1.Data protection
1) Information about the collection of personal data and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we will inform you about how your personal data is handled when you use our website. Personal data is all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is NailScienceCo, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom, Email: support@nailscience.co. The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses SSL or. TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.
2. Data collection when you visit our website
If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if necessary: in anonymized form)
Processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
3. Hosting & Content Delivery Network
Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”) for the purpose of hosting and displaying the online shop based on processing on our behalf. All data collected on our website is processed on Shopify’s servers. As part of Shopify's aforementioned services, data may also be processed further on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc .or Shopify (USA) Inc. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision. Further information on data protection from Shopify can be found on the following website: https://www.shopify.de/legal/datenschutz Further processing on servers other than the Shopify servers mentioned above only takes place within the framework stated below.
4.Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close the browser (so-called “session cookies”), while some of these cookies remain on your device for a longer period of time and enable you to save page settings (so-called “persistent cookies”). In the latter case, you can find out the storage period in the overview of the cookie settings in your web browser.
If personal data is also processed through individual cookies we use, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract, in accordance with Art. 6 Para. 1 lit in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be restricted.
5.Contact us
When you contact us (e.g. via contact form or email), personal data is processed - exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis for the processing is Article 6 (1) (b) GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.
6.Data processing when opening a customer account
In accordance with Article 6 Paragraph 1 Letter b of the GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can find out which data is required to open an account in the input mask of the corresponding form on our website. Your customer account can be deleted at any time and can be done by sending a message to the above address of the person responsible. After your customer account has been deleted, your data will be deleted provided that all contracts concluded regarding it have been completely processed, there are no legal retention periods to the contrary and we have no legitimate interest in continuing to store it.
7.Use of customer data for direct advertising
7.1 Registration for our email newsletter
If you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. To send the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive the newsletter once you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided
By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6 (1) (a) GDPR. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data we collect when registering for the newsletter is used strictly for a specific purpose. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the person responsible mentioned at the beginning. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.
7.2 - Newsletter dispatch via Klaviyo
Our email newsletters are sent via the technical service provider “Klaviyo”, 225 Franklin St, Boston, MA 02110, USA ( http://www.klaviyo.com/ ), to which we Pass on the data you provided when you registered for the newsletter. This transfer is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR and serves our legitimate interest in using an advertising-effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a Klaviyo server in the USA and stored there.
Klaviyo uses this information to send newsletters on our behalf. Klaviyo does not use the data of our newsletter recipients to write to them ourselves or to pass them on to third parties.
To protect your data in the USA, we have a data processing agreement with Klaviyo (“Data Processing Agreement”), in which Klaviyo undertakes to protect our users’ data, to process it on our behalf in accordance with its data protection regulations and in particular not to third parties to pass on.
You can view Klaviyo's privacy policy here: https://www.klaviyo.com/privacy
8.Data processing for order processing
8.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Article 6 Paragraph 1 Letter b GDPR.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact details you provided when ordering (name, address, email address) in order to provide you with our legal information obligations in accordance with Art. 6 Para 1 lit. Your contact details will be used strictly for the purpose of communicating updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information.
To process your order, we also work with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
8.2 Use of payment service providers (payment services)
- Paypal When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, we pass on your payment data to PayPal (Europe) Sarl et Cie, SCA, as part of the payment processing. 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Further data protection information, including information about the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full You can object to this processing of your data at any time by sending a message object to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
- Shopify Payments We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered through the payment service provider Shopify Payments, the payment is processed via the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we communicate the information you provided during the ordering process, along with the information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Paragraph 1 Letter b GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information about Shopify Payments’ data protection can be found at the following internet address: https://www.shopify.com/legal/privacy . Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
9.Online marketing
9.1 Facebook pixel for the creation of custom audiences (with cookie consent tool)
The so-called “Facebook pixel” from the social network Facebook is used within our online offering, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”) is operated.
If a user clicks on an advertisement placed by us that is displayed on Facebook, an addition is added to the URL of our linked site by Facebook Pixel. If our site allows the sharing of data with Facebook via Pixel, This URL parameter is written into the user's browser via a cookie, which our linked page sets itself. This cookie is then read by Facebook Pixel and enables the data to be forwarded to Facebook.
With the help of the Facebook Pixel, Facebook is able to, on the one hand, to determine the visitors to our online offering as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook pixel to only show the Facebook Ads we place to those Facebook users who also use them have shown interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products, which are determined based on the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. This allows us to further evaluate the effectiveness of Facebook advertisements for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion”).
The data collected is anonymous to us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage guidelines ( https://www.facebook.com/about/privacy/ ). The data can enable Facebook and its partners to place advertisements on and outside of Facebook.
The data processing associated with the use of the Facebook Pixel only takes place with your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website.
9.2 - Google Ads conversion tracking
This website uses the online advertising program "Google Ads" and, as part of Google Ads, conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") ). We use Google Ads to draw attention to our attractive offers on external websites using advertising materials (so-called Google Adwords). We can use the data from the advertising campaigns to determine how successful the individual advertising measures are. Our aim is to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of the advertising costs incurred.
The conversion tracking cookie is set when a user clicks on an Ads ad placed by Google. Cookies are small text files that are stored on your device. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages on this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users.
When using Google Ads, personal data may also be transmitted to the servers of Google LLC. come to the USA.
Details about the processing initiated by Google Ads Conversion Tracking and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites All processing described above, in particular the setting of cookies for reading of information on the device used will only be carried out if you have given us your express consent to this in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website. You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the Google browser plug-in available at the following link:
https://www.google.com/settings/ads/plugin?hl=de
In order to address users whose data we have received as part of business or business-like relationships even more in line with their interests, we use a function within Google Ads Customer Match. For this purpose, we transmit one or more files with aggregated customer data (especially email addresses and telephone numbers) to Google electronically. Google does not receive access to clear data, but instead automatically encrypts the information in the customer files using a special algorithm during the transmission process. The encrypted information can then only be used by Google to assign it to existing Google accounts that those affected have set up. This enables personalized advertising to be displayed across all Google services linked to the respective Google account.
Customer data will only be transmitted to Google if you have given us your express consent to do so in accordance with Article 6 (1) (a) GDPR. You can revoke this consent from us at any time with effect for the future. Further information about Google's data protection measures in relation to the customer match function can be found here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182 Google's data protection regulations can be viewed here: https:/ /www.google.de/policies/privacy/
10.Web analytics services
Google Analytics 4
This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which can be used to analyze the use of websites.
When using Google Analytics 4, so-called “cookies” are used by default. Cookies are text files that are stored on your device and enable your use of a website to be analyzed. The information collected by cookies about your use of the website (including the IP address transmitted by your device, shortened by the last digits, see below) is usually transmitted to a Google server and stored and processed there. This may also result in information being transmitted to the servers of Google LLC based in the USA and further processing of the information there.
When using Google Analytics 4, the IP address transmitted by your device when you use the website is always collected and processed automatically and in an anonymous manner by default, so that the information collected cannot be directly related to a person. This automatic anonymization occurs by shortening the IP address transmitted by your device by Google within member states of the European Union (EU) or other contracting states to the Agreement on the European Economic Area (EEA) by the last digits.
On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports on your website activities and your usage behavior and to provide us with other services related to your website use and internet usage. The shortened IP address transmitted by your device as part of Google Analytics 4 is not merged with other Google data. The data collected when using Google Analytics 4 is stored for 2 months and then deleted.
Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users based on an evaluation of interest-based advertising and with the use of third-party information via a special function, the so-called “demographic characteristics”. This makes it possible to determine and differentiate user groups of the website for the purpose of targeting marketing measures in a target group-optimized manner. However, data collected via “demographic characteristics” cannot be assigned to a specific person and therefore not to you personally. This data collected via the “demographic characteristics” function is retained for two months and then deleted.
All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the device you use to use the website, will only take place if you inform us of this in accordance with Art. 6 Para. 1 lit. a GDPR you have given your express consent. Without your consent, Google Analytics 4 will not be used while you use the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service using the “cookie consent tool” provided on the website.
In connection with this website, the “UserIDs” function is also used as an extension of Google Analytics 4. By assigning individual UserIDs, we can have Google create cross-device reports (so-called “cross device tracking”). This means that your usage behavior can also be analyzed across devices if you have set up a personal account by registering on this website and with Your relevant login details are logged into your personal account on different devices. The data collected in this way shows, among other things, on which device you clicked on an ad for the first time and on which device the corresponding conversion took place.
In connection with this website, the Google Signals service is also used as an extension of Google Analytics 4. With Google Signals we can have Google create cross-device reports (so-called “cross device tracking”). If you have activated “personalized ads” in your settings in your Google account and linked your internet-enabled devices to your Google account, Google can monitor usage behavior when you give your consent to the use of Google Analytics 4 in accordance with Art. 6 Para. 1 lit. a DSGVO analyze across devices and create database models based on this. The logins and device types of all website users who were logged into a Google account and carried out a conversion are taken into account. The data shows, among other things, on which device you clicked on an ad for the first time and on which device the corresponding conversion took place. We do not receive any personal data from Google, but only statistics created on the basis of Google Signals. You have the option to deactivate the “personalized ads” function in the settings of your Google account and thus turn off cross-device analysis in connection with Google Signals. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de
Further information about Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de We have concluded a so-called order processing agreement with Google for our use of Google Analytics 4, through which Google is obliged to protect the data of our website users and not to pass it on to third parties. To ensure compliance with the European level of data protection, including any transfer of data from the EU or EEA to the USA and possible further processing there, Google relies on the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google. Further legal information about Google Analytics 4, including a copy of the standard contractual clauses mentioned, can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner -sites
11.Retargeting/remarketing/recommendation advertising
Google Ads Remarketing
Our website uses the functions of Google Ads Remarketing, with which we advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. Any further data processing will only take place if you have agreed to Google that your internet and app browser history will be linked by Google to your Google account and that information from your Google account will be used to personalize ads that you display on the web regard. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To do this, Google temporarily links your personal data with Google Analytics data to form target groups. As part of the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. come to the USA.
Details about the processing initiated by Google Ads Remarketing and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites You can permanently object to the setting of cookies by Google Ads Remarketing by Download and install the Google browser plug-in available at the following link: https://support.google.com/ads/answer/7395996 ? You can view further information and the data protection regulations regarding advertising and Google here: https://www.google.com/policies/technologies/ads/ All processing described above, in particular the setting of cookies to read information on the device used, will only be carried out if you have given us your express consent in accordance with Article 6 Paragraph 1 Letter a GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website.
TikTok Pixel
This website uses the “TikTok Pixel”, a tracking technology from the social network “TikTok” from TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”).
With the help of cookies (small text files that are stored on the device used), information about surfing behavior on our website is collected in a pseudonymized form, transmitted to TikTok, stored there and evaluated in order to then enable interest-based and personalized product recommendations to be displayed on TikTok. The subject of the information collected and processed pseudonymously is the device ID, the device type, time stamp, the operating system used and the IP address. The information can be assigned to the user using additional information that TikTok has stored about the user, for example due to the ownership of an account on the social network “TikTok”. TikTok can also combine the information collected via the pixel with other information that TikTok has collected via other websites and/or in connection with the use of the social network “TikTok” and thus create pseudonymized usage profiles. Under no circumstances can the information collected be used to personally identify visitors to this website.
The TikTok Pixel also allows us to track the effectiveness of advertisements on TikTok. If the user is redirected to pages on this website by an ad on TikTok and the cookies have not yet expired, the pixel records certain user actions predefined by us and can track them (e.g. completed transactions, leads, search queries on the website, views of product pages). When carrying out such an action, your browser sends an HTTP request from the cookie to the TikTok server via the TikTok pixel, which transmits certain information about the action. Through this transmission, TikTok can create statistics about usage behavior on our website after being redirected from a TikTok ad, which we use to optimize our offering.
All processing described above, in particular the setting of cookies to read information on the device used, will only be carried out if you have given us your express consent to this in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website. We have concluded an order processing agreement with TikTok for the use of the TikTok Pixel, which obliges TikTok to protect the data of our site visitors and not to pass it on to third parties. TikTok generally transmits collected information outside the European Economic Area and relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with European data protection levels.
12.Page functionalities
12.1 Use of YouTube videos
This website uses the YouTube embedding function to display and play videos from the provider “Youtube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) heard.
The extended data protection mode is used here, which, according to the provider, only starts saving user information when the video(s) are played. If the playback of embedded YouTube videos is started, the provider “YouTube” uses cookies to collect information about user behavior. According to information from “Youtube”, these serve, among other things, to record video statistics, improve user-friendliness and prevent abusive behavior. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not want it to be associated with your YouTube profile, you must log out before activating the button. You have the right to object to the creation of these user profiles; to exercise this you must contact YouTube. When using YouTube, personal data may also be transmitted to the servers of Google LLC. come to the USA.
Regardless of whether the embedded videos are played, a connection to the Google network is established every time this website is accessed, which can trigger further data processing operations without our influence.
All processing described above, in particular the reading of information on the device used via the tracking pixel, will only be carried out if you have given us your express consent to this in accordance with Article 6 Paragraph 1 Letter a of the GDPR. Without this consent, YouTube videos will not be used during your visit to the site.
You can revoke your consent at any time with future effect. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website using alternative options notified to you on the website.
Further information on data protection at “Youtube” can be found in the YouTube terms of use at https://www.youtube.com/static?template=terms and in Google’s data protection declaration at https://www.google.de/intl/ de/policies/privacy
12.2 Trusted Shops Trustbadge
To display our Trusted Shops quality seal and to offer Trusted Shops membership to buyers after an order, the Trusted Shops Trustbadge is integrated on this website.
This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer, Art. 6 Para. 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When you access the trust badge, the web server automatically saves a so-called server log file, which contains, for example, your IP address, date and time of retrieval, amount of data transferred and the requesting provider (access data) and documents the retrieval. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your site visit.
Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.
12.3 Online applications via a form
On our website we offer those interested in a job the opportunity to apply online using a corresponding form. Inclusion in the application process requires that applicants provide us with all the personal data required for a well-founded and informed assessment and selection via the form.
The required information includes general information about the person (name, address, telephone or electronic contact option) as well as performance-specific evidence of the qualifications required for a position. Health-related information may also be required, which must be given special consideration under labor and social law in the interest of the applicant's social protection.
When you send the form, the applicant data is transmitted to us in encrypted form in accordance with the state of the art, stored by us and evaluated exclusively for the purpose of processing the application.
The legal basis for this processing is generally Art. 6 Para. 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 Para. 1 BDSG), in the sense of which going through the application process is considered to be the initiation of an employment contract.
If special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g. health data such as information about severely disabled status) are requested from applicants as part of the application process, processing takes place in accordance with Art. 9 Para. 2 lit. b. GDPR, so that we can exercise the rights under labor law and social security and social protection law and fulfill our obligations in this regard.
Cumulatively or alternatively, the processing of special categories of data may also be based on Article 9 Paragraph 1 Letter h of the GDPR if it is for the purposes of preventive health care or occupational medicine, for assessing the applicant's ability to work, for medical diagnostics, care or Treatment is carried out in the health or social sector or for the management of systems and services in the health or social sector.
If an applicant is not selected in the course of the evaluation described above or if an applicant withdraws their application prematurely, the data submitted in the form will be deleted after a corresponding notification at the latest after 6 months. This deadline is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, in being able to meet our obligations to provide evidence under the regulations on equal treatment of applicants.
In the event of a successful application, the data provided will be further processed on the basis of Article 6 Paragraph 1 Letter b GDPR (for processing in Germany in conjunction with Section 26 Paragraph 1 BDSG) for the purposes of carrying out the employment relationship.
12.4 Applications for job advertisements by email
We advertise currently vacant positions in a separate section on our website, for which interested parties can apply by email to the contact address provided.
Inclusion in the application process requires that applicants provide us with all the personal data required for a well-founded and informed assessment and selection by email along with the application.
The required information includes general information about the person (name, address, telephone or electronic contact option) as well as performance-specific evidence of the qualifications required for a position. Health-related information may also be required, which must be given special consideration under labor and social law in the interest of the applicant's social protection.
Which components an application must contain in individual cases in order to be considered and in which form these components must be sent by email can be found in the respective job advertisement.
After receipt of the application sent using the email contact address provided, the applicant data will be stored by us and evaluated exclusively for the purpose of processing the application. For questions that arise during processing, we use either the email address provided by the applicant with their application or a telephone number provided, at our discretion.
The legal basis for this processing, including contacting us for queries, is generally Article 6 Paragraph 1 Letter b GDPR (for processing in Germany in conjunction with Section 26 Paragraph 1 BDSG), in the sense of which going through the application process is considered to be the initiation of an employment contract.
If special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g. health data such as information about severely disabled status) are requested from applicants as part of the application process, processing takes place in accordance with Art. 9 Para. 2 lit. b. GDPR, so that we can exercise the rights under labor law and social security and social protection law and fulfill our obligations in this regard.
Cumulatively or alternatively, the processing of special categories of data may also be based on Article 9 Paragraph 1 Letter h of the GDPR if it is for the purposes of preventive health care or occupational medicine, for assessing the applicant's ability to work, for medical diagnostics, care or Treatment is carried out in the health or social sector or for the management of systems and services in the health or social sector.
If the evaluation described above does not result in an applicant being selected or if an applicant withdraws their application prematurely, the data transmitted by email as well as all electronic correspondence, including the original application email, will be deleted after a corresponding notification at the latest after 6 months. This deadline is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, in being able to meet our obligations to provide evidence under the regulations on equal treatment of applicants.
In the event of a successful application, the data provided will be further processed on the basis of Article 6 Paragraph 1 Letter b GDPR (for processing in Germany in conjunction with Section 26 Paragraph 1 BDSG) for the purposes of carrying out the employment relationship.
13. Rights of the person concerned
13.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) towards the person responsible with regard to the processing of your personal data, whereby reference is made to the legal basis listed for the respective exercise requirements:
Right to information in accordance with Art. 15 GDPR;
Right to rectification in accordance with Art. 16 GDPR;
Right to deletion in accordance with Art. 17 GDPR;
Right to restriction of processing in accordance with Art. 18 GDPR;
Right to information in accordance with Art. 19 GDPR;
Right to data portability in accordance with Art. 20 GDPR;
Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR;
Right to complain in accordance with Art. 77 GDPR.
13.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCE OF INTERESTS BASED ON OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU USE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN PROVE COMPLEX REASONS FOR THE PROCESSING THAT ARE worthy of protection, which OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE YOUR OPT-OUT AS DESCRIBED ABOVE.
IF YOU USE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT ADVERTISING PURPOSES.
14.Duration of storage of personal data
The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing and - if relevant - additionally based on the respective legal retention period (e.g. commercial and tax law retention periods).
When processing personal data on the basis of express consent in accordance with Article 6 (1) (a) GDPR, this data will be stored until the person concerned revokes their consent.
If there are statutory retention periods for data that are processed within the framework of legal or transaction-like obligations on the basis of Art. 6 Para. 1 lit and/or we have no legitimate interest in further storage.
When processing personal data on the basis of Article 6 Paragraph 1 Letter f of the GDPR, this data will be stored until the data subject exercises his or her right to object in accordance with Article 21 Paragraph 1 of the GDPR, unless we can provide compelling legitimate reasons provide evidence for the processing that outweighs the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Article 6 Paragraph 1 Letter f of the GDPR, this data will be stored until the person concerned exercises their right to object in accordance with Article 21 Paragraph 2 of the GDPR.
Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
Contact : support@nailscience.co
