Privacy policy

Privacy Notice for Our Social Media Profiles

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you personally. For detailed information on data protection, please refer to our full privacy policy listed below this text.

Data Collection on this Website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section “Responsible Entity” of this privacy policy.

How do we collect your data?

Your data is collected in part when you provide it to us, for example, by filling out a contact form.

Other data is collected automatically or with your consent when you visit the website through our IT systems. This mainly includes technical data (e.g., internet browser, operating system, or time of page access). The collection of this data occurs automatically as soon as you access this website.

What do we use your data for?

Some of the data is collected to ensure the website functions correctly. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you can withdraw this consent at any time for the future. Additionally, you have the right, under certain circumstances, to request a restriction of the processing of your personal data. You also have the right to lodge a complaint with the relevant supervisory authority.

For any questions regarding data protection, you can contact us at any time.

Analysis Tools and Third-Party Tools

When you visit this website, your browsing behaviour may be statistically analysed, primarily using so-called analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

We host the contents of our website with the following provider:

Host Europe

The provider is Host Europe GmbH, Hansestraße 111, 51149 Cologne, Germany (hereafter “Host Europe”). When you visit our website, Host Europe collects various log files, including your IP address.

Details can be found in Host Europe’s privacy policy: https://www.hosteurope.de/AGB/Datenschutzerklaerung/.

The use of Host Europe is based on Article 6(1)(f) GDPR. We have a legitimate interest in reliably displaying our website. If consent is requested, processing is based solely on Article 6(1)(a) GDPR and § 25(1) TDDDG, to the extent consent includes the storage of cookies or access to information on the user’s device (e.g., for device fingerprinting). Consent can be withdrawn at any time.

Order Processing

We have concluded a contract for order processing (AVV) for the use of the above service. This is a legally required contract ensuring that the service processes personal data of our website visitors only according to our instructions and in compliance with GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is information that can identify you personally. This privacy policy explains which data we collect, why we use it, and how it is processed.

Please note that data transmission over the internet (e.g., via email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

Responsible Entity

The entity responsible for data processing on this website is:

wekama GmbH
Adalbert-Stifter Straße 25
84424 Isen, Germany

Phone: 0871 951 330 22
Email: landshut@california-skin.de

The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses).

Data Retention Period

Unless otherwise specified in this privacy policy, your personal data will remain with us until the purpose of data processing no longer applies. If you assert a legitimate request for deletion or withdraw consent for data processing, your data will be deleted, provided there are no other legally permissible reasons for retaining your personal data (e.g., tax or commercial retention periods); in such cases, deletion occurs once these reasons no longer apply.

Legal Basis for Data Processing

If you have given consent, we process your personal data based on Article 6(1)(a) GDPR or Article 9(2)(a) GDPR for special categories of data. In the case of explicit consent for transferring personal data to third countries, processing is also based on Article 49(1)(a) GDPR. If you consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is additionally based on § 25(1) TDDDG. Consent can be withdrawn at any time. If your data is required for contract performance or pre-contractual measures, we process it based on Article 6(1)(b) GDPR. If necessary to fulfil a legal obligation, processing is based on Article 6(1)(c) GDPR. Processing may also occur based on our legitimate interests under Article 6(1)(f) GDPR. The relevant legal basis for each case is indicated in the sections of this privacy policy.

Recipients of Personal Data

We work with various external entities as part of our business activities. Sometimes personal data must be shared with these external parties. Personal data is only shared if necessary for contract fulfilment, legally required (e.g., with tax authorities), if we have a legitimate interest under Article 6(1)(f) GDPR, or if another legal basis permits the transfer. When using processors, personal data is only shared under a valid order processing contract. In cases of joint processing, a joint processing agreement is concluded.

Withdrawal of Consent

Many processing operations are only possible with your explicit consent. You can withdraw consent at any time. The lawfulness of data processing carried out before withdrawal remains unaffected.

Right to Object (Article 21 GDPR)

If data processing is based on Article 6(1)(e) or (f) GDPR, you have the right to object at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds or for the assertion, exercise, or defence of legal claims (Article 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time. This also applies to profiling connected to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (Article 21(2) GDPR).

Right to Lodge a Complaint

If GDPR violations occur, you have the right to lodge a complaint with a supervisory authority, especially in your member state of residence, work, or the location of the alleged violation. This right is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or a contract in a commonly used, machine-readable format. You may request direct transmission to another controller where technically feasible.

Right to Access, Correction, and Deletion

You have the right to request free information about your stored personal data, its origin, recipients, and purpose, and, if necessary, to request correction or deletion. For these purposes and any other questions regarding personal data, you may contact us at any time.

Right to Restrict Processing

You have the right to request restriction of the processing of your personal data. This right applies in the following cases:

• If you dispute the accuracy of your personal data, restriction allows time for verification.
• If processing is unlawful but you prefer restriction over deletion.
• If we no longer need the data, but you require it to assert, exercise, or defend legal claims.
• If you have objected under Article 21(1) GDPR and a balance between your and our interests has not yet been determined.

Restricted data may only be processed with your consent, for legal claims, to protect another person’s rights, or for important public interests.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as site operators, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the change of the browser address from “http://” to “https://” and the padlock symbol in your browser’s address bar.

When SSL or TLS encryption is active, the data you transmit to us cannot be read by third parties.

4. Data Collection on this Website

Cookies

Our website uses so-called “cookies.” Cookies are small data files and do not cause any harm to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your device until you delete them yourself or your browser deletes them automatically.

Cookies can be set by us (first-party cookies) or by third parties (so-called third-party cookies). Third-party cookies enable the integration of certain services from third parties within websites (e.g., cookies for payment processing).

Cookies serve different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., shopping cart or video display). Other cookies may be used to analyse user behaviour or for advertising purposes.

Cookies that are necessary for the execution of electronic communication, the provision of certain functions requested by you (e.g., shopping cart), or website optimisation (e.g., audience measurement) are stored based on Article 6(1)(f) GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for technically error-free and optimised service provision. If consent is requested for the storage of cookies or similar recognition technologies, processing is based solely on this consent (Article 6(1)(a) GDPR and § 25(1) TDDDG); consent can be withdrawn at any time.

You can configure your browser to inform you about cookie settings and allow cookies only on a case-by-case basis, block cookies for certain cases or entirely, and activate automatic deletion when closing your browser. Disabling cookies may limit the functionality of this website.

Which cookies and services are used on this website can be found in this privacy policy.

Consent Management with Usercentrics

This website uses the Usercentrics consent technology to obtain your consent for storing certain cookies on your device or for using specific technologies, and to document this in a GDPR-compliant manner. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).

When you visit our website, the following personal data is transmitted to Usercentrics:

• Your consent(s) or the withdrawal of your consent(s)
• Your IP address
• Information about your browser
• Information about your device
• Time of your visit to the website
• Geolocation

Additionally, Usercentrics stores a cookie in your browser to associate the given consents or their withdrawal. The data collected in this way is stored until you request its deletion, delete the Usercentrics cookie yourself, or the purpose for storing the data expires. Mandatory legal retention periods remain unaffected.

The use of Usercentrics serves to obtain legally required consent for the use of certain technologies. The legal basis for this is Article 6(1)(c) GDPR.

Order Processing

We have concluded a contract for order processing (AVV) for the use of the above service. This is a legally required contract ensuring that personal data of our website visitors is processed only according to our instructions and in compliance with GDPR.

Server Log Files

The provider of the site automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

These data are not merged with other data sources.

Collection of this data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimisation of the website; for this purpose, server log files must be recorded.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data provided there, will be stored to process the request and for follow-up questions. This data will not be shared without your consent.

Processing of this data is based on Article 6(1)(b) GDPR if your inquiry relates to contract fulfilment or pre-contractual measures. Otherwise, processing is based on our legitimate interest in efficiently handling inquiries (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR) if obtained; consent can be withdrawn at any time.

Data entered in the contact form remains with us until you request deletion, withdraw consent, or the purpose for data storage expires (e.g., after your inquiry has been fully processed). Mandatory legal provisions, including retention periods, remain unaffected.

Inquiry via Email, Telephone, or Fax

If you contact us via email, telephone, or fax, your inquiry, including any personal data (name, inquiry), will be stored and processed to handle your request. This data will not be shared without your consent.

Processing is based on Article 6(1)(b) GDPR if your inquiry relates to contract fulfilment or pre-contractual measures. Otherwise, processing is based on our legitimate interest in efficiently handling inquiries (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR) if obtained; consent can be withdrawn at any time.

Data you submit via contact methods remains with us until deletion is requested, consent is withdrawn, or the purpose expires. Mandatory legal provisions, including retention periods, remain unaffected.

ProvenExpert

We have integrated ProvenExpert review badges on this website. The provider is Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, https://www.provenexpert.com.

The ProvenExpert badge allows us to display customer reviews submitted to ProvenExpert about our company on our website. When you visit our site, a connection to ProvenExpert is established, allowing them to register your visit. ProvenExpert also records your language settings to display the badge in the selected language.

Use of ProvenExpert is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in presenting customer reviews transparently. If consent is requested, processing is based solely on Article 6(1)(a) GDPR and § 25(1) TDDDG, insofar as consent includes cookie storage or access to information on your device (e.g., device fingerprinting). Consent can be withdrawn at any time.

Matelso

Based on our legitimate interests (i.e., ensuring the quality of our online services), we use the call-tracking technology of MaTelSo GmbH, Heilbronnerstr. 150, 70191 Stuttgart (“Matelso”). The phone number provided on our website is a call-tracking number, where the time, date, call acceptance, duration, and phone numbers of both parties are recorded, stored, and forwarded to Matelso and the called party for advertising effectiveness measurement. Further information can be found in Matelso’s privacy policy: https://www.matelso.com/de/privacy-statement.

You can prevent call tracking and associated data collection by calling the number listed in the imprint. To further block your number, you can call anonymously using a “hidden number.”

5. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking, analytics, or other technologies on our website. The Google Tag Manager itself does not create user profiles, store cookies, or carry out independent analyses. It is only used to manage and deploy the tools integrated through it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in a fast and uncomplicated integration and management of various tools on their website. If consent is obtained, processing is solely based on Article 6(1)(a) GDPR and §25(1) TDDDG, insofar as the consent covers cookie storage or access to information on the user’s device (e.g., device fingerprinting). Consent can be revoked at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States, ensuring compliance with European data protection standards when processing data in the U.S. Each DPF-certified company is obliged to comply with these privacy standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google Analytics

This website uses features of the web analytics service Google Analytics. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyse the behaviour of website visitors. The operator receives various usage data, such as page views, time spent, operating systems used, and the user’s origin. This data is associated with the user’s device. No association with a user ID is made.

Additionally, Google Analytics can track your mouse and scroll movements and clicks. Google Analytics uses modelling methods to supplement the collected data and employs machine learning technologies for data analysis.

Google Analytics uses technologies that allow recognition of users for the purpose of analysing user behaviour (e.g., cookies or device fingerprinting). The information collected about your use of this website is usually transmitted to a Google server in the USA and stored there.

Use of this service is based on your consent under Article 6(1)(a) GDPR and §25(1) TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information is available from the provider: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

IP Anonymisation

IP anonymisation for Google Analytics is enabled. This means your IP address will be shortened by Google within the EU or other parties to the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide further services related to website and internet usage. The IP address transmitted by your browser through Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de.

More information on handling user data in Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order Processing

We have concluded an order processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Ads

The website operator uses Google Ads, an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display ads in Google search or on third-party websites when users enter certain keywords (keyword targeting). Additionally, targeted ads can be shown based on user data available to Google (e.g., location data and interests – audience targeting). We as the website operator can evaluate this data quantitatively, for example, analysing which keywords led to the display of our ads and how many clicks were generated.

Use of this service is based on your consent under Article 6(1)(a) GDPR and §25(1) TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information is available from the provider: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google Conversion Tracking

This website uses Google Conversion Tracking. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Conversion Tracking allows Google and us to track whether a user has performed certain actions. For example, we can analyse which buttons on our website are clicked most often and which products are viewed or purchased most frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and which actions they performed. We do not receive information that would personally identify the user. Google itself uses cookies or similar technologies for identification.

Use of this service is based on your consent under Article 6(1)(a) GDPR and §25(1) TDDDG. Consent can be revoked at any time.

More information on Google Conversion Tracking: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Meta Pixel (formerly Facebook Pixel)

This website uses Facebook/Meta pixel tracking for conversion measurement. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, data collected may also be transferred to the USA and other third countries.

This allows tracking of user behaviour after they click a Facebook ad and are redirected to our website. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and to optimise future advertising campaigns.

The data collected is anonymous for us as the website operator; we cannot identify individual users. However, Facebook stores and processes the data, making connection to user profiles possible, and may use it for its own advertising purposes in accordance with Facebook’s data use policy (https://de-de.facebook.com/about/privacy/), enabling advertising on and off Facebook. We as the website operator cannot influence this use of data.

Use of this service is based on your consent under Article 6(1)(a) GDPR and §25(1) TTDSG. Consent can be revoked at any time.

We use Meta Pixel’s Advanced Matching feature.

Advanced Matching allows us to transmit various types of customer data (e.g., location, state, postcode, hashed email addresses, names, gender, birthdate, or phone number) collected via our website to Meta (Facebook). This helps to tailor ad campaigns more precisely to interested users and improves conversion attribution and Custom Audiences.

Where personal data is collected via this tool and transferred to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, are joint controllers for this data under Article 26 GDPR. Joint responsibility is limited to the collection and transfer of data to Facebook. Processing by Facebook after transfer is not part of joint responsibility. The obligations of both parties are set out in a joint processing agreement: https://www.facebook.com/legal/controller_addendum. We are responsible for providing privacy information and implementing the tool in compliance with data protection law. Facebook is responsible for data security of its products. Data subject rights (e.g., access requests) regarding data processed by Facebook can be exercised directly with Facebook. Requests submitted to us will be forwarded to Facebook.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Further privacy information from Facebook: https://de-de.facebook.com/about/privacy/.

You can also disable Facebook’s remarketing function “Custom Audiences” in ad settings at: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen (Facebook account required).

If you do not have a Facebook account, you can opt out of Facebook behavioural advertising via the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). Further information: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.

6. Newsletter

Newsletter Data

If you wish to receive the newsletter offered on the website, we require your email address and information allowing us to verify that you are the owner of the provided email address and consent to receiving the newsletter. No further data is collected, unless voluntarily provided. For processing the newsletter, we use newsletter service providers described below.

Rapidmail

This website uses Rapidmail for sending newsletters. Provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany.

Rapidmail is a service that allows, among other things, the organisation and analysis of newsletter dispatch. The data you provide for subscribing to the newsletter will be stored on Rapidmail’s servers in Germany.

Data Analysis by Rapidmail

For analytical purposes, emails sent via Rapidmail include a so-called "tracking pixel," which connects to Rapidmail’s servers when the email is opened. This allows us to determine whether a newsletter message has been opened.

Additionally, Rapidmail allows us to track which links in the newsletter are clicked. All links in the email are so-called tracking links, allowing your clicks to be counted. If you do not want analysis by Rapidmail, you must unsubscribe from the newsletter. A link for unsubscribing is provided in every newsletter.

More information on Rapidmail’s analytics features: https://de.rapidmail.wiki/kategorien/statistiken/

Legal Basis

Data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time. The lawfulness of processing already carried out remains unaffected by the revocation.

Retention Period

Data you provide for newsletter subscription will be stored until you unsubscribe from the newsletter or until the newsletter provider deletes your data. Other data stored for different purposes remain unaffected.

After unsubscribing, your email address may be stored on a blacklist with us or the newsletter provider to prevent future mailings. Data from the blacklist will only be used for this purpose and not merged with other data. This serves both your interest and our legitimate interest in complying with legal requirements for sending newsletters (Art. 6(1)(f) GDPR). Storage in the blacklist is indefinite. You may object to this storage if your interests outweigh our legitimate interest.

More on Rapidmail’s data security: https://www.rapidmail.de/datensicherheit

Order Processing

We have concluded an order processing agreement (DPA) for the use of the above service. This is a legally required contract ensuring that the service processes personal data of our website visitors only according to our instructions and in compliance with GDPR.

7. Plugins and Tools

External Fonts (Proxy Server)

Google Fonts

This site uses web fonts provided by Google for consistent font display. The Google Fonts are delivered via a proxy server provided by webhelps! Online Marketing GmbH, which does not collect, use, or forward any access data. No connection to Google servers occurs.

More information on Google Fonts: https://developers.google.com/fonts/faq and Google’s Privacy Policy: https://policies.google.com/privacy

Font Awesome

This site uses Font Awesome for icons. Font Awesome fonts are delivered via a proxy server provided by webhelps! Online Marketing GmbH, which does not collect, use, or forward access data. No connection to Fonticons, Inc. servers occurs.

More on Font Awesome privacy: https://fontawesome.com/privacy

Online Appointments with Shore

We offer patients the option to book appointments online via our website and the portal https://www.shore.com/de/impressum/. The service is provided by Shore (Shore GmbH, Ridlerstraße 31, 80339 Munich). The system shows available times in our calendar. To use the service, certain personal data must be entered, and you must accept Shore GmbH’s current privacy policy during booking. Data entered in the form is only used to schedule appointments and transmit appointment-related information (e.g., confirmation) to Shore GmbH, where it is processed and automatically transmitted to us. Shore does not share data with third parties for advertising or commercial purposes. Privacy policy: https://www.shore.com/de/datenschutz/

TRUSTINDEX

To display reviews from various platforms, the provider uses a function from Trustindex Ltd., Lechner Ödön fasor 3. A/2/3., 1095 Budapest, Hungary (Trustindex).

When a page containing the Trustindex component is accessed, a connection to Trustindex’s server is established to display reviews. Trustindex can determine from which website a request is sent and to which IP address the display is delivered.

We have concluded an order processing agreement with Trustindex.

CLEANTALK

This website uses anti-spam plugins from CleanTalk. Provider: CleanTalk Inc, 711 S Carson Street, suite 4, Carson City, NV, 89701, USA (“CleanTalk”).

CleanTalk protects our website from spam (e.g., unwanted advertising, messages, or comments). To this end, CleanTalk collects various personal data such as IP address, email, nickname, browser technology information, and entered text.

These data are transferred to a CleanTalk server in the EU and stored there. For security and spam protection, your data is processed in the CleanTalk Cloud Service and logged for a maximum of 31 days. After this period, the data is fully deleted.

Use of CleanTalk is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting the website from spam. If consent is obtained, processing is based on Art. 6(1)(a) GDPR and §25(1) TDDDG, as far as consent covers cookies or device access. Consent can be revoked at any time.

Data transfer to the USA is based on EU Commission standard contractual clauses. Details: https://cleantalk.org/publicoffer#privacy

Our Social Media Accounts

This Privacy Policy Applies to the Following Social Media Accounts

• https://www.facebook.com/california.skin/?locale=de_DE
• https://www.instagram.com/california.skin.landshut/
• https://www.youtube.com/@californiaskin6316

Data Processing by Social Networks

We maintain public profiles on social networks listed above. Networks like Facebook, X, etc., can analyse user behaviour extensively when you visit their sites or sites with integrated social content (e.g., like-buttons or ads). Visiting our social media pages triggers numerous privacy-relevant processes.

If logged in to your social media account, your visit may be assigned to your account. Personal data may also be collected if you are not logged in or do not have an account, e.g., via cookies or IP address. Networks can use this data to create user profiles with your preferences and interests, showing targeted advertising on and off the platform.

We cannot fully track all processing by the networks. Further processes may occur depending on the provider. Details are in each platform’s terms and privacy policies.

Legal Basis

Our social media accounts serve to maintain a broad online presence, which is a legitimate interest under Art. 6(1)(f) GDPR. Analysis by the networks may be based on other legal grounds (e.g., consent under Art. 6(1)(a) GDPR).

Controller and Exercise of Rights

When you visit our social media accounts, we are joint controllers with the platform for data processing during that visit. You can exercise your rights (access, correction, deletion, restriction, data portability, complaint) with us and with the platform.

Note that we do not have full control over the platforms’ processing. Our influence is limited by the provider’s policies.

Retention Period

Data collected directly via our social media pages are deleted when you request deletion, withdraw consent, or the purpose ceases. Cookies remain on your device until deleted. Statutory retention requirements remain unaffected.

We have no influence on how long networks store data for their purposes. Please refer to their privacy policies.

Your Rights

You have the right to obtain information about the source, recipients, and purpose of your personal data at any time free of charge. You also have the right to object, request data portability, and file a complaint with the supervisory authority. Furthermore, you may request correction, blocking, deletion, and, in some cases, restriction of your personal data.

Social Networks in Detail

Facebook

We maintain a Facebook profile. Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (Meta). Data may be transferred to the USA and other countries according to Meta.

We have a joint processing agreement with Meta (Controller Addendum) detailing responsibilities for data processing when you visit our page: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your ad settings in your account: https://www.facebook.com/settings?tab=ads

Data transfer to the USA is based on EU Commission standard contractual clauses. Details: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

Facebook privacy policy: https://www.facebook.com/about/privacy/

Meta is certified under the “EU-US Data Privacy Framework” (DPF). More information: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Instagram

We maintain an Instagram profile. Provider: Meta Platforms Ireland Limited, Dublin 4, Ireland. Data transfer to the USA is based on EU Commission standard contractual clauses: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/, https://de-de.facebook.com/help/566994660333381

Privacy policy: https://privacycenter.instagram.com/policy/

Meta is certified under the EU-US Data Privacy Framework. More information: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

YouTube

We maintain a YouTube profile. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how YouTube handles your personal data: https://policies.google.com/privacy?hl=de

Google is certified under the EU-US Data Privacy Framework. More info: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active