Privacy Policy 

Contents

1. Definitions of Terms

2. Information on the Controller, Data Protection Officer & Contact

3. Links to Third-Party Sites

4. Rights of the Data Subject

5. Transfer of Your Data; Recipients

6. Data Processing Operations

6.1 Processing of Traffic Data; Server Log Files

6.2 Contact; Contact Form

6.3 Orders in the Online Shop; Customer Account

6.4 Product Reviews

6.5 Job Applications

6.6 Credit Check

6.7 Newsletter

6.8 Statutory Retention and Documentation Obligations

6.9 Web Analytics and Tracking

6.10 Integration of Functional Third-Party Providers

6.11 Product Recommendations via E-mail

7. Storage and Tracking Technologies

7.1 Cookies

7.2 Local Storage; Session Storage

7.3 Tracking Pixels

8. Third-Party Services

8.1 General Information

8.2 Overview and Brief Description

8.3 General Website Operation

8.3.1 WebThinker Cookie Box

8.3.2 Google reCAPTCHA

8.3.3 Google Tag Manager; Google Consent Mode

8.3.4 Content Management System Extension

8.4 Web Analytics, Tracking, and Media Content

8.4.1 Google Analytics

8.4.2 Google Ads

(i) Google Ads Conversion Tracking

(ii) Google Ads Remarketing

8.4.3 Google Maps

8.4.4 Microsoft Advertising (Microsoft Bing)

8.4.5 Integration of Dropbox Videos

8.4.6 Integration of YouTube Videos

8.4.7 Meta Pixel

9. Payments

9.1 Payments via PayPal

9.2 Payments by Credit Card

9.3 Purchase on Account

10. Social Media and Platform Presences

10.1 Facebook

10.2 Instagram

10.3 YouTube

1. Definitions of Terms

Data protection regulations generally—albeit with certain exceptions—refer to the processing of personal data. For the purposes of this Privacy Policy, the definitions provided by the GDPR apply. Thus, the processing (Art. 4(2) GDPR) of personal data essentially covers any handling thereof. If the data we process relates to individuals and renders you identifiable as a person, such data generally qualifies as personal data, which makes you a data subject within the meaning of Art. 4(1) GDPR.

For optimal comprehension of this Privacy Policy, the following terms are especially relevant:

2. Information on the Controller, Data Protection Officer & Contact

3. Links to Third-Party Websites

We use links to third-party websites on our website. In particular, these include links to our presences on social networks (e.g., Facebook). When you click on one of these links, you are redirected directly to the respective site. The operators of those websites can only see that access was made via our website. Accordingly, we generally refer you to the separate privacy policies of those websites. For further information regarding our processing of your data in connection with our social media presences, please refer to section 10.

4. Rights of the Data Subject

You have the following rights at any time with regard to your personal data processed by us. These rights can be exercised free of charge by contacting us via one of the contact options specified in section 2 and will be answered as soon as possible, but in any event within one (1) month (restrictions may apply in certain exceptional cases, for example if the rights of third parties are at risk):

• Access to and further information about the specific personal data processed (Right of Access, Art. 15 GDPR);
• Rectification of data that is incomplete or has been incorrectly recorded or has become inaccurate (Right to Rectification, Art. 16 GDPR);
• Erasure of data that (i) is not necessary for the stated purposes, (ii) is processed unlawfully, or (iii) must be deleted due to a legal obligation or an objection (Right to Erasure, Art. 17 GDPR);
• Temporary restriction of processing under certain conditions (Right to Restriction, Art. 18 GDPR);
• Withdrawal of any consent given for the processing of your data at any time; please note, however, that withdrawal does not make prior processing based on consent retroactively unlawful—it only takes effect for the future (Right of Withdrawal, Art. 7(3) GDPR);
• Objection to the processing of your data based on our legitimate interests (Art. 6(1)(f) GDPR) for reasons arising from your particular situation, and objection at any time to the processing of your data for direct marketing purposes (Right to Object, Art. 21(1)–(2) GDPR);
• Transmission of your personal data, which we process for the performance of a contract with you, to take pre-contractual steps at your request, or on the basis of your consent, in a common machine-readable format to you or directly to another controller (Right to Data Portability, Art. 20 GDPR);
• Right to lodge a complaint: Notwithstanding any other administrative or judicial remedy, you have the right to complain to a supervisory authority if you believe that the processing of your personal data infringes the GDPR. 

A list of the German data protection supervisory authorities and their contact details can be found at: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

5. Transfer of Your Data; Recipients

In order to carry out the processing activities set forth in this Privacy Policy, your personal data will be transferred to or disclosed to the following recipients:

External processors engaged by us receive your data if they require it for the performance of their respective services (it is sufficient if a possibility of access to personal data exists). All processors are contractually obliged to process your data strictly in compliance with the requirements of the GDPR and exclusively in accordance with our instructions.

Within the context of our website, the following processors engaged by us may have access to your data:

• Amazon Web Services EMEA Sàrl, Avenue John F. Kennedy 38, LUX-1855 Luxembourg (website hosting);
• Hetzner Online GmbH, Industriestraße 25, DE-91710 Gunzenhausen (hosting provider for certain services integrated into the website, see in particular section 6.9);
• pronexon GmbH, Am Heilbrunnen 115, DE-72766 Reutlingen (IT infrastructure provider especially for the temporary storage of online shop orders for three [3] months);
• Computop Paygate GmbH, Schwarzenbergstraße 4, DE-96050 (in the context of providing the “Computop Paygate” payment platform, see section 9);
• Optimizely GmbH, Box 7007, SE-103 86 Stockholm (email marketing provider and tracking provider for offer personalization, see sections 6.3, 6.7, 8.4.5);
• trend SWM EDV-Beratung GmbH & Co KG, Jechtinger Straße 9, DE-79111 Freiburg (provider of our ERP solution, where the use of certain modules may involve the processing of customer data by the service provider);
• Service providers described in section 8 (unless otherwise specified regarding their role).

In addition, we transfer your data to independent controllers where this is necessary or where we are legally obliged to do so. Depending on the selected payment method, this may involve the payment providers and service providers listed in section 9 (cf. also section 6.6).

With regard to the processing activities set out in section 10, we are jointly responsible with the respective providers within the meaning of Art. 26 GDPR.

6. Data Processing Operations

In this section, we describe the specific data processing operations that may occur when accessing our website and in its use. We inform you about the key elements of each processing activity, namely (a) the nature and scope (when and how), (b) the purpose (why), as well as (c) the duration of storage of your data (how long).

Furthermore, we inform you about the legal basis which we rely upon under the GDPR to justify each processing activity involving your data. The following table provides an initial overview of the legal bases we specifically apply in this context:

6.1 Processing of Traffic Data; Server Log Files

(a) Nature and Scope of Data Processing:

You can visit our website without having to provide any personal information. However, from a purely technical standpoint, certain data, known as "traffic data," is transmitted when you access any website.

In this context, the following categories of traffic data may be transmitted to the server that the request is addressed to, in order to provide the website or a specific file:

(i) Implicit traffic data (automatically, inevitably, and unsolicited transmission): IP address used; User-Agent (browser type/version, operating system); page accessed (URL); referring page (referrer); access time; language setting.

(ii) Explicit traffic data (transmitted as provided for in the code of the respective service): screen resolution; color depth; time zone; touchscreen support; browser plugins.

The traffic data transmitted is stored by us in so-called “server log files.” For hosting our website, we use Amazon Web Services EMEA Sàrl (see section 5).

Additionally, we may use the traffic data transmitted during your visit to our website for analysis of the use of our services (see section 6.9).

Traffic data may also be transmitted to providers of integrated services on the website (see section 8).

(b) Legal Basis and Purpose:

The purpose of the general transmission of traffic data is to establish the requested connection. The purpose of storing traffic data in server log files is to ensure and maintain the technical security of our website. Processing is carried out on the basis of our legitimate interests (Art. 6(1)(f) GDPR), namely achieving these objectives (for the “right to object,” see section 4).

(c) Retention Period:

Server log files are generally deleted automatically within fourteen (14) days, unless they are required for longer for the purpose for which they were collected in an individual case.

6.2 Contact; Contact Form

(a) Nature and Scope of Data Processing:

When you contact us via the contact form provided on the website, the information you provide will be processed in order to handle your inquiry and address your request. Required fields are marked with an “*”; you can also choose to provide certain information voluntarily. Processing your data is necessary to process and answer your inquiry, as otherwise we would have no way of contacting you. The same applies accordingly if you contact us via any other contact option provided within this privacy policy or as listed in the legal notice on our website.

(b) Legal Basis and Purpose:

The purpose of this data processing is to communicate with users of the website and maintain the required communication with interested parties or customers. If your inquiry relates to an existing contractual relationship with you or you are interested in entering into a contract, data processing is carried out for contract execution or for taking pre-contractual steps at your request (Art. 6(1)(b) GDPR). Other inquiries without a contractual reference are answered based on our legitimate interest (Art. 6(1)(f) GDPR) in an effective contact system as a prerequisite for providing any services (for the “right to object” see section 4).

(c) Retention Period:

We delete your inquiry and your contact details as soon as your inquiry has been fully answered and the data are no longer needed in the context of contractual execution. However, your data may have to be further processed for other purposes. Longer retention periods may apply due to statutory retention obligations (see section 6.8), or if legal claims are pending.

6.3 Orders in the Online Shop; Customer Account

(a) Nature and Scope of Data Processing:

If you choose to purchase products in our online shop, you must provide certain information during the ordering process in order for us to process the purchase contract concluded with you. You have the option of setting up a customer account, though you may also place an order as a guest without creating an account. Required fields are each marked with an “*”; you may also voluntarily provide certain information. For the delivery of contract-related email communications to customers, we use email marketing software “Optimizely Campaign,” which is provided to us by Optimizely GmbH (see section 5) as a data processor. The data you provide for sending you information and for targeted communication are processed on Optimizely servers as part of Optimizely Campaign to deliver the respective emails. The title option you select (“Mr/Ms/diverse or no indication”) is used only for addressing you in communications. Otherwise, it is used exclusively in anonymized form, e.g., for statistical evaluation of usage and purchasing behavior.

(b) Legal Basis and Purpose:

The processing of your data in the course of and to fulfill the order process serves the purpose of us conducting our business activities and providing our online shop offer. It is required for the performance of the purchase contract concluded with you (Art. 6(1)(b) GDPR). Additional data processing in connection with the creation of a customer account is based on our legitimate interest (Art. 6(1)(f) GDPR) in providing you a service expected of a modern online shop and to facilitate ordering processes for you, and is carried out for this purpose (for the “right to object” see section 4). Optimizely GmbH may disclose the data provided to it for service provision to recipients within its corporate group, in particular to Optimizely North America Inc., 119 Fifth Avenue, 7th Floor, New York, NY 10003, USA. Any transfer to third countries is based, as a rule, on the EU Commission adequacy decision under Art. 45 GDPR with regard to the EU-U.S. Data Privacy Framework; the relevant certification for Optimizely North America Inc. can be viewed here https://www.dataprivacyframework.gov/list. In addition, binding internal data protection rules in accordance with Art. 47 GDPR apply.

(c) Retention Period:

Due to legal commercial and tax requirements, we are obliged to retain your address, payment, and order data for a period of ten (10) years. Customer accounts remain in existence unless deletion is requested, which can be initiated independently via the relevant settings at any time. Longer retention periods for certain data may arise if legal claims are pending.

6.4 Product Reviews

(a) Nature and scope of data processing:

On our website, we offer you the opportunity to review individual products. Your corresponding comment will be published together with the username you indicate on the respective product page. We recommend using a pseudonym instead of your real name. Required fields are marked with an “*”; you may voluntarily provide additional information if you wish. When you leave a comment, we only store the data you enter into the fields. If you are logged in when submitting your review, your email address will also be stored in order to establish a link with an existing customer. We review comments to detect illegal content before publication.

(b) Legal basis and purpose:

The processing of your data serves the purpose of enabling customers and interested parties to form a better opinion of our products by allowing purchasers to communicate and publish their personal experiences. We process your data on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in creating the necessary requirements for a functioning review system in our online shop (see the “right to object” in section 4).

(c) Retention period:

Your data is stored by us and remains published in our online shop as long as the respective product page is available. If a given review is no longer necessary (e.g., because a product is removed from the shop) or must be deleted for other reasons (e.g., following a complaint), your data will be deleted immediately. You may request the deletion of a review you have posted at any time.

6.4 Product Reviews

(a) Nature and scope of data processing:

On our website, we offer you the opportunity to review individual products. Your corresponding comment will be published together with the username you indicate on the respective product page. We recommend using a pseudonym instead of your real name. Required fields are marked with an “*”; you may voluntarily provide additional information if you wish. When you leave a comment, we only store the data you enter into the fields. If you are logged in when submitting your review, your email address will also be stored in order to establish a link with an existing customer. We review comments to detect illegal content before publication.

(b) Legal basis and purpose:

The processing of your data serves the purpose of enabling customers and interested parties to form a better opinion of our products by allowing purchasers to communicate and publish their personal experiences. We process your data on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in creating the necessary requirements for a functioning review system in our online shop (see the “right to object” in section 4).

(c) Retention period:

Your data is stored by us and remains published in our online shop as long as the respective product page is available. If a given review is no longer necessary (e.g., because a product is removed from the shop) or must be deleted for other reasons (e.g., following a complaint), your data will be deleted immediately. You may request the deletion of a review you have posted at any time.

6.5 Job Applications

(a) Nature and scope of data processing:

Through our website, we provide you with the option to apply for vacant positions within our corporate group. Open positions are advertised, and you are informed of the further steps involved. The identification data and application documents submitted to us in this context are subsequently used to create an individual applicant profile, evaluated by the departments responsible for personnel management, and, if applicable, used to arrange a job interview. Depending on the position you apply for, it may be necessary to forward your application documents to affiliated companies, in which case you will be informed accordingly.

(b) Legal basis and purpose:

We process your data for the purpose of conducting application procedures in order to adequately fill vacant positions. The relevant data processing is based on Art. 6(1)(b) GDPR (taking steps prior to entering into a contract at your request).

(c) Retention period:

Your data is stored until the application process is finally completed and then deleted within six (6) months. This retention period is required so that we can safeguard against potential legal claims, for example under equal treatment legislation. Should you be hired, your data will be further processed for other purposes, about which you will be informed separately.

6.6 Credit Check

(a) Nature and scope of data processing:

When purchasing products in our online shop, you can choose from a range of payment options (see section 9). If you select the “purchase on account” method, offered by the payment service provider Riverty GmbH, Gütersloher Str. 123, DE-33415 Verl (“Riverty GmbH”), a credit check will be carried out by the provider prior to completion. The credit check, which may also involve other factors, allows a risk assessment on the part of the company and a decision as to whether this payment method can be offered to you. However, the credit check is not required in order to conclude a contract with us—you still have access to other payment methods. The credit check is performed by Riverty GmbH, which acts as an independent controller in this context.

For the credit check, the following credit-relevant data may be transmitted to Riverty GmbH, if you have previously provided it in the course of using our online shop: (i) general personal details, (ii) information on the products you have selected, (iii) general contact information. To perform the credit check, Riverty GmbH may further share this data with service providers (such as credit agencies) that practically carry out the check. Your data is combined with other credit-relevant datasets already available to these providers or gathered from public sources. The result is then used, alongside other factors, to decide whether the desired payment option can be offered.

Further processing of your data by Riverty GmbH or its service providers may occur for their own legitimate business purposes. Further information on data processing by Riverty GmbH or its service providers can be found at:

·      https://de.flow.riverty.com/en-en/data_protection as well as

·      https://documents.myafterpay.com/consumer-terms-conditions/de_de/28149/

Data protection inquiries to Riverty GmbH can be addressed to: datenschutz@riverty.de.

(b) Legal basis and purpose:

We base the collection of your data and its transfer to Riverty GmbH on our legitimate interest (Art. 6(1)(f) GDPR) in being able to offer our customers the broadest possible selection of different payment options (which may also, from a business perspective, involve advance performance and the associated risks). (See the “right to object” in section 4.)

(c) Retention period:

We only transfer to Riverty GmbH the above-mentioned general data that are already processed as per section 6.3. Riverty GmbH only informs us whether a purchase on account can be offered for the specific order. We do not perform any further processing activities in this regard.

6.7 Newsletter

(a) Nature and scope of data processing:

On our website, you can sign up for our newsletter. Only your email address is required for registration. We use the so-called double opt-in process, meaning that after registration, we send you an email at the specified address asking you to confirm your subscription to the newsletter. This process serves to provide proof of your subscription and, if required, to clarify any possible misuse of your data. In this context, we also store your IP address and the time of registration and confirmation.

The newsletter informs you about news regarding our company; it is only sent to addresses provided on a voluntary basis by interested parties. If you no longer wish to receive the newsletter, you can unsubscribe (withdraw your consent) at any time by sending a message to the contact address provided in section 2 or by clicking the unsubscribe link at the end of every newsletter.

For the delivery of the newsletter, we use the “Optimizely Campaign” email marketing software, which is provided to us by Optimizely GmbH (see section 5) as a processor. The data you voluntarily provide is processed by Optimizely Campaign on Optimizely servers in order to send you the requested newsletter. Optimizely Campaign also enables us to evaluate the success and reach of the newsletter. For example, we can see whether a newsletter message was opened and which links were clicked, allowing us to determine which links were most often activated. We can also see whether certain predefined actions were performed after opening/clicking (conversion rate). For this purpose, a tracking pixel is included in the newsletter (see section 7.3).

(b) Legal basis and purpose:

The above data are processed for direct marketing purposes in the form of a newsletter and are necessary to be able to distribute the newsletter. A newsletter or any other electronic advertising will not be sent without your prior consent (Art. 6(1)(a) GDPR), which we collect directly via our website. Any performance evaluation of the newsletter is based on our legitimate interest in creating an easy-to-use and cost-effective newsletter statistics tool for marketing purposes (Art. 6(1)(f) GDPR; see the “right to object” in section 4).

Optimizely GmbH may disclose the data provided to group companies, in particular Optimizely North America Inc, 119 Fifth Avenue, 7th Floor, New York, NY 10003, USA. Any transfer to a third country is generally based on the EU Commission’s adequacy decision under Art. 45 GDPR regarding the EU-U.S. Data Privacy Framework; the relevant certification for Optimizely North America Inc. can be viewed here. In addition, binding internal data protection rules within the meaning of Art. 47 GDPR apply.

(c) Retention period:

Data collected for sending the newsletter will—insofar as there are no statutory retention periods preventing deletion and the data are not lawfully used for other purposes—be deleted within one (1) month after unsubscribing. If registration (via the double opt-in process) is not confirmed within twenty-four (24) hours, your information will be blocked and automatically deleted after one (1) month.

6.8 Statutory Retention and Documentation Obligations

(a) Nature and scope of data processing:

Even after the end of the business relationship, we may not be able to immediately delete certain data you have provided, due to legal requirements. This applies to certain types of data in varying degrees and may differ in individual cases. Affected, for example, are accounting data required for bookkeeping, which must be retained under fiscal and corporate law retention and documentation periods.

(b) Legal basis and purpose:

We process your data in this context in accordance with our legal retention obligation (Art. 6(1)(c) GDPR). The processing of your data on this basis serves the purpose of meeting our own statutory obligations.

(c) Retention period:

By virtue of commercial and tax law requirements, we are obliged to retain your address, payment, and order data for ten (10) years. Should the data be relevant to pending (tax) proceedings, it may be kept for a longer period. Divergent retention periods may apply to certain data due to other statutory requirements.

6.9 Web Analysis and Tracking

(a) Nature and scope of data processing:

We use the analytics service “Matomo” on our website, which we host locally on our own servers (the server infrastructure of Hetzner Online GmbH is used as a processor for this purpose [see section 5]). Using Matomo, we are able to collect statistics about user interaction with our website. For example, we can determine

¬ how many users accessed our website on a given day;

¬ which (sub)pages of our website are particularly popular;

¬ from which devices and locations our website is accessed;

¬ how long a user stays on a (sub)page of our website; and

¬ whether the user has previously visited our website.

In this context, your traffic data is collected and evaluated (see section 6.1). Your IP address is recorded only in truncated form. If you provide us with your corresponding consent, cookies will also be used in the course of Matomo deployment to improve the generated analytical results (see the definition in section 7). In addition, we may use analysis and tracking solutions from third parties (see section 8.4).

(b) Legal basis and purpose:

The general use of Matomo is based on our legitimate interest (Art. 6(1)(f) GDPR) in obtaining insight into user behavior on our website, which is essential to our business and enables us to improve our services (see the “right to object” in section 4). Any use of cookies in connection with Matomo is based on your prior consent (Art. 6(1)(a) GDPR; see the “right to withdraw” in section 4). The purpose is to evaluate access to and use of our website in order to obtain valuable statistical information for measuring success and improving our offerings.

(c) Retention period:

We store the generated data using Matomo for as long as necessary for the purpose of processing.

6.10 Integration of Functional Third-Party Providers

(a) Nature and scope of data processing:

Within the framework of the website, the integration of third-party software may initiate additional processing operations, each fulfilling certain functions. The individual integrations and their purposes are summarized in section 8.2; additional information can be found in the detailed descriptions in section 8.3.

(b) Legal basis and purpose:

We use the collected data within the scope of each respective service’s functionalities for the specified purposes—to expand, enhance, and/or increase the efficiency of our offering. The legal basis for each service is identified in the respective section describing that service.

(c) Retention period:

We store the generated data according to the specifications and possibilities of each service, for as long as the data is needed to fulfill the respective processing purpose.

6.11 Product Recommendations by E-mail

After making a purchase in our online shop, we may inform you by e-mail about current offers regarding similar items from our range in accordance with legal requirements (Art. 6(1)(f) GDPR and § 7(3) UWG). For this purpose, we use the e-mail address you provided during registration as a customer or during the ordering process, provided that we advised you of this use when collecting your e-mail address and unless and until you object to this use. You may object to our email marketing at any time, for example:

-at the end of the e-mail,

-by e-mail to info@labiosthetique.de

-No costs other than transmission fees according to the base rates will be incurred. You will be expressly informed of this mailing and the possibility to object when your e-mail address is collected.

7. Storage and Tracking Technologies

We use the following technologies on our website for a variety of purposes. Where the storage of information on your device or access to such stored information takes place, this constitutes “storage technologies,” which are subject to special data protection rules. Where their usage is not technically required to maintain the operation of our website, we obtain your prior consent. In addition, we use other technologies for similar purposes and may further process data collected in this way using storage technologies. Storage technologies are also used in the third-party services described in section 8.

7.1 Cookies

We use so-called "cookies" on our website, provided that you have given us your consent (Art. 6(1)(a) GDPR). You may withdraw your previously given consent to the use of cookies at any time (see the “right to withdrawal” in section 4); if you refuse such consent, we restrict the setting of cookies to technically necessary cookies required to maintain the functionality of our website (lawfully used under our legitimate interest where any processing of personal data is involved—Art. 6(1)(f) GDPR; see “right to object” in section 4).

Cookies are small data files, generally managed and stored by your browser on your device. They are initially placed by a web server and sent back to it upon subsequent connections to recognize the user and their settings. Your device is assigned a specific identity consisting of numbers and letters.

Cookies can fulfill diverse purposes, helping to maintain a website’s functionalities and user experience at the state-of-the-art level. The actual content of a given cookie is always determined by the website that created it.

Each cookie always contains the following information:

• Name of the cookie,
• Name of the server from which the cookie originates,
• Cookie ID number,
• an expiration date after which the cookie is automatically deleted.

Types and purposes of cookies:

• Technically necessary cookies: Essential for making the website usable by enabling basic functions like site navigation and access to secure areas. These are always first-party cookies and can only be deactivated in browser settings by blocking all cookies (see below). They can be used legally without consent.
• Preference cookies: Enable a website to remember choices that change how the site behaves or looks, like your preferred language or region.
• Statistics cookies: Help website owners understand how visitors interact with websites by collecting and analyzing information anonymously. For example, they may store visited subpages (duration, frequency), order of visited pages, search terms, mouse movements, region/country of access. They allow for tailoring content and functionality to users’ individual needs.
• Tracking cookies: Used to track visitors across websites with the intention of displaying ads that are relevant and engaging for the user, enabling advertising personalization based on usage patterns.
• Media cookies: Originating from video services, social media platforms, or similar, these are needed to display embedded content and can be used by third parties for analysis and tracking.

Regarding retention:

• Session cookies are deleted as soon as you end your browsing session.
• Persistent cookies (e.g., for language preferences) remain until a specified expiry date or until deleted manually.

By origin:

• First-party cookies are set directly by our website and are accessible only to our domain.
• Third-party cookies are set by others, frequently for advertising (e.g., tracking browsing behavior across sites).

Most browsers accept cookies automatically. You can, however, set your browser to refuse all or specific types of cookies (e.g., only block third-party cookies). Changing these settings may impact website usability. In your browser settings, you can also manually delete cookies at any time (this is equivalent to withdrawing consent).

7.2 Local Storage; Session Storage

Provided you give us your consent (Art. 6(1)(a) GDPR), we use your browser's storage capacity, for example, to improve usability and the general offering (e.g., to save your language preference). To this end, we use “local storage” or “session storage” to store certain data on your device, managed by your browser separately by domain. Only you and we can access this data; third parties cannot, unless acting as a processor on our behalf for specific purposes.

This method is faster and more secure than cookies because data isn’t automatically transmitted to the server with every HTTP request and provides up to 5 MB storage compared to 4096 bytes for a single cookie.

The comments under section 7.1 apply analogously. Please note that local storage does not have an expiration date (it is similar to persistent cookies). Information in session storage only remains until the session ends (similar to session cookies).

You can manually delete storage data in your browser settings, typically under “Cookies and other site data.” Blocking cookies may also block access to local/session storage, potentially restricting website functionality. If JavaScript is disabled, local/session storage also cannot be used, which may significantly restrict usage.

7.3 Tracking Pixels

Apart from cookies, user data can also be collected with so-called tracking pixels (also referred to as web beacons or pixel tags). These are transparent images consisting only of a single pixel, virtually invisible, placed on a server and loaded when the intended subpage of our website is accessed.

Tracking pixels enable us to follow the fact that a website was called up and subsequent user activities for targeted marketing. Typically, the following information can be collected: (i) operating system; (ii) browser used; (iii) time of website access; (iv) user behavior on the website; (v) IP address and approximate location.

On our website, tracking pixels are used based on our legitimate interest (Art. 6(1)(f) GDPR) in performing technical analysis of accesses (see the “right to object” in section 4). As a pixel is simply an image loaded from a server, its lifespan does not extend beyond a single session. However, information generated by tracking pixels may then be stored in cookies (see section 7.1).

8. Third-Party Services

8.1 General Information

Purposes of processing:

We use several services on our website that are provided by third parties to optimize our website for its intended purposes, provide features necessary or beneficial for the provision of services or for the economically reasonable operation of the site, as well as to offer users features typically expected in the context of our business, detailed below.

Roles in processing:

Unless otherwise specified, the respective service providers act as our processors and thus provide their services on our behalf under an appropriate agreement. However, service providers may also process received data for their own purposes, particularly to optimize their own offerings. Regardless of their role in the processing context, they are at least considered as recipients of certain data because the provision of the given service on our website necessitates processing by the respective provider.

Necessary data processing:

At a purely technical level, specific traffic data will always be transmitted when visiting any website (see also section 6.1). Such transmission may also occur to providers of embedded third-party services when a direct connection to their servers is or becomes necessary. Any such transfer of traffic data to third-party providers to the extent technically required is based on our legitimate interest (Art. 6(1)(f) GDPR) in

integrating these services with reasonable technical effort (see “Right to Object” in section 4). Any further use of traffic data is made—according to the respective information—on a separate legal basis.

8.2 Overview and Short Descriptions

Below is a summarized overview of the services used and essential legal points. By clicking on a service name you (where available) access the linked provider's privacy policy in German. Please note that by accessing such a third-party website, your data will again be subject to processing within the third party’s sphere of influence (see section 3).

8.3 General Website Operations

8.3.1 WebThinker Cookie-Box

To obtain data protection–compliant consent for the use of storage technologies and third-party services on our website, we use the consent tool from WebThinker GmbH, Holderäckerstraße 31, 70499 Stuttgart, Germany ("WebThinker"). For more information about this company, see their privacy policy.

The tool records and stores each user's decision regarding the use of storage technologies, ensuring that technically unnecessary cookies and other storage technologies (see section 7) are only enabled after explicit consent has been given (see the “Right of Withdrawal” in section 4). The tool stores whether the user has confirmed the use of cookies. For this, a cookie is set or browser local/session storage is used. When the service is called, the user’s traffic data (see section 6.1) is transmitted to WebThinker’s servers, but is not stored or linked with other data. The use of this tool is based on our legitimate interest in the data protection-compliant design of our website (Art. 6(1)(f) GDPR; see "Right to Object" in section 4).

8.3.2 Google reCAPTCHA

To detect bots and prevent spam, we use Google reCAPTCHA by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland (“Google Ireland”). reCAPTCHA checks whether data entry on our website is performed by a human or by automated programs. reCAPTCHA analyzes website visitor behavior using various features and may set cookies (see section 7.1). This processing is to ensure the technical security and integrity of our website and is based on our legitimate interest (Art. 6(1)(f) GDPR, see "Right to Object" in section 4). Data processed includes traffic data (section 6.1), operating system, cookies, mouse/keyboard interactions, and page dwell time. Data may be processed in Google’s European or US data centers under the EU-U.S. Data Privacy Framework; for more see Google’s privacy policy.

In the context of using Google reCAPTCHA, in particular, the following data are transmitted to Google Ireland for analysis purposes:

• your traffic data (see Section 6.1);

• the operating system accessing the service;

• any relevant cookie information;

• mouse movements/keystrokes;

• the length of time spent on the website.

Apart from an input in a checkbox, the reCAPTCHA analyses are generally carried out in the background. In addition to providing us with the necessary information, Google Ireland uses the data collected through the use of the service to improve reCAPTCHA as well as for general security purposes. The data are not used for the personalization of advertising. The IP address transmitted by your browser is generally not merged with other data from Google Ireland. Google Ireland seeks to process data of users from the EEA in European data centers wherever possible; however, data may be transferred to affiliated companies of Google Ireland in third countries, in particular to its parent company, Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. Any such transfer to a third country is generally based on the adequacy decision of the EU Commission pursuant to Art. 45 GDPR concerning the “EU-U.S. Data Privacy Framework”; you can view the corresponding certification of Google LLC here: https://www.dataprivacyframework.gov/list. An overview of all Google data center locations is available here: https://www.google.com/about/datacenters/inside/locations/?hl=de. For further information on data usage by Google Ireland and its affiliated companies, please refer to the Google Privacy Policy at https://policies.google.com/privacy?hl=de.

8.3.3 Google Tag Manager / Google Consent Mode

We use Google Tag Manager (GTM) from Google Ireland, which lets us manage website tags via an interface without editing the source code. GTM only forwards data and does not collect or store it, nor does it set cookies. It’s solely for managing other services and is used based on our legitimate interest (Art. 6(1)(f) GDPR). We also use Google Consent Mode (GCM), which ensures that Google services requiring consent only run and set cookies after your consent. GTM and GCM may involve transmission of data (e.g., IP addresses) to companies affiliated with Google Ireland; see section 8.3.2 accordingly.

8.3.4 Styla CMS Extension

We use the Styla CMS extension (Styla GmbH, Wetzlarer Str. 54, 14482 Potsdam, Germany) for managing, displaying and organizing content in our online shop. Technical data about your device (IP address, OS, browser) and general access data (date, time) are collected in the context of functions necessary for the operation of our online shop. This processing is based on our legitimate interest (Art. 6(1)(f) GDPR). Data may be transferred to Styla affiliates or providers as necessary.

8.4 Web Analysis, Tracking and Media Content

8.4.1 Google Analytics

 We use Google Analytics (Google Ireland) for statistical analysis and marketing purposes, allowing us to understand site usage (e.g., which subpages are visited, which links are clicked). Tracking is implemented via JavaScript libraries. Google Analytics may use cookies/storage technologies, with your prior consent (Art. 6(1)(a) GDPR; see "Right of Withdrawal" in section 4). Your IP address and other traffic data (see 6.1) are transferred to and stored on Google servers.

We also use advanced features (Enhanced E-Commerce Tracking and Google Signals), which allow us to collect additional data on your interactions with our products (e.g., clicks, add/remove from cart, checkout abandonment, transaction data). "Enhanced Conversions" sends hashed conversion data to Google to verify matches with Google accounts. With "Google Signals" (if you are logged in to your Google account and have ad personalization enabled), additional demographic and interest-based data is collected to create anonymized reports and for targeting in Google Ads (see 8.4.2). This also enables cross-device tracking. Google Analytics data is automatically deleted after up to 14 months as set. For further data processing and cross-border transfers (e.g., to the US), see section 8.3.2.

8.4.2 Google Ads

In order to promote our offering as effectively as possible, we use "Google Ads," a service provided by Google Ireland (see section 8.3.2), provided that you have given your consent pursuant to Art. 6(1)(a) GDPR (for information on your "right of withdrawal," see section 4). Google Ads enables us to leverage the vast reach of Google Ireland to promote our offering and to draw the attention of potentially interested users to it.

This consists in particular of the following services:

(i) Conversion Tracking:

The tracking tool "Google Ads Conversion Tracking" or "Conversion Tracking" from Google Ireland enables us to obtain feedback on our advertising activities through Google. Conversion Tracking allows us to generate information about how our advertising offering is received by recording so-called "conversions." A conversion refers to the process in which a website user who is interested in our offering becomes someone who actively interacts with it. This is the case in particular when you click on one of our advertisements and are subsequently redirected to our website. The evaluation of conversions enables us to gather valuable information about how our offering is received and to better tailor it to your needs.

Conversion Tracking collects your data via a tag integrated on our website. If a conversion occurs (for example, when you click on our advertisements), Conversion Tracking uses cookies or similar technologies (see section 7) to subsequently store data about your user behavior. For example, your click and interaction behavior with regard to our offerings is recorded. Additional data collected via Conversion Tracking includes traffic data (see section 6.1). These records may, where applicable, be further refined by Google Analytics (see section 8.4.1).

For further data processing by Google Ireland as well as any potential transfers to companies affiliated with Google Ireland in third countries, our explanations in section 8.3.2 apply accordingly

(ii) Remarketing:

We also use the service Google Ads Remarketing ("Google Remarketing") provided by Google Ireland (see section 8.3.2). Remarketing refers to the retargeting of former users of our website with offers that may be of interest to you. For example, if you show interest in certain brands when visiting our website, Google Remarketing enables us, via Google Ads, to present you with further adverts that may be of interest to you even after you have left our website. This works through advertising campaigns—potentially also across devices in conjunction with the "Google Signals" function (see section 8.4.1)—which are based on so-called remarketing lists. These lists can in turn include various predefined, behavior-based target groups. If a user’s behavior matches one of these target groups, the cookie set for that user is supplemented with an ID for the relevant target group. Should the user subsequently browse a website that offers advertising space within the Google advertising network, we can display our offers to you once again.

As part of this process, traffic data (see section 6.1), as well as data on your interaction behavior with our website (for example, if you click on one of our offers or add it to your shopping cart), are collected. Google Remarketing uses cookies or similar technologies for this purpose (see section 7), which enable recognition when you visit other participant sites in the Google advertising network.

For further data processing by Google Ireland and for any data transfers to companies affiliated with Google Ireland in third countries, our statements in section 8.3.2 apply accordingly.

You can prevent the use of your data for personalized advertising by Google by adapting the relevant settings on the opt-out page of the Google Marketing Platform (https://adssettings.google.com/authenticated?hl=de#display_optout) or the opt-out page of the Network Advertising Initiative (https://thenai.org/opt-out/), or via the corresponding device settings (see section 7.1).

8.4.3 Google Maps

On our website, we use “Google Maps,” a service of Google Ireland Limited (see section 8.3.2). This allows us to integrate interactive maps directly and offer you the convenient use of the map function, for example to locate our premises. Google Maps is used via a JavaScript API loaded through a script tag. Google Ireland may accordingly receive information that you have accessed the corresponding subpage. Furthermore, traffic data (see section 6.1) is transmitted to Google Ireland and your interactions with Google Maps on our website are recorded. If you are logged into your Google Account, Google Ireland can associate the access accordingly (so please log out before you grant consent, if you wish). Google Ireland may use this data to optimize its own services, in particular Google Maps, and to personalize advertising. You may also prevent the storage of web and app activity in your Google Account by following the appropriate opt-out steps provided.

The use of Google Maps is based on your prior consent (Art. 6(1)(a) GDPR; see “Right to Withdraw” in section 4). The purpose of data processing is to provide users with the convenient map function to determine our locations. Google Ireland acts regarding your transferred data as an independent controller. Further processing by Google Ireland, including potential data transfers to other group companies (especially to the USA), is subject to the explanations provided in section 8.3.2.

8.4.4 Microsoft Advertising (Microsoft Bing)

To effectively and efficiently promote our offering, we use the advertising network of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft Ireland”). This enables us to utilize the extensive reach of Microsoft Ireland to advertise our offerings and reach interested users, such as by placing ads on Bing and Yahoo! search engines as well as within the Microsoft Audience Network.

We use the “Microsoft Advertising” service to increase the efficiency and relevance of our campaigns, by targeting people more likely to be interested, e.g., retargeting ads within the Microsoft network to users who have already shown interest.

Universal Event Tracking allows us to record predefined events (e.g., when a user clicks on our ads and visits our website), thereby analyzing certain aspects of your usage behavior. Additionally, traffic data (see section 6.1) is collected and cookies or similar storage technologies (see section 7) are used.

Microsoft Advertising enables us to run campaigns based on so-called remarketing lists, which contain behavior-based target groups; if your behavior matches such a group, a unique ID is assigned to your device by cookies or other technologies, enabling us to show you our ads again on participating sites. Microsoft Advertising also enables us to produce performance reports on the success of our campaigns.

The use of Microsoft Advertising is based on your prior consent (Art. 6(1)(a) GDPR; see “Right to Withdraw” in section 4).

The purpose of the data processing is to increase the efficiency and relevance of our advertising activities and to better tailor our range of services to the needs of our users. The data collected from you in this context are generally stored only for short periods and deleted as soon as they are no longer necessary to achieve the above-mentioned purposes. You can unsubscribe from behavioral targeting at any time at . If applicable, your data may be transferred to companies affiliated with Microsoft Ireland in third countries, in particular to the parent company based in the USA, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Any such data transfer to a third country is generally based on the adequacy decision of the European Commission pursuant to Art. 45 GDPR regarding the "EU-U.S. Data Privacy Framework"; you can access the relevant certification of Microsoft Corporation here: For further information regarding the use of data by Microsoft Ireland and its affiliated companies, as well as regarding setting and objection options, please refer to the Microsoft Privacy Statement for online advertising at https://privacy.microsoft.com/de-de/privacystatement. Further information about Microsoft Advertising can be found at https://help.ads.microsoft.co.m/#apex/3/de/53056/2.

8.4.5 Integration of Dropbox Videos

We integrate videos via the platform https://www.dropbox.com/ of Dropbox International Unlimited Company, One Park Place, Floor 5, Upper Hatch Street, Dublin 2, Ireland (“Dropbox International”). Integration is by inline frames, where Dropbox provides access via a readable link using a JavaScript library that enables interaction with the frame’s content.

Since Dropbox uses cookies or similar storage technologies (see section 7) during integration, we require your prior consent according to Art. 6(1)(a) GDPR. Only after you grant that consent are the videos loaded and Dropbox enabled to process the data arising from access, including technical data about your device (IP address, OS, browser info) and access information (date, time).

For more information on data processing by Dropbox International see here https://www.dropbox.com/privacy and here https://help.dropbox.com/de-de/accounts-billing/security/privacy-policy-faq, including usage of storage technologies https://help.dropbox.com/de-de/accounts-billing/security/cookies (if links do not work, copy into your browser).

Where applicable, your data may be transferred to companies affiliated with Dropbox Ireland, in particular to the parent company based in the USA, Dropbox Inc., 333 Brannan Street, San Francisco, California 94107, USA. Any such transfer to a third country is generally based on the adequacy decision of the European Commission pursuant to Art. 45 GDPR with regard to the 'EU-U.S. Data Privacy Framework'; you can view Dropbox Inc.'s current certification here: https://www.dataprivacyframework.gov/list.

8.4.6 Integration of YouTube Videos

We embed videos on our website via the platform of Google Ireland Limited (see section 8.3.2), using inline frames. Since Google uses storage technologies (see section 7) to collect and analyze data, your prior consent is required (Art. 6(1)(a) GDPR; see “Right to Withdraw” in section 4). Only after consent will the videos be loaded and Google Ireland able to process data on the retrieval. Google uses this to produce accurate video statistics, prevent fraud, and improve usability. Data is sent to and stored on a Google server, usually with the IP address truncated, but if you are signed in to your Google account while watching, a direct association is possible. Please log out before granting consent or accessing such content. We receive only aggregate, anonymized statistics from Google Ireland. Since videos are embedded, but data transfer occurs directly through Google, YouTube/Google’s terms and privacy notice apply; see here https://policies.google.com/privacy?hl=de&gl=de. Other data processing and transfers to group companies follow section 8.3.2.

8.4.7 Meta Pixel

We use Meta Pixel, provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta Ireland”), to create so-called “Custom Audiences.” This enables us to optimize our advertising on the Meta network and measure the effectiveness of our campaigns by delivering relevant content and tracking conversions (e.g., registration or purchase).

Meta Ireland can identify users as ad audience targets based on their profile and other site behavior. Interest-based ads (retargeting) can be displayed based on data collected via the pixel. After your consent, a direct connection is made to Meta’s servers and Meta is informed of your visit and viewed pages, along with relevant parameters for optimizing, increasing relevance, and measuring advertising success (mainly “conversion events”).

Processing is based on your consent (Art. 6(1)(a) GDPR). We have no control over the scope or further use of data collected by Meta via the Pixel. If you are registered on Meta (e.g., Facebook or Instagram), your visit may be associated with your account; otherwise, Meta can still collect and store your IP address. Data may be transferred to other Meta group companies, especially Meta Platforms Inc., 1601 S. California Avenue, Palo Alto, CA 94304,USA.

You may opt out of this processing here https://www.facebook.com/adpreferences/?entry_product=ad_preferences_delegation. For further information, see Meta’s Privacy Policy https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0. International transfers are based on the EU-US Data Privacy Framework; the certification can be viewed here https://www.dataprivacyframework.gov/list.

9. Payments

If you choose to purchase products in our online shop, you—or we on your behalf—may need to assign one of the payment service providers listed below to process the transaction. In this process, certain (payment) data is transmitted, whose storage and processing are largely outside of our control. Such transfers are carried out exclusively for the purpose of fulfilling the contract entered into with us (Art. 6(1)(b) GDPR); for the payment method described under section 9.4, the transfer additionally serves to determine whether this method can be offered to the respective customer (Art. 6(1), see also section 6.6). In some cases, selected payment service providers may collect this information themselves, especially if you (must) set up an account with them. In such cases, the data protection policy of the respective provider applies.

These payment service providers act as independent data controllers under the GDPR and thus do not process your data on our behalf. For the initiation of payments made to us, as well as for additional related services (particularly fraud prevention), we generally use the payment platform "Computop Paygate," which is provided to us by Computop Paygate GmbH, Schwarzenbergstraße 4, DE-96050 Bamberg, acting as our processor. The purpose of this platform is to enable our connection to various payment service providers and to technically coordinate data flows between you, us, and all relevant parties regarding selected payment types or services.

The following data necessary for payment processing may be processed:

• Web server log data, including IP addresses and timestamps;
• Amount;
• Currency;
• Payment method and data required for it (which varies by method);
• Information in connection with any additional services (notably fraud prevention) and data required for those services;
• Information on the success or failure of a transaction;
• Other technical parameters necessary for executing the payment or related services.

Processing of data beyond that required for contract processing, especially for fraud prevention, is based on our legitimate interest (Art. 6(1)(f) GDPR) in preventing payment defaults.

9.1 Payments via PayPal

If you select the "PayPal" payment option, you will be redirected to the website of the online payment provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg. Here, you can enter your payment details directly and confirm the transaction. Please note that you need a PayPal account to use this service, and we have no influence on the collection, use, and processing of your (payment) data by PayPal. Please also refer to the privacy policy of PayPal (Europe) S.à r.l. et Cie.

PayPal (Europe) S.à r.l. et Cie has implemented binding internal data protection rules in accordance with Art. 46(2)(b) GDPR as adequate safeguards in the case of potential transfers of data to affiliated entities in third countries.

9.2 Payments via Credit Card

If you select "Credit Card" as your payment option, you will be asked to provide your credit card details to us, or your card details will be forwarded directly to your credit card company via secured input forms. The data will be checked and you will be authenticated as the legitimate cardholder. Your credit card company will then be instructed to initiate the payment transaction, which is performed automatically and your card is charged.

Please review your credit card provider’s privacy policy. For transaction processing related to credit card payments, we use the services of PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, who acts as an independent data controller with respect to your data. Detailed information under Art. 14 GDPR regarding the processing of your data by PAYONE GmbH for credit card payments can be found https://media.payone.com/f/64176/x/47dc6c3c10/payone_information-zu-datenverarbeitung-gemass-art-14-dsgvo_2022-01.pdf.

9.3 “Purchase on Account” (Invoice Payments)

We also offer the payment method "Purchase on Account" via the payment service provider Riverty GmbH, Gütersloher Str. 123, DE-33415 Verl. Riverty GmbH will carry out a credit check for this purpose (see section 6.6). Please also refer to the privacy policy of Riverty GmbH https://documents.myafterpay.com/privacy-statement/de_de/.

10. Social Media and Platform Presences

In order to promote our business activities and advertise our offers, we maintain presences on social networks. The processing of your data in this context is based on our legitimate interests in accordance with Art. 6(1)(f) GDPR, which consist in increasing our reach, providing users of social networks with additional information, and offering communication channels (see “Right to Object” in section 4). To achieve these objectives, reach measurement (e.g., access statistics, detection of recurring users, etc.) may be operated as part of the respective provider’s services.

When accessing one of the online presences described below, we process the general information visible from your profile with the relevant provider, and, if you interact with our presence or its content, any account, contact or content data you provide in that context. We do not separately store this data outside the respective social network.

Since, in connection with our online presences, we jointly determine purposes and means of data processing with the respective provider (or the other entity indicated as responsible), joint controllership within the meaning of Art. 26 GDPR applies. The provider of each social network serves as your central contact for all general and technical questions relating to our online presence, including the exercise of data subject rights under section 4. For issues related specifically to the operation of our online presence, your interactions therewith, or information published/collected via it, we are your primary contact. Section 4 and other parts of this privacy policy apply accordingly.

Some of the operators presented below are headquartered or host their servers outside the EU/EEA, or use processors for their services to which this also applies. Please note we have no influence over whether or to what extent transfers to such third countries occur in the context of using each network/platform. For details regarding data transfers, please refer to the privacy information supplied by each operator (links provided under each section below). Most operators justify such transfers with an “EU-US Data Privacy Framework” certification according to the European Commission’s corresponding adequacy decision under Art. 45 GDPR or with Standard Contractual Clauses per Art. 46(2)(c) GDPR.

10.1 Facebook

From a data protection point of view, the social network "Facebook" is operated in the EEA by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta Ireland”).

With respect to the operation of our Facebook fan page "LA BIOSTHETIQUE PARIS .de .ch .at" (https://de-de.facebook.com/LABIOSTHETIQUEPARIS.de), we are, together with Meta Ireland, jointly responsible for the processing of your personal data within the meaning of Art. 26 GDPR.

Please note that we have no influence on the programming and design of the social network, but can only personalize and manage our Facebook fan page using the options provided by Facebook. Please review the terms of use required by Facebook (https://www.facebook.com/terms), the separately provided privacy information (https://www.facebook.com/policy.php), and the available settings in your Facebook account. We remain fully responsible for the information we publish using the mechanisms provided by Facebook (posts, shares, etc.).

10.2 Instagram

The social network “Instagram” is operated by Instagram Inc, 1601 Willow Road, Menlo Park, California 94025, USA and is part of the Facebook Group. The controller for the EEA is Meta Ireland (see section 10.1). We are, together with Meta Ireland, jointly responsible for the processing of your personal data in connection with the operation of our Instagram account "labiosthetiqueparis" (https://www.instagram.com/labiosthetiqueparis/) within the meaning of Art. 26 GDPR.

Please note that we have no influence over the programming or design of the social network; we can only personalise and manage our Instagram account within the scope of the options provided by Instagram. Please therefore take into account the terms of use imposed by the service provider for the use of the social network (https://help.instagram.com/581066165581870), the separately provided privacy policy information (https://help.instagram.com/519522125107875), and the available settings in your Instagram account. We are, of course, fully responsible for the information we provide via the mechanisms made available by Instagram (such as postings, stories etc.).

10.3 YouTube

The video platform “YouTube” is operated by Google Ireland (see section 8.3.2). Regarding the operation of our YouTube channel "La Biosthétique Paris" (https://www.youtube.com/user/labiosthetiqueparis), we are, together with Google Ireland, jointly responsible for the processing of your personal data within the meaning of Art. 26 GDPR.

Please note that we have no influence over the programming or design of YouTube; we can only personalise and manage our YouTube channel within the scope of the options provided by YouTube. Therefore, please take into account the terms and conditions set by the service provider for the use of the video platform (https://www.youtube.com/t/terms), the separately provided privacy information (https://policies.google.com/privacy?hl=en-GB&gl=uk), and the available settings in your YouTube account. We are, of course, fully responsible for the videos and content made available by us.