Privacy Policy

Jean-Pierre Rosselet Cosmetics AG is a company domiciled in Switzerland. This is a subsidiary of Jean Pierre Rosselet Cosmetics AG, based in Bremen, Germany.

With this data protection declaration, we, the Swiss Jean-Pierre Rosselet Cosmetics AG (www.jp-rosselet.ch), inform you about the processing of personal data in connection with our offer (hereinafter “the offer”) including our corresponding Jean-Pierre-Rosselet-website (hereinafter “the website”).

Our offer is subject to Swiss data protection law and any applicable foreign data protection law, in particular that of the European Union (EU). The EU recognizes that Switzerland has legislation in place that ensures adequate data protection.

Additional data protection declarations may exist for individual and additional offers and services.

In our opinion, data protection should be transparent, easy to understand and, above all, fair for all parties. Therefore, we would like to use this data protection notice to inform you about the personal data we collect and use, whether and, if so, to which third parties it may be passed on, how long we store the data and what rights you have should you not agree with our responsible handling of your data. If you have any questions after reading this detailed data protection information, please do not hesitate to contact us using the contact details below.

Definitions

To ensure that we are all talking about the same thing, we would like to start by clarifying a few definitions. This ensures that everyone involved is aware of what we are talking about and working with in the following information.

Personal data: This is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing: This refers to the marking of stored personal data with the aim of limiting its processing in the future.

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Pseudonymization: Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Recipient: Any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party: This is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

Consent: This is any voluntary, informed and unequivocal expression by the data subject, in the form of a statement or other unambiguous confirmatory act, of his or her wishes in the particular case, indicating that he or she consents to the processing of personal data relating to him or her.

1. Contact address and responsibility

The data controller is

Jean-Pierre Rosselet Cosmetics AG

Hochbordstrasse 9

8600 Dübendorf

Switzerland

Enquiries from supervisory authorities and data subjects are usually made by e-mail, but can also be made by letter post:

You can reach us by post at Jean-Pierre Rosselet AG, Hochbordstrasse 9, 8600 Dübendorf, by email at info@jp-rosselet.ch or by phone at +41 44 389 87 87.

2. Data protection representative in the EU

We have a data protection representative in the EU as a point of contact for supervisory authorities and data subjects for all questions relating to EU data protection law:

IT-Kanzlei Lutz

Stefan Lutz, LL.M.

Attorney at Law and Specialist Lawyer for IT Law

Borgfelder Landstrasse 2

28357 Bremen

Germany

Telephone: +49 421/322889-0

Email: info@hb-law.de

Website: www.hb-law.de

3. Collection of personal data in the case of informational use

If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 lit. f GDPR):

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.

4. Use of cookies

(1) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which certain information flows to the location that sets the cookie (in this case, us). Cookies cannot execute any programs or transmit viruses to your computer. They serve to make the internet offering more user-friendly and effective overall (legal basis is Art. 6 para. 1 lit. f DSGVO).

This website uses cookies, the scope and functioning of which are explained below:
Certain cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the same session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close your browser.
Other cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete cookies in your browser's security settings at any time. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that with completely or partially deactivated cookies, the offer may lose some of its user-friendliness or may no longer be fully usable.

(2) This stored information is stored separately from any other data provided to us. In particular, the data from the cookies is not linked to your other data.

(3) You can object to this data processing at any time with effect for the future.

5. Use of our website's functions

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you will usually need to provide additional personal information that we use to provide the respective service. If additional voluntary information is possible, this is marked accordingly.

(2) When you contact us by email or using the contact form, we store your email address and, if you provide it, your name and telephone number, in order to answer your questions. (The legal basis for this is Article 6(1)(b) GDPR)

(3) When you use our member area on the homepage after registering with the corresponding client number, we store your first name, last name and email address.

6. Use of our web shop

If you wish to place an order in our web shop, you must provide the personal data that we need for the processing of your order in order to conclude the contract. Mandatory information required for the performance of the contracts is marked separately; any further information is voluntary. We process the data you provide for the purpose of processing your order. For this purpose, we may pass on your payment data to our house bank. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b DSGVO.

You must create a customer account to order from our online store. When you create an account under “My Account”, the data you provide will be stored until you delete it. You can view your stored data under “My Account”.

(1) We may also process the data you provide to inform you about other interesting products in our portfolio or to send you e-mails with technical information.

(2) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after two years we will restrict the processing of your data, i.e. your data will only be used to comply with legal obligations.

(3) To prevent unauthorized access to your personal data, in particular financial data, by third parties, the ordering process is encrypted using TLS technology.

7. Data transfer to third parties

(1) We will only pass on your personal data to third parties if we offer participation in promotions, competitions, bookings or the conclusion of contracts together with a third-party provider. In this case, you will be informed separately about the transfer to third parties before your data is passed on.

(2) In some cases, we use external service providers to process your data. These have been carefully selected by us and commissioned in writing. They are bound by our instructions and regularly monitored by us. The service providers will not pass this data on to third parties. If these service providers are based in the United States, we will inform you of this in connection with the respective functions. This data processing is also carried out in accordance with the applicable legal situation.

7.1 Use of Google Maps

(1) We use the Google Maps service on this website. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.

(2) When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section 3 of this declaration will be transmitted. This occurs regardless of whether Google provides a user account that you are logged in to or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not want this information to be associated with your Google profile, you must log out before activating the button. Google stores your data as a user profile and uses it for advertising, market research and/or to tailor its website to your needs. Such an evaluation is carried out in particular (even for users who are not logged in) to provide customized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.

(3) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider's data protection declarations. There you will also find further information about your rights in this regard and settings options for protecting your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

7.2. Use of Google Analytics

(1) This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google in advance within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

(3) You can prevent the storage of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.

(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are further processed in abbreviated form, thus excluding the possibility of personal references. Insofar as the data collected about you is personally identifiable, it will be immediately excluded and the personal data will be deleted immediately.

(5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 lit. f DSGVO.

(6) Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: www.google.com/analytics/terms/de.html, data protection overview: www.google.com/intl/de/analytics/learn/privacy. html, and the privacy policy: www.google.de/intl/de/policies/privacy.

(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.

7.3. Newsletter

The following information is to inform you about the content of our newsletter, the registration, delivery and statistical evaluation procedures, and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

(1) We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as “newsletters”) only with the consent of the recipient or a legal permission. If the contents of a newsletter are specifically described in the context of registration, they are decisive for the consent of the user. Otherwise, our newsletters contain information about new products, special offers, brand-specific promotions, events and seminars organized by our company.

(2) Registration for our newsletter is done using a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with third-party e-mail addresses. Registrations for the newsletter are logged in order to be able to prove that the registration process meets legal requirements. This includes the storage of the login and confirmation times, as well as the IP address. Likewise, changes to your data stored by MailChimp are logged.

(3) The newsletter is sent using MailChimp, a newsletter delivery platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The email addresses of our newsletter recipients, as well as other data described in the context of this notice, are stored on MailChimp's servers in the United States. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp may use this data to optimize or improve its own services, e.g. for the technical optimization of the sending and presentation of the newsletter or for economic purposes, to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties. We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement “Privacy Shield” https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG and is obliged to comply with EU data protection requirements. Furthermore, we have concluded a “Data Processing Agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect our users' data, to process it on our behalf in accordance with its data protection regulations and, in particular, not to pass it on to third parties. You can view MailChimp's data protection regulations here. https://mailchimp.com/legal/privacy/

(4) Only registered customers may sign up for our newsletter. We use your e-mail address, client number, first name and surname when you sign up. This information is used solely to personalize the newsletter.

(5) The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of the retrieval, are initially collected. This information is used for technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our nor MailChimp's intention to observe individual users. Rather, the evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

(6) There are cases in which we redirect newsletter recipients to the MailChimp website. For example, our newsletters contain a link that newsletter recipients can use to access the newsletter online (e.g. in the event of display problems in the email program). Likewise, the privacy policy of MailChimp is only available on their website. In this context, we would like to point out that cookies are used on the MailChimp websites and that personal data is therefore processed by MailChimp, its partners and service providers (e.g. Google Analytics). We have no influence over this data collection. Further information can be found in MailChimp's privacy policy. We would also like to draw your attention to the possibilities for objecting to data collection for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European area).

(7) You can cancel our newsletter at any time, i.e. revoke your consent. This simultaneously revokes your consent to its distribution via MailChimp and the statistical analyses. Unfortunately, it is not possible to revoke consent to distribution via MailChimp or to statistical analysis separately. You will find a link to cancel the newsletter at the end of each newsletter.

7.4. Use of YouTube

(1) We have embedded YouTube videos in our online offering. These are stored on www.youtube.com and can be played directly from our website. [These are all embedded in “extended data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. The data referred to in paragraph 2 is only transferred when you play the videos. We have no influence on this data transfer.]

(2) When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section 3 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account that you are logged in to or whether no user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not want this information to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. In particular, such an evaluation is carried out (even for users who are not logged in) to provide customized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.

(3) Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy. You can also find more information about your rights and settings options for protecting your privacy there: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

7.5 Use of fonts.com

This website uses fonts.com, a font service provided by Linotype GmbH, Werner-Reimers-Straße 2-4, 61352 Bad Homburg, Germany. Each time this website is accessed, files are loaded from a fonts.com server to display the texts in a particular font. In doing so, your IP address may be transmitted to a server of “fonts.com” and stored in the context of the usual weblog. Further processing of this information is the responsibility of “fonts.com”; for the corresponding conditions and setting options, please refer to the data protection information of “fonts.com”. https://www.monotype.com/legal/privacy-policy/website-use-privacy-policy/

8. Recipients or categories of recipients

If we disclose your personal data to third parties, you will be explicitly informed of this in the description of the respective data processing (e.g. when using our contact form). Of course, we also use external service providers for technical and organizational processing, with whom we have concluded corresponding data processing agreements in accordance with Art. 28 GDPR. These are, for example, service providers for web hosting, sending e-mails and letters, maintaining and servicing our IT systems, etc.

9. storage period

Your data will be stored for as long as is absolutely necessary to achieve the respective purpose, but no longer than any legal requirements require of us .

As soon as the purpose of storage no longer applies or a storage period prescribed by the aforementioned regulations expires, the personal data will be routinely blocked or deleted.

10. Your rights

In this section, we would like to provide you with comprehensive information about your rights.

10.1 Right of access

You have the right to request information from us at any time as to whether we are processing personal data relating to you. If this is the case, you have the right to request information regarding the data specified in Art. 15 (1) 2nd half-sentence GDPR.

You have the right to request information as to whether the personal data relating to you is being transferred to a third country or to an international organization.

10.2 Right to rectification

Furthermore, according to Art. 16 GDPR, you have the right to request that we immediately rectify any inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.

10.3 Right to erasure (“right to be forgotten”)

You also have the right to demand that we erase personal data concerning you without undue delay. We are obliged to comply with this request and to erase personal data unless we are legally obliged or entitled to further process your data. For details, please refer to Art. 17 GDPR.

10.4 Right to restriction of processing

Taking into account the legal requirements of Art. 18 GDPR, you have the right to request that we restrict the processing.

10.5. Right to notification

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to communicate any rectification or erasure of personal data or restriction of processing carried out in response to this to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort (Art. 19 GDPR).

In any event, you have the right to be informed about those recipients.

10.6 Right to data portability

If we process your data with your consent or on the basis of a contract, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller, provided that the legal requirements according to Art. 20 GDPR are met.

10.7 Right to object

Right to object in individual cases

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Right to object to processing for direct marketing purposes

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

You have the option, in the context of the use of information society services, of exercising your right to object by means of automated procedures that use technical specifications.

10.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

10.9 Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

a) is necessary for entering into, or performance of, a contract between you and a data controller;
b) is authorized by law to which the controller is subject and such law contains suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. With regard to the cases referred to in lit. a. and lit. c., the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10.10. Right of appeal

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection regulations.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR. As already mentioned (see Section 2), we also have a data protection representative in the EU as a point of contact for supervisory authorities and data subjects for all questions relating to EU data protection law:

IT-Kanzlei Lutz

Stefan Lutz, LL.M.

Attorney at Law and Specialist Lawyer for IT Law

Borgfelder Landstrasse 2

28357 Bremen

Germany

Telephone: +49 421/322889-0

Email: info@hb-law.de

Website: www.hb-law.de

11. Legal basis for the processing

Insofar as not already mentioned in the individual processing operations under the previous sections, we show below the legal bases on which we carry out the data processing.

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

We reserve the right to change this privacy policy at any time.