DE | EN

Privacy policy

1. Data privacy at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data refers to all data that can be used to personally identify you. For further information on the subject of data privacy, refer to our privacy policy at the end of this text.

Collecting data on our website

Who is responsible for collecting data on this website?

The website operator is responsible for processing data on this website. You can find their contact details in the legal notice section on this website.

How do we collect your data?

Some of the date we collect data is provided by you. This could be data that you enter in a contact form, for example.

Other data is automatically collected by our IT systems when you visit our website. This includes above all technical data (e.g. Internet browser, operating system or the time at which you visited our site). This data is collected automatically as soon as you access our website.

What do we do with your information?

Some of the information is collected to ensure we can provide you with our website without any errors. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right at any time to receive information about the origin, recipients and purpose of your stored personal data free of charge. Additionally, you have the right to request that this data is corrected, blocked or deleted. You may contact us via the address given under the legal notice section of this website at any time with regard to this issue or any other questions about data privacy. Furthermore, you also have the right to appeal to the responsible supervisory authority.

Additionally, you have the right under certain circumstances to request that the processing of your personal data is restricted. For further details on this, refer to the "Right to restrict processing" section in the privacy policy.

Analysis tools and tools from third-party providers

When you visit this website, your surfing behaviour may be statistically evaluated. This primarily happens using cookies and so-called analysis programs. As a rule, your surfing behaviour is analysed anonymously; the surfing behaviour cannot be traced back to you.

You may object to this analysis or prevent it from occurring by not using certain tools. You can find detailed information about these tools and the different ways in which you can raise an objection in the following privacy policy.

2. General and obligatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with corresponding legal data protection regulations and this privacy policy.

When you use this website, certain personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains which data we collect and what we use it for. It also outlines how this happens, why we do it and the legal basis for this.

In addition, we inform you that there may be gaps in security when data is transmitted via the Internet (e.g. when communicating by email). It is not possible to completely protect data against attacks from third parties.

Information about the controller

The controller responsible for processing data on this website is:

Jasha GmbH
Peniger Str. 13a
09322 Penig, Germany

Telephone: +49 (0)37381 69617
Email: info@jasha-cosmetic.com

The controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses).

Withdrawal of consent (Article 7, Paragraph 2 GDPR)

If you have given express consent to the processing of your data, you shall have the right at any time to withdraw the consent you have already given. All we require for this is informal notification from you by e-mail. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object to collecting of personal data in particular situations and to direct marketing (Article 21 GDPR)

If the data processing is based on Article 6, Paragraph 1, Point (e) or (f) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, including profiling based on those provisions. You can find the respective legal basis for processing data in this privacy policy. If you object, we shall no longer process the personal data in question unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the data is being processed for the establishment, exercise or defence of legal claims (objection pursuant to Article 21, Paragraph 1 GDPR).

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for the purposes of direct marketing (objection pursuant to Article 21, Paragraph 2 GDPR).

Right to lodge a complaint with a supervisory authority

In the event of infringements of GDPR, the data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement.

Right to data portability (Article 20 GDPR)

You also have the right to have the data that we process automatically based on your consent or for the fulfilment of a contract transmitted to yourself or a third party in a structured, commonly used and machine-readable format. Should you request that the data is directly transmitted to another controller, this shall be done only if it is technically feasible.

SSL and TLS encryption

This website uses SSL and TLS encryption for security purposes and to protect the transmission of confidential content such as orders or requests that you submit to us as the site operator. You can recognise if a connection is secure when the address line of the browser changes from "http://" to "https://" and a padlock icon appears in your browser line.

If SSL and/or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Right of access, blocking, rectification and erasure (Art. 15, 16 and 17 GDPR)

You have the right at any time to obtain information about the personal data concerning you being stored, including the source and recipients of the data and the purpose of the data processing (Article 15 GDPR).

Furthermore, you have the right to have this data rectified, blocked or erased (Articles 16 and 17 GDPR). You can contact us at any time via the address given in the legal notice section of this website with regard to this issue or any other questions about personal data.

Right to restriction of processing (Article 18 GDPR)

You have the right to request that the processing of your personal data is restricted. You may contact us about this issue at any time via the address given in the legal notice section of this website. The right to restriction of processing applies under the following situations:

  • If you contest the accuracy of your personal data we have stored, we will usually require a certain period of time to verify this. For the duration of this verification period, you have the right to request that the processing of your personal data is restricted.
  • If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of its erasure.
  • If we no longer need your personal data, but it is required by you for the establishment, exercise or defence of legal claims, you have the right to request the restriction of processing instead of its erasure.
  • If you have objected to processing pursuant to Article 21, Paragraph 1 GDPR, a decision must be made as to whether your interests override our interests. While the decision regarding each party's interest is pending, you have the right to obtain the restriction of processing your personal data.

If you have obtained the restriction of processing your personal data, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

3. Collecting data on our website

Cookies

In some instances, our websites use cookies. Cookies are not harmful to your computer and they do not contain any viruses. Cookies are used to make our website more user friendly, effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.

The majority of the cookies we use are what are known as "session cookies". They are automatically deleted after your visit. Other cookies remain on your end device until you delete them. These cookies allow us to recognise your browser the next time you visit our website.

You can set your browser so that you are informed about the placement of cookies and have the option to allow cookies only in individual cases. These settings also allow you to block cookies in specific cases or as a general rule and also to activate the automatic deletion of cookies when you close the browser. If you deactivate cookies, the functionality of this website may be limited.

Cookies that are required to execute electronic communication processes or to provide certain functions required by you (such as the shopping basket function) shall be stored on the basis of Article 6, Paragraph 1, Point (f) GDPR. The website operator has a legitimate interest in storing cookies to ensure the error-free, optimised provision of services. Any other cookies that are stored (e.g. cookies that analyse your surfing behaviour) are dealt with separately in this privacy policy.

Server log files

The website provider automatically collects and stores information in server log files that your browser automatically transmits to us. This information includes:

  • The type and version of your browser
  • The operating system you are using
  • The referrer URL
  • The host name of the accessing computer
  • The time of the server request
  • The IP address

This data is not combined with data from other sources.

The basis for collecting this data is Article 6, Paragraph 1, Point (f) GDPR. The website operator has a legitimate interest in ensuring the error-free presentation and optimisation of their website – the server log files must be collected for this purpose.

Contact form

If you submit requests to us using the contact form, your details in the contact form, including the contact data provided by you, will be stored by us for the purpose of processing your request and to deal with any potential follow-up queries. We will not pass on this data without your consent.

As such, the data entered in the contact form shall only be processed on the basis of your consent (Article 6, Paragraph 1, Point (a) GDPR). You may withdraw this consent at any time. All we require for this is informal notification from you by e-mail. The withdrawal of consent shall not affect the lawfulness of processing before its withdrawal.

The data entered by you in the contact form shall remain with us until you request its deletion, withdraw your consent for storage or the purpose for storing the data no applies (e.g. your request has been resolved and closed). Mandatory legal provisions – in particular retention periods – remain unaffected by this.

Request by email, phone or fax

If you contact us by email, phone or fax, your request, including all personal data resulting from it (name, query), shall be stored and processed by us for the purpose of dealing with your request. We will not pass on this data without your consent.

The basis for processing this data is Article 6, Paragraph 1, Point (b) GDPR, provided your query is connected with the performance of a contract or is required in order to take steps prior to entering into a contract. In all other cases, processing is based on your consent (Article 6, Paragraph 1, Point (a) GDPR) and/or on our legitimate interests (Article 6, Paragraph 1, Point (f) GDPR) as we have a legitimate interest in ensuring that requests submitted to us are effectively processed.

The data provided to us by you during the course of contact requests shall remain with us until you request its deletion, withdraw your consent for storage or the purpose for storing the data no longer applies (e.g. your request has been resolved and closed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected by this.

Processing customer data

We collect, process and use personal data only to the extent that it is required for the establishment of a legal relationship with you, to define the content of such a relationship or to make changes to it (customer data). This is based on Article 6, Paragraph 1, Point (b) GDPR, which permits the processing of data for the performance of a contract or in order to take steps prior to entering into a contract.

The customer data collected shall be deleted after the contract has been concluded or the business relationship has been terminated. Statutory retention periods remain unaffected by this.

4. Analysis tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses "cookies". These are text files that are stored on your computer and used to analyse how you use the website. The information generated by a cookie about how you use this website is usually transmitted to a Google server in the US and stored there.

The storage of Google Analytics cookies and the use of this analysis tool is based on Article 6, Paragraph 1, Point (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise their online offering and advertising. If the corresponding consent was requested (e.g. consent for storing cookies), processing is carried out exclusively on the basis of Article 6, Paragraph 1, Point (a) GDPR; consent may be withdrawn at any time.

Browser plugin

You can prevent cookies from being stored by selecting the appropriate settings in your browser software; if you do this, however, you may not be able to use all functions on this website to their full extent. In addition to this, you can prevent the collection of data generated by the cookie about your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plugin available at this link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set, which will prevent your data from being collected when you visit this website in future: Deactivate Google Analytics.

You can find further information about how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Processing orders

We have concluded a contract with Google for order processing and fully implement the stringent requirements of the German data protection authorities when using Google Analytics.

5. Plugins and tools

Google reCAPTCHA

We use "Google reCAPTCHA" (referred to as "reCAPTCHA" in the following) on this website. The service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is designed to establish whether a human or an automated program is entering data on this website (e.g. in a contact form). reCAPTCHA analyses the behaviour of visitors to the website based on different characteristics. This analysis starts automatically as soon as the user visits the website. reCAPTCHA evaluates different information during the analysis (e.g. the IP address, how long the user spends on the website and the mouse movements carried out by the user). The data recorded during the analysis is sent to Google.

reCAPTCHA analyses are carried out completely in the background. Visitors to the website are not informed that an analysis is taking place.

The basis for processing this data is Article 6, Paragraph 1, Point (f) GDPR. The website operator has a legitimate interest in protecting their online offering against improper automated spying and SPAM.

You can find further information about Google reCAPTCHA in Google's privacy policy and terms of service, which are available at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.