Data protection information for our customers and interested parties
We appreciate your interest in our company, our products and our services. As the entity responsible for data protection, we want you to feel comfortable regarding the protection of your personal data when communicating with us and our employees. We take the protection of your personal data very seriously. We comply with all of the German and European data protection regulations, and the protection of your personal data is our top priority. This information is intended to inform you about the specifics of how we handle your personal data.
1. Name and contact details of the Controller
The entity responsible for processing your personal data is:
M2 Beauté Cosmetics GmbH
Anna-Schneider-Steig 4, 50678 Cologne, Germany
+ 49 (0) 1805 - 28 83 63
service@m2beaute.com
https://www.m2beaute.com/
2. Contact details of the Data Protection Officer
The designated Data Protection Officer is
DataCo GmbH
Dachauer Strasse 65
80335 Munich
Phone: +49 (0) 89 7400 458 40
E-mail: datenschutz@dataguard.de
Website: www.dataguard.de
3. Processing your personal data
a. Your personal data that is processed by us
We process the following personal data about you as part of the existing customer relationship and contract negotiations:
• First name
• Last name
• Salutation
• Titles or academic degrees
• Date of birth
• Company name
• Position in the company
• Business address
• Home address
• Bank details
• Tax ID number
• Customer number
• Your e-mail address (work and/or personal)
• Your cell phone number
• Your landline number
• Your fax number
• All personal data that is made available to us as part of customer and supplier communications
• Creditworthiness data
b. Purposes of data processing
Your personal data will be processed for the following purposes as part of the existing customer and supplier relationship and contract negotiations:
- Sending out newsletters, provided you have subscribed to our newsletter
- Processing your request as an interested party. We use your contact details for this to be able to answer your query.
- Preparing and implementing pre-contractual measures, which includes, for example, creating and sending a personalized quote or agreement and forwarding contract terms in order to conclude a contract.
- Entering your contact details into our customer and contact database.
- Contacting you (by e-mail, phone)
- Establishing, maintaining and terminating the contractual relationship
- Offering customer, supplier and service provider management and support, especially processing customer inquiries
- Providing you with the best possible information about our products and services. This also includes sending (direct) marketing by e-mail or phone.
- Providing you, as our customer, with the best possible support. This includes, in particular, communicating with you by e-mail, cell phone, landline or fax.
- Ensuring seamless billing for the services provided. Your personal data will be processed in order to be able to issue invoices. In addition, we will forward your personal data to our external service provider, evocate – Inkasso GmbH, for the purpose of debt collection if the invoices are not paid within the payment period.
- Ensuring seamless payment for the services provided. Your personal data will be processed in order to be able to pay invoices. In addition, we will also forward your personal data to our tax consultant for accounting purposes.
- Complying with our legal obligations. This includes, for example, transmitting your personal data to the tax authorities.
- Providing information about our services and products.
- Conducting marketing initiatives such as newsletter distribution, product updates, invitations to events and webinars
- Fulfilling post-contractual measures.
- Establishing, exercising, or defending legal claims.
- Performing credit checks
- Carrying out product testing phases
- Asking about your satisfaction with our products and services.
- Holding webinars for you and your employees about our products on our M2 BEAUTÉ webinar platform.
- Conducting online training for you and your employees.
b. Legal basis for data processing
The legal basis for the processing of data for [the purpose specified in b.] is Art. 6(1)(1)(a-f) GDPR.
Processing your personal data based on consent
If we obtain your consent for the processing of your personal data, your personal data will be processed based on Art. 6(1)(1)(a) GDPR in conjunction with Art. 5 and 7 GDPR.
4. Recipients or categories of recipients of the personal data
As part of the processing of your personal data, we may transmit your personal data to the recipients specified below. We will only transmit your personal data to external recipients if you have consented to it or it is permitted by law. External recipients of your personal data include, in particular:
- Freelancers / processors / external tax consultants / auditors / debt collection companies
In addition, your personal data may be transmitted to the following service providers located in a country outside the EU/EEA:
• Zoom Video Communications Inc.
• Meta Inc.
In the case of processors and service providers outside the EU/EEA, your personal data specified above will only be processed to the extent that it is the subject of our standard data protection clauses with these recipients in accordance with Article 46(2)(c) GDPR.
5. Transfer of personal data to a third country
In principle, the personal data collected and generated during the provision of our relevant products and services is stored on our servers in the European Union. Since the providers of our software solutions offer their products and/or services based on available resources and servers worldwide, your personal data may be transferred to or accessed from other jurisdictions outside the EU and EEA. In particular, personal data will be transmitted to the United States in accordance with Article 15(2) GDPR. We have agreed on contractual measures for this purpose in order to ensure that the necessary level of protection continues when data is transferred to a third country. The software provider has its registered office in the United States of America, which has not been recognized as a provider of an adequate level of data protection. In order to ensure suitable guarantees to protect the transmission and processing of personal data outside the EU, data transfer to and data processing by our service providers is performed based on suitable guarantees in accordance with Article 46 et seq. of the GDPR, in particular through the conclusion of so-called standard data protection clauses in accordance with Article 46(2)(c) GDPR.
6. Duration of the storage of personal data
We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or erased as soon as it is no longer needed. We will take appropriate measures to ensure that your personal data is only processed under the following conditions:
a. For the duration that the data is used to provide you with a service
b. As required by applicable law, contract or in light of our legal obligations
c. Only for as long as necessary for the purpose for which the data was collected, or longer if required by contract or applicable law, using appropriate safeguards.
A requirement may exist if the data is still needed to fulfill contractual services, to check or grant or fend off warranty or guarantee claims. If the data is no longer required to fulfill contractual or legal obligations, it will be regularly deleted unless its (temporary) retention is still needed, in particular to comply with legal retention periods of up to ten years (for instance under the German Commercial Code, the Fiscal Code and the Money Laundering Act). In the case of legal retention obligations, deletion of the data will only be considered after the respective retention period has expired.
7. Your rights as a data subject
According to the General Data Protection Regulation, you have the following rights:
• You have the right to access the personal data that is stored about you (Article 15 GDPR).
• You have the right to rectification if the personal information is inaccurate (Article 16 GDPR).
• If the legal requirements are met, you can request the erasure or restriction of processing (Articles 17 and 18 GDPR).
• If you have consented to the data processing or there is a contract for data processing and the data processing is performed using automated procedures, you may have a right to data portability (Art. 20 GDPR).
• If your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for the purposes of such marketing at any time; the same also applies in regard to profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes. (Art. 21 GDPR)
• You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is the North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information (LDI NRW). You can contact them at:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestr. 2-4
40213 Düsseldorf, Germany
Phone: 0211/38424-0
E-mail: poststelle@ldi.nrw.de
www.ldi.nrw.de
If these legal requirements are met, you have the right to object to the processing of your personal data, which is taking place on the basis of Art. 6(1)(1)(e) or (f) GDPR for reasons relating to your particular situation at any time.
8. Right to cancel your consent
If you have consented to the processing of your personal data by the Controller in a declaration, you can revoke your consent at any time in the future. The withdrawal of consent will not affect the lawfulness of processing carried out on the basis of your consent before it was revoked.
This Privacy Policy was created with the assistance of DataGuard.