, is certified for the US-European data privacy treaty “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU.

If you don’t want your data transmitted to Google when you use Google Maps in the future, you can deactivate the Google Maps web service by turning of the JavaScript application in your browser. If you do, you will not be able to use Google Maps or (therefore) the map display on this internet site.

You can find Google’s usage conditions under policies.google.com/terms, and the additional usage conditions for Google Maps under www.google.com/intl/gb/help/terms_maps.html

You can find comprehensive information about data privacy in connection with the use of Google Maps on Google’s internet site (“Google Privacy Policy”): policies.google.com/privacy

13) Rights of the data subject

13.1 Applicable data protection law grants you extensive data subject rights (rights to information and intervention) about which we will inform you in the following:

– Right of access to information under Art. 15 GDPR: In particular, you have the right of access to the personal data we are processing about you, the purpose of that processing, the categories of processed personal data, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining it, the existence of rights to rectification, erasure, restriction of processing, objection against the processing, lodging a complaint with a supervisory authority, the origin of your data (if we did not collect them from you), the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the implications for you, if need be, and the sought-after effects of such processing, as well as your right to be informed of which guarantees exist under Art. 46 GDPR if your data are forwarded to third countries;

– Right to rectification under Art. 16 GDPR: You may demand the correction of incorrect data concerning you, or the completion of incomplete data about you we have stored, or both, without undue delay.

– Right to erasure under Art. 17 GDPR: You may demand that your personal data be erased if the conditions of Art. 17 (1) GDPR have been met. However, you will not be so entitled in particular if the processing is necessary to exercise the right to free information and expression of opinion, to fulfil a legal obligation, for reasons of the public interest, or to assert, exercise or defend against legal claims;

– Right to restriction of processing under Art. 18 GDPR: You may demand that the processing of your personal data be restricted if the correctness of your data (which you contest) is reviewed, you waive your right to have your data erased because those data were impermissibly processed and instead demand that their processing be restricted, you need your data to assert, exercise or defend against legal claims, we no longer need them to reach their intended purpose, or you have lodged an objection for reasons arising from your particular situation, provided it has not yet been established whether our legitimate reasons prevail;

– Right to be informed under Art. 19 GDPR: If you have asserted your right to rectification, erasure or restriction of the processing toward the controller, that controller is obligated to communicate such correction or deletion of the data or restriction of its processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or would entail a disproportionate effort. You are entitled to be informed about these recipients.

– Right to data portability under Art. 20 GDPR: You may receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, or may demand that those data be transmitted to another controller, provided this is technically feasible;

– Right to withdraw consent you have granted, under Art. 7 (3) GDPR: You have the right at any time to withdraw a consent you have granted to have your data processed, with effect for the future. If you do so, we will delete the data concerned without undue delay, unless their further processing can be supported by the legal basis of “processing without the need for consent”. Withdrawing your consent will not affect the legality of processing that has already occurred based on your consent;

– Right to lodge a complaint under Art. 77 GDPR: If you believe the processing of the personal data concerning you breaches the GDPR, you may lodge a complaint with a supervisory authority, especially in the member state of your residence, workplace, or the location of the alleged breach. This right exists without prejudice to any other legal remedies you may have under administrative law or the courts.

13.2 RIGHT TO OBJECT

IF WE HAVE PROCESSED YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTERESTS AFTER HAVING WEIGHED OUR INTERESTS AGAINST YOURS, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO LODGE AN OBJECTION AGAINST THIS PROCESSING WITH EFFECT FOR THE FUTURE.

IF YOU TAKE ADVANTAGE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING THE DATA IF WE CAN VERIFY COMPULSORY LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS DONE TO ASSERT, EXERCISE OR DEFEND AGAINST LEGAL CLAIMS.

IF WE ARE PROCESSING YOUR PERSONAL DATA TO OPERATE DIRECT ADVERTISING, YOU MAY OBJECT TO SUCH PROCESSING AT ANY TIME. YOU MAY EXERCISE YOUR RIGHT OF OBJECTION AS DESCRIBED ABOVE.

IF YOU TAKE ADVANTAGE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA IN QUESTION FOR THE PURPOSES OF DIRECT ADVERTISING.

14) Storage period for personal data

The storage period for personal data is measured by the relevant statutory retention period (such as those under commercial or tax law). After that period expires, the data in question will be routinely erased, unless they are needed to initiate or fulfil a contract or we have a legitimate interest in continuing to store them.

MBR ® medical beauty research