Privacy policy

1) Introduction and Contact Details of the Controller

1.1

We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how your personal data is handled when using our website. Personal data refers to all data by which you can be personally identified.

1.2

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Doderm GmbH
Universitätsstraße 3
56070 Koblenz
Germany
Tel.: 026113491090
E-mail: beatrix.forster@doderm.eu

The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1

When you use our website purely for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time of access
  • Amount of data transmitted in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (if applicable, in anonymized form)

Processing is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not disclosed or otherwise used. However, we reserve the right to subsequently review the server log files if there are concrete indications of unlawful use.

2.2

For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

Shopify

For hosting our website and displaying page content, we use the services of:

Shopify International Limited
Victoria Buildings, 2nd Floor
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland

Data is also transferred to:

Shopify Inc.
150 Elgin St
Ottawa, ON K2P 1L4
Canada

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing your browser (“session cookies”), while others remain on your device for a longer period and allow page settings to be saved (“persistent cookies”). In the latter case, you can find the storage duration in your web browser’s cookie settings overview.

If personal data is processed through individual cookies used by us, the processing is carried out pursuant to Article 6(1)(b) GDPR for the performance of a contract, pursuant to Article 6(1)(a) GDPR if consent has been given, or pursuant to Article 6(1)(f) GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a customer-friendly and effective website experience.

You can configure your browser so that you are informed about the setting of cookies and can decide individually whether to accept them, or exclude the acceptance of cookies for certain cases or generally.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contacting Us

5.1 Judge.me

We use the services of the following provider for review reminders:

Judge.me Ltd.
c/o Buckworths
2nd Floor, 1-3 Worship Street
London, England, EC2A 2AB
United Kingdom

Exclusively on the basis of your express consent pursuant to Article 6(1)(a) GDPR, we transmit your email address and, where applicable, further customer data to the provider so that they can contact you by email with a review reminder.

You may revoke your consent at any time with effect for the future, either by contacting us or the provider.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

5.2

When you contact us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your request and only to the extent necessary for that purpose.

The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Article 6(1)(f) GDPR. If your inquiry aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted once it can be inferred from the circumstances that the matter in question has been conclusively resolved, provided that no statutory retention obligations prevent deletion.

6) Use of Customer Data for Direct Advertising

6.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers.

The only mandatory information required to receive the newsletter is your email address. Providing additional data is voluntary and is used to address you personally.

For newsletter distribution, we use the double opt-in procedure, which ensures that you only receive newsletters after expressly confirming your consent by clicking a verification link sent to the specified email address.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Article 6(1)(a) GDPR. In this context, we store your IP address recorded by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date.

The data collected when subscribing to the newsletter is used strictly for the intended purpose.

You may unsubscribe from the newsletter at any time via the designated link in the newsletter or by sending a corresponding message to the controller named above. After unsubscribing, your email address will be immediately removed from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use data beyond this scope where legally permitted and about which we inform you in this declaration.

6.2 Shopping Cart Reminders by Email

If you abandon your purchase before completing an order, you have the option of receiving a one-time email reminder regarding the contents of your virtual shopping cart.

The only mandatory information required for sending this reminder is your email address. Providing additional data is voluntary and may be used to address you personally.

For sending these emails, we use the double opt-in procedure, which ensures that you only receive a notification after expressly confirming your consent by clicking a verification link sent to the specified email address.

By activating the confirmation link, you grant us your consent to use your personal data pursuant to Article 6(1)(a) GDPR for sending shopping cart reminders. In this context, we store your IP address recorded by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date.

The data collected when subscribing to our email notification service is used strictly for the intended purpose.

You may unsubscribe from shopping cart reminders at any time by sending a corresponding message to the controller named above. After unsubscribing, your email address will be immediately removed from the distribution list established for this purpose unless you have expressly consented to further use of your data or we reserve the right to use data beyond this scope where legally permitted and about which we inform you in this declaration.

7) Data Processing for Order Handling

To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned financial institution in accordance with Article 6(1)(b) GDPR.

If, based on a corresponding contract, we owe you updates for goods containing digital elements or for digital products, we process the contact data provided by you when placing the order in order to personally inform you about such updates within the framework of our statutory information obligations pursuant to Article 6(1)(c) GDPR.

Your contact data is used strictly for communications regarding updates owed by us and is processed only to the extent necessary for the respective information.

For the processing of your order, we also cooperate with the service provider(s) listed below who support us in whole or in part in fulfilling concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

8) Rights of the Data Subject

8.1

Applicable data protection law grants you the following rights vis-à-vis the controller regarding the processing of your personal data (rights of access and intervention), whereby the legal basis cited applies to the respective conditions for exercising these rights:

  • Right of access pursuant to Article 15 GDPR
  • Right to rectification pursuant to Article 16 GDPR
  • Right to erasure pursuant to Article 17 GDPR
  • Right to restriction of processing pursuant to Article 18 GDPR
  • Right to notification pursuant to Article 19 GDPR
  • Right to data portability pursuant to Article 20 GDPR
  • Right to withdraw consent granted pursuant to Article 7(3) GDPR
  • Right to lodge a complaint pursuant to Article 77 GDPR

8.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST FOLLOWING A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH FUTURE EFFECT FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING PURPOSES. YOU MAY EXERCISE THIS RIGHT OF OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

9) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and—where applicable—the respective statutory retention period (e.g., retention periods under commercial and tax law).

When personal data is processed on the basis of explicit consent pursuant to Article 6(1)(a) GDPR, such data is stored until you withdraw your consent.

Where statutory retention periods exist for data processed within the framework of contractual or quasi-contractual obligations on the basis of Article 6(1)(b) GDPR, such data is routinely deleted after the retention periods have expired, provided it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in continued storage.

When personal data is processed on the basis of Article 6(1)(f) GDPR, such data is stored until you exercise your right to object pursuant to Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

When personal data is processed for direct marketing purposes on the basis of Article 6(1)(f) GDPR, such data is stored until you exercise your right to object pursuant to Article 21(2) GDPR.

Unless otherwise stated in the information contained in this declaration regarding specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Datenschutzerklärung by IT- Recht Kanzlei 

Version as of: June 18, 2026, 03:47:19.