Impressum

We have prepared this privacy policy in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller - and the processors commissioned by us (e.g. providers) - process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.

In short, we provide you with comprehensive information about the data we process about you.

Data protection declarations usually sound very technical and use technical legal terms. This privacy policy, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. Where it is conducive to transparency, technical terms are explained in a reader-friendly way, links to further information are provided and graphics are used. We thus inform you in clear and simple language that we only process personal data as part of our business activities if there is a corresponding legal basis. This is certainly not possible by providing explanations that are as concise, unclear and legally technical as possible, as is often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information that you did not yet know.

If you still have any questions, we would ask you to contact the responsible body named below or in the legal notice, follow the links provided and look at further information on third-party websites. Our contact details can of course also be found in the legal notice.

This Privacy Policy applies to all personal data processed by our company and all personal data processed by companies we commission (processors). By personal data, we mean information as defined in Article 4, No. 1 of the GDPR, such as a person’s name, email address, and postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:

• All online presences (websites, online shops) operated by us

• Social media presences and email communication

• Mobile apps for smartphones and other devices

In short: This Privacy Policy applies to all areas where personal data is systematically processed within the company through the mentioned channels. Should we enter into legal relations with you outside of these channels, we will inform you separately if necessary.

Legal Basis In this Privacy Policy, we provide transparent information about the legal principles and provisions, specifically the legal bases of the General Data Protection Regulation (GDPR), that allow us to process personal data.

Regarding EU law, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can access the full text of this GDPR regulation online on EUR-Lex, the EU's legal database, at EUR-Lex GDPR Regulation.

We process your data only if at least one of the following conditions applies:

• Consent (Article 6(1)(a) GDPR): You have given us your consent to process your data for a specific purpose. An example would be storing the information you provide in a contact form.
  

• Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, when entering into a purchase agreement, we require personal information from you in advance.
  

• Legal Obligation (Article 6(1)(c) GDPR): We process your data if we are subject to a legal obligation. For instance, we are legally required to retain invoices for accounting purposes, which typically include personal data.
  

• Legitimate Interests (Article 6(1)(f) GDPR): If processing is necessary for our legitimate interests and does not infringe on your fundamental rights, we reserve the right to process personal data. For example, we process certain data to ensure the secure and efficient operation of our website, which constitutes a legitimate interest.
  

Other conditions, such as processing for public interest tasks, exercising public authority, or protecting vital interests, are generally not relevant to our activities. Should such a legal basis apply, it will be specified where relevant.

Additional National Laws In addition to the EU Regulation, the following national laws also apply:

• Austria: The Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act or DSG).

• Germany: The Federal Data Protection Act (BDSG).

If additional regional or national laws are applicable, we will inform you in the respective sections of this Privacy Policy.

Business Address:
Ruhsldorfer Str. 2 10963 Berlin, DE

Contact Information:
Email: adeola@ayoskincare.com

As a general principle, we store personal data only as long as it is absolutely necessary for providing our services and products. This means we delete personal data as soon as the purpose for processing it no longer applies. In some cases, however, we are legally required to retain certain data even after the original purpose has ceased, such as for accounting purposes.

If you request the deletion of your data or revoke your consent for data processing, we will delete the data as quickly as possible, provided there is no legal obligation to retain it.

We provide specific information about the retention periods of particular data processing activities further below, where applicable.

Rights Under the General Data Protection Regulation (GDPR) According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent data processing:

• Right to Access (Article 15 GDPR): You have the right to know if we process your data. If so, you can request a copy of the data and obtain the following information:
  

  • The purpose of the processing

  • The categories (types) of data processed

  • The recipients of the data and, if transferred to third countries, how security is ensured

  • The duration of data storage

  • The existence of rights to rectify, delete, restrict processing, or object to processing

  • The right to lodge a complaint with a supervisory authority (links provided below)

  • The origin of the data, if not collected from you

  • Whether profiling is performed, i.e., if your data is automatically analyzed to create a personal profile

• Right to Rectification (Article 16 GDPR): You have the right to have incorrect data corrected.
  

• Right to Erasure ("Right to be Forgotten") (Article 17 GDPR): You can request the deletion of your data.
  

• Right to Restriction of Processing (Article 18 GDPR): You can request that your data be stored but not processed further.
  

• Right to Data Portability (Article 19 GDPR): You have the right to receive your data in a common format upon request.
  

• Right to Object (Article 21 GDPR):
  

  • If processing is based on Article 6(1)(e) (public interest or exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then assess as quickly as possible whether we can comply with your objection.

  • If data is used for direct marketing, you can object at any time. We will then no longer use your data for direct marketing.

  • If data is used for profiling, you can object at any time. We will stop using your data for profiling.

• Right Regarding Automated Decision-Making (Article 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, unless certain conditions apply.
  

In short: You have rights—don’t hesitate to contact the responsible party listed above to exercise them!

If you believe that the processing of your data violates data protection laws or your rights under data protection law have been infringed in any way, you can file a complaint with the supervisory authority.

• In Austria, this is the Data Protection Authority, whose website is https://www.dsb.gv.at/.

• In Germany, each federal state has its own Data Protection Officer. For further details, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

For our company, the following local data protection authority is responsible: 

Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit)

• Address: Alt-Moabit 59-61, 10555 Berlin

• Phone: +49 (0)30 13889-0

• Fax: +49 (0)30 21550-50

• Email: mailbox@datenschutz-berlin.de

• Website: https://www.datenschutz-berlin.de/

Data Processing Security

To protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data, making it as difficult as possible, within our capabilities, for third parties to deduce personal information from our data.

Article 25 of the GDPR refers to "data protection by design and by default," emphasizing the importance of considering security measures in both software (e.g., forms) and hardware (e.g., server room access). This ensures that data protection and security are integral to all processes and systems.

In the following sections, we will detail specific measures if necessary.

Summary

👥 Affected parties: Anyone communicating with us via phone, email, or online form  

📓 Data processed: e.g., phone number, name, email address, entered form data (specific details depend on the communication method used)  

🤝 Purpose: Managing communication with customers, business partners, etc.  

📅 Retention period: Duration of the business transaction and as required by legal regulations  

⚖️ Legal bases: Article 6(1)(a) GDPR (consent), Article 6(1)(b) GDPR (contract), Article 6(1)(f) GDPR (legitimate interests)  

When you contact us via phone, email, or online form, personal data may be processed.

This data is used to handle and respond to your inquiry and the associated business process. The data is stored for the duration of the transaction or as long as legally required.  

Affected Individuals

All individuals who contact us through the communication channels we provide are affected by the processes mentioned.

Phone
When you call us, call data is pseudonymized and stored on the respective device and with the telecommunications provider. Additionally, data such as name and phone number may be sent via email and stored to respond to your inquiry. The data will be deleted once the business transaction is complete and as long as legal requirements allow.

Email
When you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and also on the email server. The data will be deleted once the business transaction is complete and as long as legal requirements allow.

Online Forms
When you communicate with us through an online form, data is stored on our web server and may be forwarded to our email address. The data will be deleted once the business transaction is complete and as long as legal requirements allow.

Legal Bases
The processing of the data is based on the following legal grounds:

1. Article 6(1)(a) GDPR (Consent): You consent to us storing and using your data for purposes related to the business transaction.

2. Article 6(1)(b) GDPR (Contract): It is necessary to process your data to fulfill a contract with you or a processor (e.g., the phone provider), or for pre-contractual activities such as preparing an offer.

Article 6(1)(f) GDPR (Legitimate Interests): We aim to handle customer inquiries and business communication professionally. This requires certain technical tools, such as email programs, Exchange servers, and mobile operators, to ensure efficient communication.

Summary:

• Affected: Visitors to the website

• Purpose: Varies depending on the specific cookie. More details can be found below or from the software provider setting the cookie.

• Processed Data: Depends on the cookie used. Further details can be found below or from the software provider setting the cookie.

• Retention Period: Varies depending on the cookie, ranging from hours to years.

• Legal Bases:

  • Article 6(1)(a) GDPR (Consent): You provide consent for us to use cookies.

  • Article 6(1)(f) GDPR (Legitimate Interests): Cookies are used based on our legitimate interest, such as for the functionality and improvement of the website.

Cookies are small files that are stored on your device when you visit a website. They help provide a better user experience by remembering user preferences and actions on the website. Depending on the type of cookie, some are necessary for website functionality, while others are used for analytical or marketing purposes.

What Types of Cookies Are There?

The question of which cookies we specifically use depends on the services used and will be explained in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

1. Essential Cookies These cookies are necessary to ensure the basic functionality of the website. For example, they are needed when a user adds a product to the shopping cart, continues browsing other pages, and later proceeds to checkout. These cookies ensure that the shopping cart is not cleared, even if the user closes their browser window.
   

2. Functional Cookies These cookies collect information about user behavior, such as whether the user receives any error messages. They also measure the loading time and behavior of the website across different browsers.
   

3. Targeting Cookies These cookies enhance user-friendliness. For instance, they store entered locations, font sizes, or form data to improve the overall experience.
   

4. Advertising Cookies Also known as targeting cookies, these are used to deliver personalized advertising to the user. While this can be very useful, it can also be quite annoying.
   

Typically, when you first visit a website, you will be asked which types of cookies you wish to allow. Of course, this decision is also stored in a cookie.

If you want to learn more about cookies and don't mind technical documentation, we recommend visiting RFC 6265, the Request for Comments from the Internet Engineering Task Force (IETF) titled “HTTP State Management Mechanism.”

Purpose of Data Processing via Cookies

The purpose ultimately depends on the specific cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

What Data is Processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data in the following privacy statement.

Cookie Storage Duration

The storage duration depends on the respective cookie and will be specified further below. Some cookies are deleted after less than an hour, while others may stay on your computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time through your browser (see also "Right to Object" below). Furthermore, cookies based on consent will be deleted at the latest after you withdraw your consent, but the lawfulness of storage until that point remains unaffected.

Right to Object – How Can I Delete Cookies?

How and whether you want to use cookies is entirely up to you. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or delete your cookie settings, you can do so in your browser settings:

• Chrome: Delete, enable, and manage cookies in Chrome

• Safari: Managing cookies and website data with Safari

• Firefox: Delete cookies to remove data websites have stored on your computer

• Internet Explorer: Delete and manage cookies

• Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can configure your browser to notify you whenever a cookie is about to be set. This way, you can decide whether to allow each individual cookie. The procedure varies depending on the browser. It’s best to search for instructions on Google using terms like “delete cookies Chrome” or “disable cookies Chrome” if you're using the Chrome browser.

Legal Basis

Since 2009, there have been the so-called "Cookie Guidelines," which stipulate that the storage of cookies requires your consent (Article 6(1)(a) of the GDPR). However, the reactions to these guidelines vary across EU countries. In Austria, the implementation of these guidelines was incorporated into § 96(3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, the guidelines were largely implemented through § 15(3) of the Telemedia Act (TMG).

For strictly necessary cookies, even without consent, there are legitimate interests (Article 6(1)(f) of the GDPR), which are often of an economic nature. We aim to provide visitors to the website with a pleasant user experience, and certain cookies are often necessary for this.

If cookies that are not strictly necessary are used, this will only occur with your consent. The legal basis in this case is Article 6(1)(a) of the GDPR.

In the following sections, you will be further informed about the use of cookies, especially if the software used deploys cookies.

Web Hosting Summary

• Affected individuals: Visitors to the website

• Purpose: Professional hosting of the website and ensuring the operation’s security

• Processed data: IP address, time of website visit, browser used, and other data. More details are provided below or by the respective web hosting provider.

• Storage duration: Depends on the provider, but typically 2 weeks

• Legal basis: Article 6(1)(f) GDPR (Legitimate interests)

WHAT IS WEB HOSTING?

When you visit websites, certain information – including personal data – is automatically created and stored, including on this website. These data should be processed as sparingly as possible and only for justified reasons. By "website," we mean the entire set of pages under a domain, from the homepage to the last subpage (like this one). A "domain" refers to websites like beispiel.de or musterbeispiel.com.

To view a website on your screen, you use a program called a web browser. Some well-known browsers include Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.

This web browser needs to connect to another computer where the website's code is stored: the web server. Running a web server is a complex and labor-intensive task, which is why this is usually handled by professional providers who offer web hosting services, ensuring the reliable and error-free storage of website data.

When the browser on your computer (desktop, laptop, smartphone) connects and transfers data to and from the web server, personal data may be processed. Your computer stores some data, and the web server must temporarily store data to ensure proper operation.

WHY DO WE PROCESS PERSONAL DATA?

The purposes of data processing are:

• Professional hosting of the website and securing its operation

• Maintaining operational and IT security

• Anonymous evaluation of access behavior to improve our offering and, if necessary, for criminal prosecution or pursuing claims

WHAT DATA IS PROCESSED?

Even while you are visiting our website, our web server – the computer hosting the website – automatically stores data such as:

• The complete URL of the visited page

• The browser and browser version (e.g., Chrome 87)

• The operating system used (e.g., Windows 10)

• The URL of the previously visited page (referrer URL) (e.g., https://www.exampleprevioussite.com)

• The hostname and IP address of the device from which the access is made (e.g., COMPUTERNAME and 194.23.43.121)

• Date and time

• In files called web server log files

HOW LONG IS DATA STORED?

Typically, the data mentioned above is stored for two weeks and then automatically deleted. We do not share this data but cannot exclude the possibility that it may be accessed by authorities in the case of unlawful behavior.

In short: Your visit is logged by our provider (the company that runs our website on specialized computers, i.e., servers), but we do not share your data without consent!

LEGAL BASIS

The legality of processing personal data within the scope of web hosting is based on Article 6(1)(f) GDPR (legitimate interests), as the use of professional hosting by a provider is necessary to present the company online securely and user-friendly and, if necessary, pursue attacks and claims resulting from them.

We typically have a contract with the hosting provider regarding data processing according to Article 28 GDPR, ensuring compliance with data protection and data security.

All texts are copyright protected.