Privacy Policy

1) Introduction and contact information for the data controller

1.1We are pleased that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data refers to any information that can be used to identify you personally.

1.2The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Doderm GmbH, Universitätsstraße 3, 56070 Koblenz, Germany, Tel.: 026113491090, Email: beatrix.forster@doderm.eu. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data collection when you visit our website

2.1When you use our website for informational purposes only—that is, if you do not register or otherwise provide us with information—we collect only the data that your browser transmits to the website server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

  • The website we visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/link that brought you to this page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2For security reasons and to protect the transmission of personal data and other confidential information (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the padlock icon in your browser address bar.

3) Hosting & Content Delivery Network

Shopify

We use the system provided by the following provider to host our website and display its content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider’s servers. We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits its unauthorized disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision issued by the European Commission.

4) Cookies

To make your visit to our website more enjoyable and to enable the use of certain features, we use cookies—small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of your web browser’s cookie settings.

If personal data is processed through individual cookies we use, such processing is carried out in accordance with Article 6(1)(b) of the GDPR for the purpose of performing the contract, pursuant to Article 6(1)(a) of the GDPR in the event that consent has been given, or pursuant to Article 6(1)(f) of the GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website as well as a user-friendly and effective design of the site visit.

You can configure your browser to notify you when cookies are set, allowing you to decide on a case-by-case basis whether to accept them, or to block cookies in specific cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Getting in touch

5.1Judge.me

We use the services of the following provider for review reminders: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom

We will only share your email address and, if applicable, other customer data with the provider—based solely on your explicit consent in accordance with Article 6(1)(a) of the GDPR—so that the provider can contact you via email with a reminder to leave a review.

You may withdraw your consent at any time, effective for the future, by notifying us or the provider.

We have entered into a data processing agreement with the service provider that ensures the protection of our website visitors' data and prohibits its unauthorized disclosure to third parties.

When data is transferred to the provider's location, an adequate level of data protection is ensured by an adequacy decision issued by the European Commission.

5.2When you contact us (e.g., via the contact form or email), we process your personal data solely for the purpose of handling and responding to your inquiry, and only to the extent necessary for that purpose.

The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Article 6(1)(f) of the GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively resolved and provided that no statutory retention obligations preclude this.

6) Use of customer data for direct marketing

6.1Subscription to our email newsletter

When you subscribe to our email newsletter, we will send you regular updates about our offers. The only required information for receiving the newsletter is your email address. Providing additional information is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter, which ensures that you will only receive the newsletter once you have explicitly confirmed your consent to receive it by clicking on a verification link sent to the email address you provided.

By clicking the confirmation link, you give us your consent to use your personal data in accordance with Article 6(1)(a) of the GDPR. In doing so, we store your IP address as provided by your Internet Service Provider (ISP), as well as the date and time of registration, so that we can trace any potential misuse of your email address at a later date. The data we collect when you subscribe to the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time by clicking the link provided in the newsletter or by sending a message to the contact person listed at the beginning of this notice. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

6.2Shopping Cart Reminders via Email

If you abandon your shopping session before completing your order, you have the option to request a one-time email reminder of the contents of your virtual shopping cart.

The only required information for sending this reminder is your email address. Providing additional information is voluntary and may be used to address you personally. For email communications, we use the so-called double opt-in procedure, which ensures that you will only receive a notification once you have explicitly confirmed your consent by clicking on a verification link sent to the email address you provided.

By clicking the confirmation link, you give us your consent to process your personal data in accordance with Article 6(1)(a) of the GDPR for the purpose of sending you a shopping cart reminder. In doing so, we store your IP address as recorded by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any potential misuse of your email address at a later date. The data we collect when you register for our email notification service is used strictly for the intended purpose.

You can unsubscribe from shopping cart reminders at any time by sending a message to the contact person listed above. Once you have unsubscribed, your email address will be immediately removed from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

7) Data processing for order fulfillment

To the extent necessary for the fulfillment of the contract for delivery and payment purposes, the personal data we collect will be disclosed to the contracted shipping company and the contracted financial institution in accordance with Article 6(1)(b) of the GDPR.

If we are obligated to provide you with updates for goods containing digital elements or for digital products based on a relevant contract, we will process the contact information you provided when placing your order in order to personally notify you in accordance with our legal obligations under Article 6(1)(c) of the GDPR. Your contact details will be used strictly for the specific purpose of communicating updates we are obligated to provide and will be processed by us for this purpose only to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s), who assist us, either fully or partially, in fulfilling the contracts we have entered into. Certain personal data is shared with these service providers in accordance with the information provided below.

8) Rights of the Data Subject

8.1Under applicable data protection law, you have the following rights as a data subject (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data; please refer to the cited legal basis for the respective conditions for exercising these rights:

  • Right of access pursuant to Article 15 of the GDPR;
  • Right to rectification pursuant to Article 16 of the GDPR;
  • Right to erasure pursuant to Article 17 of the GDPR;
  • Right to restriction of processing pursuant to Article 18 of the GDPR;
  • Right to information pursuant to Article 19 of the GDPR;
  • Right to data portability pursuant to Article 20 of the GDPR;
  • Right to withdraw consent pursuant to Article 7(3) of the GDPR;
  • Right to lodge a complaint under Article 77 of the GDPR.

8.2RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, fundamental rights and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE THIS RIGHT AS DESCRIBED ABOVE.

EXERCISE YOUR RIGHT TO OBJECT, AND WE WILL STOP PROCESSING THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.

9) Retention period for personal data

The duration of the storage of personal data is determined by the applicable legal basis, the purpose of processing, and—where applicable—the relevant statutory retention period (e.g., retention periods under commercial and tax law).

When processing personal data based on explicit consent pursuant to Article 6(1)(a) of the GDPR, the data in question will be stored until you withdraw your consent.

If there are statutory retention periods for data processed in connection with contractual or quasi-contractual obligations pursuant to Article 6(1)(b) of the GDPR, such data will be routinely deleted upon the expiration of the retention periods, provided that it is no longer necessary for the performance or initiation of a contract and/or we no longer have a legitimate interest in continuing to store it.

When processing personal data on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

When processing personal data for the purpose of direct marketing pursuant to Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(2) of the GDPR.

Unless otherwise specified in the other information contained in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.