Privacy policy

Privacy policy

1. General information

The protection of your privacy when processing personal data is an important concern for us. For this reason, we only process personal data if this is useful and economically relevant for the use of our services. In any case, we comply with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Below you will find information about which data is processed in which form and by whom when you visit our store at www.kollageninstitut.de.

2. Responsible party 

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.). The controller within the meaning of the GDPR and the applicable national data protection laws as well as other data protection regulations is

Kollagen Institut
Dr. Thomas Schroeter Einzelunternehmung
P.O. Box 73 00 27
13061 Berlin, Germany
E-mail: service@kollageninstitut.de
Phone: 0163-8784941

3. Personal data

Personal data is data about your person that can be used to identify you. This includes, for example, your name, your address, your e-mail address, location data, payment data and many other details. In principle, you do not have to disclose any personal data in order to visit our website. In some cases, however, we need this information in order to be able to offer you the desired services on our website. If you use one of our services for which this is required, we will only collect the data that is necessary for this and not without your consent.

4 Visiting our website

4.1 General use

When you visit our website, our web servers store the IP of your internet service provider, the website from which you visit us, the websites you visit on our site and the date and duration of your visit as standard. The processing of this information is absolutely necessary for the technical transmission of the websites, the convenient use of our services and secure server operation. Our legitimate interest arises from Art. 6 para. 1 lit. f GDPR.

It is not possible to draw any direct conclusions about your identity from the information and we will not do so. The information is stored and automatically deleted once the aforementioned purposes have been achieved. The standard periods for deletion are based on the criterion of necessity.

Automatically stored data (server log files)

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- Complete IP address of the requesting computer
- Volume of data transferred

This data is not merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. 

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons from this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymized form for statistical purposes; it is not compared with other databases or passed on to third parties, even in excerpts. 

Cookies, tracking pixels and tools

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID. You can find an overview of the cookies we use here.

By using session cookies, the controller can provide users of this website with a user-friendly service that would not be possible without the use of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily consent to tracking or analysis via the cookie banner that appears. Your data may be passed on to partners or third-party providers. These cookies are only stored if you explicitly consent to this; the legal basis is then your consent in accordance with Art. 6 para. 1 lit. a GDPR. 

Social plugins from Facebook, Pinterest, TikTok, Instagram and YouTube

Social buttons from social networks are used on our website. These are only integrated into the page as HTML links so that no connection is established with the servers of the respective provider when our website is accessed. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There you can click on the Like or Share button, for example.

Consent management

This website uses the Ultimate GDPR EU Cookie Banner consent management tool from AppHub Ltd, 101 Main Street 17th Floor, Cambridge, MA, USA. The tool enables you to give your consent to data processing via the website, in particular the setting of cookies, and to exercise your right to withdraw consent you have already given. 

The purpose of data processing is to obtain and document the necessary consent for data processing and thus to comply with legal obligations. Cookies may be used for this purpose. The following information may be collected and transmitted to Conversion Bear: anonymized IP address, date and time of consent, URL from which the consent was sent, anonymous, random, encrypted key, consent status. This data is not passed on to other third parties. The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR.

You can find more information on terms of use and data protection at beeclever at: https://www.apphub.com/privacy-policy 

4.2 Online presence and service optimization

Shopify

We host our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify"). 

Shopify is a tool for creating and hosting e-commerce websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. Shopify is also used to analyze visitor numbers, visitor sources and customer behavior and to generate user statistics. When you make a purchase on our website, Shopify also collects your name, e-mail address, delivery and billing addresses, payment details and other data related to the purchase (e.g. telephone number, amount of sales made, etc.). Shopify stores cookies in your browser for the analyses. Details can be found in Shopify's privacy policy: https://www.shopify.de/legal/datenschutz.

The use of Shopify is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

We have concluded an order processing contract (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

4.3 Tools and services for analysis, statistics collection and marketing activities

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the data records collected and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

Google signals

This website uses so-called Google signals. When you visit our website, Google Analytics collects data such as your location, search history and YouTube history as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google signals. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users. 

Google Analytics e-commerce measurement

This website uses the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.

Google Optimize

This website uses Google Optimize. Google Optimize is an optimization program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Optimize analyzes the use of different variants of the website so that we are able to adapt the user-friendliness according to the behavior of the website users. Google Optimize is a tool integrated into Google Analytics and uses cookies. The IP address received in this way is anonymized immediately after processing. In exceptional cases, the full IP address is transmitted to a Google server in the USA and encrypted there. The transmitted IP address is not merged with other Google data. You can prevent the storage of cookies by setting your browser accordingly. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. Consent can be revoked at any time.

Google Ads

This website uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. Consent can be revoked at any time.

You can find more information about Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de. 

Google Remarketing

This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Remarketing analyzes your user behavior on our website (e.g. clicks on certain products) in order to classify you into certain advertising target groups and then display suitable advertising messages to you when you visit other online offers (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. laptop or PC).

If you have a Google account, you can object to personalized advertising by clicking on the following link: https://www.google.com/settings/ads/onweb/.

Among other things, we use Google Remarketing customer matching to form target groups. Here we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and are logged into their Google account, they will be shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. Consent can be revoked at any time.

Further information and the data protection provisions can be found in Google's privacy policy at https://policies.google.com/technologies/ads?hl=de.

Facebook Pixel

This website uses Facebook's visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy. This allows Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the wording of the agreement at https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook. You can find further information on protecting your privacy in Facebook's data protection information: https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function "Custom Audiences" in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.

Facebook Custom Audiences

This website uses Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our website, take advantage of our free or paid offers, transmit data to us or interact with our company's Facebook content, we collect your personal data. If you give us your consent to use Facebook Custom Audiences, we will transmit this data to Facebook, which Facebook can use to display advertisements tailored to you. Your data can also be used to define target groups (lookalike audiences). Facebook processes this data as our processor. Details can be found in the Facebook user agreement: https://www.facebook.com/legal/terms/customaudience.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing. 

TikTok Pixel

We use the TikTok Pixel on our website. The TikTok Pixel is a TikTok Advertiser Tool from the two providers: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both are hereinafter jointly referred to as "TikTok"). The TikTok Pixel is a JavaScript code snippet that enables us to understand and track the activities of visitors to our website. The TikTok pixel collects and processes information about visitors to our website or the devices they use (so-called event data).

The event data collected via the TikTok Pixel is used to target our advertisements and to improve ad delivery and personalized advertising. For this purpose, the event data collected on our website using the TikTok pixel is transmitted to TikTok.

Some of this event data is information that is stored on the device you are using. In addition, the TikTok Pixel also uses cookies to store information on the device you are using. Such storage of information by the TikTok Pixel or access to information that is already stored on your device only takes place with your consent. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. Consent can be revoked at any time.

This collection and transmission of event data is carried out by us and TikTok as joint controllers in accordance with Art. 26 GDPR. We have entered into an agreement with TikTok on processing as joint controllers, which sets out the distribution of data protection obligations between us and TikTok. In this agreement, we and TikTok have agreed, among other things, that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR on the joint processing of personal data; that TikTok is responsible for enabling the rights of data subjects pursuant to Art. 15 to 20 GDPR with regard to the personal data stored after the joint processing. You can access the agreement concluded between us and TikTok at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871

TikTok is solely responsible for the processing of the transmitted event data following the transmission. For more information on how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights against TikTok, please refer to TikTok's data policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.

Google Campaign Manager

This website uses the online marketing tool Campaign Manager from Google, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

Campaign Manager uses cookies to display ads that are relevant to users, to improve campaign performance reports or to prevent users from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Campaign Manager can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the website of the advertising company with the same browser and makes a purchase there. 

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating the Campaign Manager, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or are not logged in, there is a possibility that Google will find out your IP address and store it.In addition, the Campaign Manager cookies used (e.g. referred to as DoubleClick or Floodlight) enable us to understand whether you perform certain actions on our website after you have accessed or clicked on one of our display/video ads on Google or on another platform via the Campaign Manager (conversion tracking). Campaign Manager uses this cookie to understand the content you have interacted with on our websites in order to be able to send you targeted advertising later. 

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. You can withdraw your consent at any time.

Further information on Campaign Manager can be found at https://marketingplatform.google.com/about/enterprise/ and on data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Google has submitted to the Data Privacy Framework Program and is certified: https://www.dataprivacyframework.gov/s/ 

Google Display & Video 360

This website uses the Display & Video 360 tool from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, which collects data for analysis, marketing and optimization purposes and thereby helps us to improve our marketing measures and our website.

The data collected is used by Display & Video 360 to link advertising contacts and clicks on advertisements with the resulting use of our website. In this way, we can determine whether users who have seen our ads visit our website or which products they are interested in. This helps us to use our advertising budget more efficiently. The data collected can also be used by us to deliver advertising based on your interests (e.g. products viewed).

Pseudonymous online identification numbers (such as cookie IDs or IP addresses) are used for data collection. No unique user-related data such as name or address is stored. All of the IDs we use merely enable us to recognize your end device and your Internet browser. The data collected will not be used by us to personally identify you as a user of our website without your separate consent.

We would like to point out that Google may link the visit to this website with the registered data for users who have registered with Google. You can find out exactly what Google does with your data on Google's data protection pages by clicking on the following link: https://privacy.google.de/intl/de/take-control.html?categories_activeEl=sign-in

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time.

Google has submitted to the Data Privacy Framework Program and is certified: https://www.dataprivacyframework.gov/s/ 

4.4 Contact form

When contacting us (e.g. by contact form, email, telephone or via social media), the data sent by the person making the inquiry will be processed to the extent necessary to answer the contact inquiries and any measures requested and stored on our servers as part of data backup. Your data will only be used by us to process your request. Your data will be treated as strictly confidential. It will not be passed on to third parties.

Contact requests are answered within the scope of contractual or pre-contractual relationships in order to fulfill our contractual obligations or to answer (pre)contractual inquiries and otherwise on the basis of legitimate interests in answering the inquiries.

- Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms).
- Data subjects: Communication partners.
- Purposes of processing: Contact requests and communication.Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b. GDPR),
- Legitimate interests (Art. 6 para. 1 lit. f. GDPR).

4.5 Customer account

Contractual partners can create an account on our website (e.g. customer or user account, "customer account" for short). If the registration of a customer account is required, contractual partners will be informed of this as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration process and subsequent logins and use of the customer account, we store the IP addresses of customers and the access times in order to be able to prove registration and prevent possible misuse of the customer account.

If customers have terminated their customer account, the data relating to the customer account will be deleted, unless their retention is required for legal reasons. It is the customer's responsibility to back up their data when the customer account is terminated. 

4.6 Shop and e-commerce

We process our customers' data to enable them to select, purchase or order the selected products, goods and associated services, and to enable payment and delivery or fulfillment. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution for our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such as part of the order or comparable purchase process and includes the information required for delivery or provision and billing as well as contact information in order to be able to hold any consultations.

- Processed data types: Inventory data (e.g. names, addresses), Payment data (e.g. bank details, invoices, payment history), Contact data (e.g. e-mail, telephone numbers), Contract data (e.g. contract object, duration, customer category), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
- Data subjects: Interested parties, business and contractual partners, customers.
- Purposes of Processing: Provision of contractual services and customer support, Contact requests and communication, Office and organizational procedures, Managing and responding to inquiries, Security measures, Conversion tracking (Measurement of the effectiveness of marketing activities), Interest-based and behavioral marketing, Profiling (Creating user profiles).
- Legal bases: Fulfilment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR). 

Purchase of goods

If you are already a customer with us and have to interrupt the process during a new order process or cannot complete your purchase, we will remind you after a certain time by e-mail or SMS of the items you have placed in your shopping cart so that you do not have to put them together again ("Abandoned Cart") or send you a message with the items you have viewed ("Abandoned Browse"). We use cookies for this purpose. Further information on the use of cookies can be found in section 4.1.

The legal basis for sending the notifications is Section 7 (3) UWG. You can object to the sending of notifications at any time, for example by contacting us via the corresponding link in the email you receive.

Use of apps for the processing of subscriptions

If you decide to order a subscription on our website, we use the Appstle Subscription app from Appstle Inc, 6258 Sperling Avenue, Burnaby, BC V5E 2T9, Canada. As part of the ordering process, the information provided (name, address, email address, telephone number, IP address and geolocation) is transmitted to Appstle. The legal basis for this is Art. 6 para. 1 lit. b GDPR. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find data protection information on Appstle at: https://subscription-admin.appstle.com/privacy-policy

Use of translation plugins

This website uses Langify as a translation plugin to display the languages offered on the website. Langify does not store, share or sell any personal data from our customers. Langify does not process any of our personal data unless it is necessary to respond to support requests or to ensure the proper functioning of the website. You can find out more about this here: https://langify-app.com/privacy_policy

Use of apps to record the geographical location

This website uses the Geolocation app, operated by Shopify, to improve the user experience by redirecting to an appropriate web language related to geographic location. You can find an overview of this app here: https://apps.shopify.com/geolocation?locale=deYou can find the app's privacy policy here: https://www.shopify.com/legal/privacy

4.7 Direct advertising

Customer information

Unless you have objected, we use the e-mail address and cell phone number that you have provided when purchasing goods or services to send you electronic advertising for our own goods or services that are similar to those that you have already purchased or used from us. For this purpose, we use your e-mail address, cell phone number, name and order history to send you information about products that may be of interest to you based on your most recent orders. The legal basis for data processing is Art. 6 para. 1 lit. F GDPR and Section 7 para. 3 UWG.

You can object to this processing at any time in accordance with Art. 21 para. 2 GDPR, for example by contacting us via the corresponding link in the email you receive or by sending an email to service@kollageninstitut.de.

Newsletter

On our website, we offer the option of registering for our newsletter. After registration, we will inform you regularly by e-mail and SMS about news about our offers (e.g. promotions, new products, restocks and competitions). Furthermore, after a certain period of time, you will be reminded by e-mail and SMS of the items you have placed in your shopping cart and whose order you had to interrupt or whose purchase you were unable to complete.

A valid e-mail address or cell phone number is required to register for the newsletter. To verify your e-mail address, you will first receive a registration e-mail, which you must confirm by clicking on the link. To verify your cell phone number, you will receive a registration text message, which you must confirm via the link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and cell phone number on the basis of your consent. The legal basis for the processing is based on rt. 6 para. 1 subpara. 1 lit. a GDPR.

You can unsubscribe from our newsletter at any time, for example by contacting us via the corresponding link in the email you receive or by sending an email to service@kollageninstitut.de.

Service provider

We use Klaviyo to send customer information and integrate corresponding components on our website for this purpose. The provider is Klaviyo Inc, 125 Summer St. Floor 6, Boston, MA 02111, USA (hereinafter "Klaviyo"). Klaviyo provides marketing automation software for marketing services and products, including SEO and content creation, lead management, newsletters, email and SMS marketing and web analytics.

Klaviyo uses cookies and other browser technologies to evaluate user behavior and identify users. This information is used, among other things, to compile reports on website activity and to provide customers with personalized communications (e.g. reminders of uncompleted purchases, information on products that customers have viewed, etc.). In addition, Klaviyo is used to store and transmit data entered in forms using cookies, including your IP address. In this case, your data will be passed on to Klaviyo. The data you enter (e.g. e-mail address) is stored on Klaviyo's servers in the USA. 

Analysis

Our customer information sent with Klaviyo allows us to analyze the behavior of the recipients. We use these possibilities to improve your shopping experience by sending you personalized advertising that is more useful and relevant to you.

When you open an email sent with Klaviyo, a file contained in the email (known as a web beacon) connects to Klaviyo's servers in the USA. This makes it possible to determine whether a message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective email recipient. It is used exclusively for the statistical analysis of campaigns. Further information on data analysis by Klaviyo can be found at: https://www.klaviyo.com/features/reporting. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.klaviyo.com/legal/dpa

Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation. For more information, please refer to Klaviyo's privacy policy at https://www.klaviyo.com/legal/privacy-notice.

We have concluded an order processing contract (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

4.8 Reviews

If you have ordered a product in our store, we will ask you by e-mail or text message about your satisfaction with your order and the products, unless you have previously objected to this. To send you this request, we use the e-mail address and cell phone number you have provided. We also process your name, your IP address and the IP geolocation used as well as information about your order. The customer satisfaction survey or the data processing described is based on the legal basis of Section 7 (3) UWG in conjunction with Art. 6 (1) (f) GDPR. This processing serves the purpose of direct advertising.You can object to the processing and in particular the use of your e-mail address and cell phone number for this purpose at any time in accordance with Art. 21 para. 2 GDPR by using the objection option in our e-mails or by sending an e-mail to the e-mail address given in our imprint.

Service provider for reviews

We use an application from Judge.me Ltd (C/O Buckworths 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB) for our website, which gives customers the opportunity to rate products. Our products can be rated after a purchase. These ratings are then displayed with the respective product in our online store. Reviews can only be submitted by customers who have made a purchase from us and only for the products they have actually bought. This process is ensured by the Judge.me application we use. After your order, we would like to ask you to rate and comment on your purchase with us. For this purpose, we will contact you by e-mail. The following information may be processed and transmitted to Judge.me: Order details (e.g. order ID, expected delivery date, SKU of products ordered) and your e-mail address. Your data may be transferred to the USA. There is no adequacy decision by the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://judge.me/privacy and https://judge.me/compliance. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent, provided that you have expressly consented to the transfer of your data and the receipt of the evaluation request. You can withdraw your consent at any time with effect for the future without affecting the lawfulness of processing based on consent before its withdrawal.

4.9 Economic analyses and market research

For business reasons and in order to be able to identify market trends and the wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of data subjects may include contractual partners, interested parties, customers, visitors and users of our online offering.The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). If available, we may take into account the profiles of registered users, including their details, e.g. on services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized, i.e. anonymized values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, where feasible, anonymously (e.g. as summarized data).

4.10 Payment service providers

As part of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively referred to as "payment service providers").

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the payment service providers' terms and conditions and data protection information.

Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of data subjects.

4.11 Transportation service providers

For the purpose of delivering ordered goods, we work together with logistics service providers / transport companies and / or shipping partners to whom the following data is transmitted for the purpose of delivering the ordered goods or for the purpose of shipment notification: First name, last name, postal address and, if applicable, the e-mail address and, if applicable, the telephone number. The legal basis for processing is Art. 6(1)(b) GDPR.

5. Online presence on social media

If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our website on our social media channels, from which user profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of the data by the respective social media operator as well as a contact option and your rights and setting options for protecting your privacy, please refer to the respective linked data protection notices of the providers on their websites. If you still need help in this regard, you can contact us.

6. Rights of data subjects

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing and a right to data portability and to lodge a complaint at any time in accordance with the requirements of data protection law.

Right to information
You can request information from us as to whether and to what extent we process your data.

Right to rectification
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations. Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.

Right to restriction of processing
You can demand that we restrict the processing of your data if
- you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data
- the processing of the data is unlawful, but you oppose the erasure of the data and request the restriction of its use instead
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have objected to the processing of the data.

Right to data portability
You can request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that
- we process this data on the basis of your revocable consent or for the performance of a contract between us, and
- this processing is carried out by automated means.

If technically feasible, you can request that we transfer your data directly to another controller.

Right to object
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right to lodge a complaint
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert one of the aforementioned rights against us, please contact us using the contact details in our legal notice. In case of doubt, we may request additional information to confirm your identity.

7. Changes to this privacy policy

We reserve the right to change our privacy policy if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce these on our website.