Privacy Policy

1. General

Cosmetic Cell Concept GmbH, Zurich, is the operator of the Cosmetic Cell Concept website as well as the provider of the service offered on this website. Cosmetic Cell Concept GmbH is responsible for the collection, processing and usage of your data and must ensure compliance with Swiss law. Herein we inform you about which data are collected on https://cosmetic-cell-concept.com/ and how they are used. You will also learn how you can verify the correctness of this information and have us delete these data. Please note that this data protection notice can change from time to time. We therefore recommend that you read this data protection notice regularly in order to ensure that you are always familiar with the latest version.

2. Legal basis

Preparation and fulfillment of a contract  Unless otherwise specified, Cosmetic Cell Concept GmbH collects and uses personal data as part of the preparation and fulfillment of the contracts concluded with the individual concerned. This also applies to processing operations that are necessary for the performance of precontractual measures. The basis is therefore Art. 6 Par. 1b GDPR. If you refuse to disclose the personal data required therefor, the services of Cosmetic Cell Concept GmbH may be available to you only to a limited extent or not at all.  Legal obligation  Furthermore, it is possible that Cosmetic Cell Concept GmbH is subject to legal obligations (e.g. with regard to the provision of services to store payment methods), for the fulfillment of which personal data must be collected and used.  Legitimate interest  If the processing is necessary to safeguard a legitimate interest of Cosmetic Cell Concept GmbH or of a third party, and the interests, basic rights and basic freedoms of the person concerned do not outweigh the aforementioned interest, Art. 6 Par. 1f GDPR serves as the legal basis of the processing.

Consent

To the extent than none of the aforementioned states of affairs is applicable, Cosmetic Cell Concept GmbH collects and uses personal data only with prior consent from the person concerned.

3. Deletion of data and retention period

The personal data of the person concerned will be deleted or restricted as soon as the purpose of the retention ceases to apply. This means that e.g. personal data that were collected for the purpose of preparing and fulfilling a contract will be deleted after the ending of the contract. Retention beyond that can occur if provision for this has been made in union regulations, laws or other provisions which the responsible entity is subject to. Even then, restriction or deletion of the data occurs after the end of a retention period prescribed by the said regulations, unless a necessity for further retention of the data for the concluding of a contract or the fulfillment of a contract exists.

4. Data transfer to Switzerland

The responsible entity has its registered office in Switzerland. For this reason, the processing of the collected personal data (also) takes place in Switzerland in accordance with the Adequateness Decision of the European Commission No. 2000/518/EC.

5. Collection, usage and processing of individual and company-related data

If you visit the website https://cosmetic-cell-concept.com/, certain data will automatically be stored on our servers for the purposes of system administration, for statistical or for security purposes. This concerns the following data:

• Visited sites
• Social media
• Origin of visit
• Forms filled in

These data can potentially permit conclusions to be drawn about a certain visitor. In this context, however, personal data are not utilized. The such data are used exclusively anonymously.

6. Disclosure to third parties

To the extent that the order processing makes it necessary, your data will be disclosed to our partners (third parties). If we disclose data to an external service provider, technical and organizational measures are taken which ensure that the disclosure takes place in accordance with the legal provisions of data protection. If you voluntarily make personal or company-related data available to us, we will not use, process or disclose these data beyond the extent that is legally permissible or specified by you through a declaration of consent. In addition, we disclose your data to external service providers only insofar as this is necessary for contract processing and these service providers have agreed to the relevant privacy and diligence provisions. Over and above this, we only disclose your data if we are legally obligated to do so by official or judicial orders.

7. Information, deletion and correction

As persons concerned, users have the following rights vis-a-vis the responsible entity: Right to information: You can request confirmation from the responsible entity of whether personal data concerning you are being processed by us. If such processing is taking place, you can request information about the following from the responsible entity:

• the purposes for which the personal data are being processed;
• the categories of personal data which are being processed;
• the recipients or the categories of recipients to which the personal data concerning you have been disclosed or are yet to be disclosed;
• the planned duration of the retention of the personal data concerning you, or, if specific details about this are not possible, criteria for determining the retention period;
• the existence of a right to correction or deletion of the personal data concerning you, a right to restriction of the processing by the responsible entity or a right to object to this processing;
• the existence of a right to appeal to a supervisory authority;
• all available information about the source of the data, if the personal data were not collected from the person concerned;
• the existence of automated decision-making, including profiling and – at least in such cases – meaningful information about the involved logic as well as the scope and the envisaged impacts of such processing on the person concerned. At this point, we point out that Cosmetic Cell Concept GmbH does not implement any automated decision-making processes. You have the right to request information about whether the personal data concerning you are being transmitted to a third country or an international organization. Right to correction  You have the right to correction and/or completion vis-a-vis the responsible entity, provided that the processed personal data which pertain to you are incorrect or incomplete. The responsible entity must perform the correction immediately.  Right to restriction of the processing  Under the following conditions, you can request the restriction of the processing of the personal data concerning you:
• if you dispute the correctness of the personal data concerning you, for a duration which makes it possible for the responsible entity to verify the correctness of the personal data;
• the processing is unlawful and you oppose the deletion of the personal data and instead request the restriction of the usage of the personal data;
• the responsible entity no longer needs the personal data for the purposes of the processing, but you require them for the assertion, exercising or defense of legal claims, or
• if you have filed an objection to the processing in the public interest or legitimate interest of the responsible entity, and it has not yet been established whether the legitimate reasons of the responsible entity outweigh your reasons. If the processing of the personal data concerning you has been restricted, these data – apart from their storage – may only be processed with your consent or for the assertion, exercising or defense of legal claims or to protect the rights of another natural or legal entity or for reasons of an important public interest of the Union or of a member state. If the processing has been restricted according to the aforementioned conditions, you will be notified by the responsible entity before the restriction is lifted.

Right to deletion

1. a) Deletion obligation

You can request from the responsible entity that the personal data concerning you be deleted immediately, and the responsible entity is obligated to delete these data immediately, provided that one of the following reasons applies:

• The personal data concerning you are no longer needed for the purposes for which they were collected or processed in any other way.
• You revoke your consent, upon which the processing is based, and there is no other legal basis for the processing.
• You file an objection against the processing and there are no overriding reasons for the processing.
• The personal data concerning you have been processed unlawfully.
• The deletion of the personal data concerning you is needed in order to fulfill a legal obligation according to union law or the law of the member state to which the responsible entity belongs.

1. b) Information to third parties

If the responsible entity has made public the personal data concerning you and if it is obligated to delete them, then it must, taking into account the available technology and the implementation costs of reasonable measures, even technical in nature, inform the entities responsible for data processing, which are processing your personal data, that you, as the person concerned, have requested from them the deletion of all links to these personal data or of copies or replications of these personal data.

1. c) Exceptions

The right to deletion does not exist, provided that the processing is necessary

• to exercise the right to freedom of expression and information;
• to fulfill a legal obligation which requires the processing according to the Law of the Union or of the member states which the responsible entity is subject to, or to perform a task which is in the public interest or takes place in the exercising of public authority, which was assigned to the responsible entity;
• for reasons of public interest in the area of public health;
• for the assertion, exercising or defense of legal claims.

Right to be informed

If you have asserted the right to correction, deletion or restriction of processing vis-a-vis the responsible entity, the responsible entity is obligated to notify all recipients, to which the personal data concerning you were disclosed, regarding this correction or deletion of data or restriction of processing, unless this proves to be impossible or is associated with disproportionate effort.

You have the right vis-a-vis the responsible entity to be informed about these recipients.

Right to data transferability

You have the right to obtain the personal data concerning you, which you have supplied to the responsible entity, in a structured, common and machine-readable format. Furthermore, you have the right to transmit these data to another responsible entity without obstruction from the responsible entity, to which the personal data was supplied, provided that

• the processing is based on consent or on the preparation or fulfillment of a contract and
• the processing takes place by means of automated procedures

In exercising this right, you further have the right to bring it about that the personal data concerning you are transmitted by one responsible entity to another responsible entity, provided this is technically possible. Freedoms and rights of other persons may not be infringed hereby.

The right to data transferability does not apply to processing of personal data which is necessary for the performance of a task that is in the public interest or takes place in the exercising of public authority, which has been assigned to the responsible entity.

Right to object

You have the right to file an objection, for reasons arising from your particular situation, at any time, against the processing of the personal data concerning you, which takes place in the public or legitimate interest of the responsible entity; this also applies to profiling based on these provisions.

The responsible entity will no longer process the personal data concerning you, unless it can demonstrate compelling and protection-worthy reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercising or defense of legal claims.

If the personal data concerning you are processed in order to engage in direct advertising, you have the right to object at any time to the processing of the data concerning you for the purposes of such advertising; this also applies to profiling, provided that it is related to such direct advertising.

If you object to the processing for the purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.

You have the option, in connection with the usage of information society services, to exercise your right to object by means of automated procedures where technical specifications are used.

Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. By revoking the consent, the lawfulness of the processing which took place on the basis of the consent up until the revocation is not affected.

Right to appeal to a supervisory authority

Regardless of any other administrative or judicial remedies, you have the right to appeal to a supervisory authority, especially in the member state of your place of residence, your workplace or the place of the alleged violation, if you are of the opinion that the processing of the personal data concerning you is in breach of the relevant legal provisions.

The supervisory authority to which the appeal is submitted shall inform the appellant about the status and the results of the appeal, including the possibility of a judicial remedy.

8. Encrypted payment transactions on this website

If, after the conclusion of a paid contract, an obligation exists to transmit your payment data (e.g. account number for direct debit authorization) to us, these data will be needed for payment processing. If the payment is processed over the Stripe payment portal, this shall be deemed a provision of the American Stripe Inc. for processing payments. Stripe is certified according to both the EU-US and Swiss-US Privacy Shield and thus ensures adequate data protection. The payment transaction using the common means of payment (Visa/MasterCard, etc., direct debit) takes place exclusively over an encrypted SSL or TLS connection. You can recognize an encrypted connection in that the address line of the browser changes from “http://” to “https://” and through the lock symbol in your browser line. With encrypted communication, your payment data, which you transmit to us, cannot be read by third parties.

9. Data security

We will store your data securely and hence take all reasonable measures to protect your data against loss, access, abuse and changes. Our employees and contractual partners who have access to your data are contractually bound to secrecy and compliance with the legal data protection regulations. In many cases it will be necessary for us to pass on your requests to companies associated with us. In such cases, too, your data will be handled confidentially.

10. Cookies

To facilitate the use of our website, we use so-called cookies. “Cookies” are small pieces of information that are temporarily stored by your browser on your computer’s hard drive and are necessary for the use of our website. The pieces of information contained in the cookies assist with session control, especially the improvement of navigation, and enable a high level of website user friendliness. The cookies used by us store no person-specific information. In most Web browsers, cookies are automatically accepted. By changing the settings of your browser, you can prevent this. You can remove cookies stored on your PC at any time by deleting the temporary internet files (browser bar “Tools – Internet options”). The deactivation of cookies can result in you not being able to use all of our portal’s functions. Here you can find instructions on how to delete cookies for Internet Explorer https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer and Mozilla https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox.

11. Google Analytics

The website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files which are stored on your computer and make it possible to analyze your usage of the website. The information generated through the cookies (browser type/version, operating system used, referrer URL of previously visited website, IP address, time of server request) about your usage of this website is normally transmitted to one of Google’s servers in the USA and stored there. If IP anonymization is activated on our website, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to one of Google’s servers in the USA and truncated there. Google will use this information to analyze your usage of the website in order to compile reports for the website operator and to render other services associated with website usage and internet usage. Google may also pass on this information to third parties if this is prescribed by law or if third parties process this information on Google’s behalf. The IP address sent by your browser in the context of Google Analytics will not be combined with other data by Google. You can prevent the installation of the cookies through the relevant setting on your browser software; we draw your attention to the fact that in this case you may not be able to use all functions of this website to the full extent. By using this website, you declare your consent to the processing of the information collected about you by Google in the manner described above and for the aforementioned purpose. You can find more information on the web analysis service used on the Google Analytics website. You can find instructions on how to prevent the processing of your data by the web analysis service at https://tools.google.com/dlpage/gaoptout?hl=en.

12. Facebook plugins

Plugins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated with our site. You can recognize the Facebook plugins through the Facebook logo or the “Like button” on our site. You can find an overview of the Facebook plugins here:  https://developers.facebook.com/docs/plugins/. When you visit our site, a direct connection between your browser and the Facebook server is established through the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook “Like button” while you are logged into your Facebook account, you can link the contents of our site to your Facebook profile. Facebook can thereby associate the visiting of our site with your user account. We point out that we, as the operator of the site, obtain no knowledge about the contents of the transmitted data as well as the usage thereof by Facebook. You can find more information about this in Facebook’s data protection policy at https://en-gb.facebook.com/policy.php. If you do not want Facebook to be able to associate the visiting of our site with your Facebook user account, please log out of your Facebook user account.

13. Twitter

Functions of the Twitter service are integrated with our site. These functions are provided by Twitter Inc., 1355 market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Retweet” function, the websites visited by you are linked to your Twitter account and are made known to other users. Data are also transmitted to Twitter thereby. We point out that we, as the operator of the site, obtain no knowledge about the contents of the transmitted data or the usage thereof by Twitter. You can find more information about this in Twitter’s privacy policy https://twitter.com/privacy. You can change your privacy settings on Twitter under the account settings at: https://twitter.com/account/settings.

14. LinkedIn

Our website uses functions of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time one of our pages which contains LinkedIn functions is retrieved, a connection to LinkedIn servers is established. LinkedIn will be informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend button” and are logged into your LinkedIn account, LinkedIn is able to associate your visiting of our website with you and your user account. We point out that we, as the provider of the site, have no knowledge of the contents of the transmitted data or the usage thereof by LinkedIn. You can find more information about this in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy

15. Pinterest plugin

Plugins from Pinterest are integrated with our website. The provider is Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA. When you visit our website, your browser establishes a direct connection to Pinterest’s servers. The plugin thereby sends log data to the Pinterest server in the USA. These log data may contain your IP address, our website’s address, browser type and settings, date and time of the request, your manner of using Pinterest as well as cookies. You can find more information in Pinterest’s privacy policy at https://policy.pinterest.com/privacy-policy.

16. Google Maps

Our website uses an API of the Google Maps map service. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you use the Google Maps functions, your IP address will be stored by Google and normally transmitted to a Google server in the USA. Coop has no influence over this data transmission. You can find more information in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

17. Changes

Changes to this data protection notice will be published on our website. In this way, you can obtain information at any time about which data we store, how we collect and use them. You can save and/or print the data protection policy here. If you have more questions about the type, scope, place and purpose of the collection, processing and usage of personal data, about data protection regulations or about our services, or wish to use them without possible consent, please contact us directly at info@cosmeticcellconcept.com. Cosmetic Cell Concept GmbH will gladly answer all questions, discuss alternatives, and provide information.

You can reach our data protection officer Dr. Colette C. Camenisch at info@cosmeticcellconcept.com

Cosmetic Cell Concept GmbH
9 Beethovenstrasse
CH 8002 Zurich