Section 1: Information about the collection of personal data and purpose of processing
(1) Below we provide information about how we collect personal data when you use our website. Personal data is any information that can be related to you personally, e.g. your name, address, email addresses, user behaviour. The purpose of the processing is the operation of a website in order to offer remedies, care preparations and medical cosmetics.
(2) The data controller pursuant to Article 4 No. 7 of the EU General Data Protection Regulation (GDPR) is:
Retterspitz GmbH & Co. KG
Laufer Str. 17-19
Managing Directors: Markus and Florian Valet
Telephone: +49 (0) 911 50 700-0
How to contact our Data Protection Officer:
SPH IT + Consulting GmbH & Co. KG
Telephone: +49 (0) 911 2177480
You can also write to him at our mailing address, clearly marking the envelope “For the attention of the data protection officer“.
(3) When you contact us by email or using the contact form on our website, we will store the data you provide (your email address, name and telephone number, if applicable) in order to answer your questions. Your data is encrypted during the data transfer. If the purpose of your inquiry is to conclude or implement a contract with us, the lawful basis for data processing is Article 6 (1) b of the GDPR. Otherwise, we process the data on the basis of our legitimate interest in contacting people who make an inquiry with us. The lawful basis for such data processing is Article 6 (1) f of the GDPR. We will delete any data provided in this context as soon as it no longer needs to be stored, or will restrict processing if there are statutory retention obligations.
(4) If we use subcontracted service providers for individual functions of our offer or would like to use your data for marketing purposes, we will inform you in detail about the respective processes below. We will also state the defined criteria for the retention period in these cases.
Section 2: Your rights
(1) You have the following rights in relation to your personal data:
- Right to information (Article 15 of the GDPR)
- Right to rectification or erasure (Articles 16 and 17 of the GDPR)
- Right to restriction of processing (Article 18 of the GDPR)
- Right to object to processing (Article 21 of the GDPR)
- Right to data portability (Article 20 of the GDPR)
- Right to revocation of consent (Article 7 (3) of the GDPR)
(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
Section 3: Collection of personal data when you visit our website
(1) Where you use the website purely for the purpose of obtaining information, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server. This information cannot be used to identify you as a data subject. The data collected when the website is used for purely informational purposes is technically necessary to display the page and to ensure its stability and security. This data is deleted after 24 hours if there are no specific indications of illegal use:
The date and time of access
- Names of accessed web pages
- Names of downloaded files
- Volume of data transferred
- Status code of the access (successful/error)
- Browser type and version used
- Operating system of the user
- URL of the website from which our offer was accessed
- IP address of the accessing computer (truncated)
- Provider via which the access takes place
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and that provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the internet offer as a whole more user-friendly and effective.
(3) We can use pixels to evaluate your interest in our website or our email messages sent to you, and can use the information for analysis or marketing purposes. Pixels (also called beacons or tags) are small image files measuring 1 pixel by 1 pixel that are embedded in websites or emails. When you open a web page or email that contains an embedded pixel, the page or email will automatically run a simple code that downloads the 1x1 image file to your browser or device. At the same time, the code passes on certain information about your device and your activities on the website, or the fact that you have opened an email, to the website server.
You can decide whether or not you consent to the activation of the respective cookie in your cookie settings.
Section 4: Other functions and offers of our website
(1) In addition to the use of our website purely for information, we offer various services that you can use if you are interested. For this purpose, you will usually also have to disclose personal data that we need in order to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. They have been carefully selected and subcontracted by us, are bound by our instructions within the scope of written data processing agreements in accordance with Article 28 of the GDPR, and are regularly monitored.
(3) Furthermore, we may pass on your personal data to third parties if participation in promotions, competitions, conclusion of contracts or similar services are offered by us together with partners. You will receive more information on this when you provide your personal data or below in the description of the offer.
(4) Insofar as our service providers or partners have their registered office in a state outside the European Economic Area (EEA), we will inform you of the consequences of this situation in the description of the offer.
Section 5: Orders via our online shop
In the context of orders placed via the online shop on our website, the data provided by you (first name, surname, email address, telephone number, address) will be processed and stored by us for the purpose of processing and fulfilling the order. We will delete any data arising in this context as soon as it no longer needs to be stored, or will restrict processing if there are statutory retention obligations. The lawful basis is the conclusion and fulfilment of the purchase contract in accordance with Article 6 (1) b of the GDPR. The personal data will be stored for the duration of the contract. We are required to retain accounting documents for a period of ten years in order to comply with our statutory retention obligations pursuant to Section 257 (1) No. 2 of the German Commercial Code (HGB) and Section 147 of the German Tax Code (AO). The lawful basis is Article 6 (1) c of the GDPR.
In order to process the order, we pass on your data to the shipping company to which delivery is subcontracted.
Depending on which payment service provider you select in the order process, we pass on the payment data collected for this purpose to the credit institution subcontracted to handle payment, and, if applicable, to payment service providers commissioned by us in order to process payments. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access credentials during the order process.
5.1 Payment via PayPal
PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg)
PayPal is a payment service provider that offers the payment methods Credit Card via PayPal, Direct Debit via PayPal and, if the corresponding requirements are met, “Purchase on Account” or “Payment by Instalments” via PayPal. The use of PayPal requires a credit check to be carried out. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) f of the GDPR on the basis of PayPal’s legitimate interest in determining your creditworthiness. PayPal uses the result of the credit check to calculate the statistical probability of non-payment for the purpose of deciding whether or not to provide the respective payment method. The credit report may contain probability values (often referred to as a “score”). Insofar as a score is included in the result of the credit report, this is based on a scientifically recognised statistical mathematical procedure. The calculation of the score includes, but is not limited to, address data.
You can object to PayPal about this processing of your data at any time. However, PayPal retains the right to process your personal data to the extent necessary for the contractual processing of payments.
PayPal GTC: paypal.com/legalhub
Section 6: Social media
We maintain a presence on Facebook and Instagram in order to communicate with our customers, interested parties and users using these platforms and in order to keep them up to date with our services. The logos shown on our website are integrated using plugins. You will be automatically redirected to these pages when you click on them. We use the plugins on the basis of Article 6 (1) f of the GDPR. The website operator has a legitimate interest in achieving the greatest possible visibility in social media.
Our website uses the Facebook social plugin (“plugin”) operated by Facebook Inc., 1 Hacker way, Menlo Park, California 94025, USA (“Facebook”). This plugin is identified with a Facebook logo or the addition “Social Plug-in from Facebook” or “Facebook Social Plugin”. You can find an overview of the Facebook plugins and what they look like: facebook.com/plugins.
When you visit a page on our website that contains one of these plugins, your browser establishes a direct connection with the Facebook servers. The content of the plugin is sent directly from Facebook to your web browser software and integrated into the page. This integration provides Facebook with the information that your web browser has accessed the corresponding page on our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is sent directly by your web browser to a Facebook server in the USA, where it is stored. According to Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days.
If you are logged in to Facebook at the same time, Facebook is able to connect your visit to our website with your Facebook profile directly. If you interact with the plugins, for example by clicking the “Like” button or sending a comment, this information is also sent directly to a Facebook server where it is stored. The information will also be published on your Facebook profile and shown to your Facebook friends.
The described data processing operations are carried out pursuant to Article 6 (1) f of the GPDR on the basis of Facebook’s legitimate interest in displaying personalised advertising in order to inform other users on the social network about your activities on our website and for the needs-based design of the service.
If you do not want Facebook to assign the data collected via our website directly to your Facebook profile, you must log out of Facebook before visiting our website. You can also object to the loading of the Facebook plugins and thus the data processing operations described above for the future using add-ons for your browser, e.g. the script blocker "NoScript” (noscript.net).
As an American company, Facebook and its services are subject to the CLOUD Act. This legislation allows American state authorities to gain access to the data stored by Facebook. This includes the data of non-US citizens. We cannot influence this.
Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
When you visit our Instagram page, Instagram collects information including your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. We, as the provider of the information service, do not collect and process any further data from your use of our service.
According to Instagram, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. Instagram also stores information about its users’ devices (for example, as part of the “login notification” function); where applicable, this enables Instagram to assign IP addresses to individual users.
If you are currently logged in to Instagram as a user, there is a cookie with your Instagram ID on your device. This enables Instagram to track that you have visited this page and how you have used it. This also applies to all other Instagram pages. Through Instagram buttons embedded in websites, it is possible for Instagram to record your visits to these web pages and assign them to your Instagram profile. This data can be used to offer content or advertising tailored to you.
If you want to avoid this, you should log out of Instagram or deactivate the “stay logged in” function, delete the cookies on your device, and close and restart your browser. In this way, Instagram information through which you can be directly identified is deleted. You can then use our Instagram page without revealing your Instagram identifier. When you access interactive features of the site (Like, Comment, Message, etc.), an Instagram login screen will appear. After logging in you will once again be recognisable to Instagram as a specific user.
As an American company, Instagram and its services are subject to the CLOUD Act. This legislation allows American state authorities to gain access to the data stored by Instagram. This includes the data of non-US citizens. We cannot influence this.
Section 7: Web analytics services and tracking tools
7.1 Google Analytics
We use the web analytics service Google Analytics to analyse and statistically evaluate website usage. The data obtained from this is used to optimise our website and marketing measures. Google Analytics is a web analytics service provided and operated by Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for Europe: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
Your data is processed on the basis of your consent pursuant to Article 6 (1) a of the GDPR, according to which the following data is recorded during your visit to the website:
a) Visitor-related data:
IP address (in truncated form, so that no clear assignment is possible) origin (country and city), language, operating system, device (PC, tablet or smartphone) browser and all add-ons used
b) Traffic sources:
Source of origin of your visit (i.e. from which website or advertising medium you came to us)
c) User behaviour:
Google processes website usage data on our behalf and is contractually committed to measures to ensure the confidentiality of the data processed. Google also processes this data for its own purposes (e.g. for profiling or linking to any Google accounts). The information about your usage of the website that is generated using the “cookie” is generally transmitted to and stored on a server operated by Google in the USA.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. We automatically delete this user-related data after 26 months.
Our website uses the IP anonymisation function (masking function “anonymizeIP”). The user’s IP address is truncated within the member states of the EU and the European Economic Area and only transmitted anonymously. Full IP addresses are only forwarded to a Google server in the USA and truncated there in exceptional cases. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. We would like to point out that Google, as an American company, is subject to the CLOUD Act. This legislation allows American state authorities to gain access to the data stored by Google. We cannot influence this.
You can prevent this processing by taking the following measures:
It is possible to set your browser so that no cookies are stored. However, this may result in our website not being fully functional. You can also prevent the collection of data regarding your usage of the website generated by the cookie (including your IP address) and its transmission to and processing by Google by downloading and installing the browser plugin from the following link: tools.google.com/dlpage/gaoptout
7.2 Facebook pixel
We have integrated a Facebook pixel on our website. When you access our website, you are forwarded to Facebook via a re-direct. The following data can be forwarded:
- Unique cookie ID
- Web page accessed
- Forwarding URL
- Browser information
- Personal Facebook user ID
We have also engaged Facebook Ireland to report on the impact of our advertising campaigns and other online content based on event data collected through the Facebook pixel (Campaign Reports) and to provide analysis and insights about users and their use of our website, products and services (Analytics). We transfer personal data contained in the event data to Facebook Ireland for this purpose. The personal data submitted will be processed by Facebook Ireland as our processor to provide us with campaign reporting and analytics. Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) may identify the device you are using with a cookie and a unique identifier or read any existing cookie. If you are logged in to Facebook, this data can be used to display targeted advertising for us on Facebook pages. The lawful basis for the cookie storage is Article 6 (1) a of the GDPR where consent to this has been obtained. The further evaluation of the collected data over a period of up to two years is based on Article 6 (1) f of the GDPR.
Personal data is only processed to create analyses and campaign reports if you have previously given your consent to this. The lawful basis for such data processing is therefore Article 6 (1) a of the GDPR.
Transmission of data to Facebook Inc. in the USA cannot be ruled out.
The further evaluation of the collected data is the responsibility of Facebook. You can revoke consent here: facebook.com/preferences
Further information on Facebook’s data processing can be found here.
7.3 TikTok pixel
We use the TikTok pixel on our website. The TikTok pixel is a TikTok Advertiser Tool of the two providers TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both hereinafter jointly referred to as “TikTok”).
The TikTok pixel is a feature that allows us to understand and track visitors’ activity on our website. For this purpose, the Tiktok pixel collects and processes information about visitors to our website or the devices they use (so-called event data).
The event data collected via the TikTok pixel is used for targeting, i.e. for the placement of personalised advertising. For this purpose, the event data collected on our website by means of the TikTok pixel is transmitted to TikTok.
Some of this event data is information that is stored on your device. In addition, cookies are also used via the TikTok pixel, through which information is stored on your device. Such storage of information by the TikTok pixel or access to information already stored on your device will only occur with your consent. The lawful basis for the collection and transmission of personal data by us to TikTok is therefore Article 6 (1) a of the GDPR. You can revoke consent at any time via our Consent Management Tool.
This collection and transmission of event data is carried out by us and TikTok as joint controllers. We have entered into a joint controller agreement with TikTok setting out the allocation of data protection obligations between us and TikTok. In this agreement, we and TikTok have agreed, among other things, that we are responsible for providing you with all information pursuant to Articles 13 and 14 of the GDPR about the joint processing of personal data and that TikTok is responsible for ensuring the rights of data subjects pursuant to Articles 15 to 20 of the GDPR.
You can access the agreement entered into between us and TikTok at tiktok.com/i18n/official.
TikTok is the sole data controller responsible for the subsequent processing of the transmitted event data. For more information about how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights against TikTok, please see TikTok's data policy at tiktok.com/legal/privacy-policy.
Section 8: Contact form
8.1 If you wish to contact us, you can use the contact form provided. We collect the following data when you use the contact form: Title, surname, first name and email address as mandatory data. The data will only be processed in order to respond to your request. Data will only be passed on to third parties if this is necessary in order to process your request. The lawful basis for the use of your data is Article 6 (1) f of the GDPR. Retterspitz has a legitimate interest in being in contact with the users of the website and in answering their questions or sending information. The personal data collected by Retterspitz in this context will be automatically deleted after completion of your request.
8.2 Google reCAPTCHA
In order to distinguish whether the input is made by a natural person or the service is being misused by machine and automated processing, we use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The service includes the transmission of the IP address and any other data required by Google for the reCAPTCHA service to Google and is done in accordance with Article 6 (1) f of the GDPR on the basis of our legitimate interest in establishing individual accountability on the internet and preventing abuse and spam. The use of Google reCAPTCHA may also result in the transmission of personal data to the servers of Google LLC. in the USA. As an American company, Google is subject to the CLOUD Act. This legislation allows American state authorities to gain access to the data stored by Google. We cannot influence this.
Section 9: Objecting to the processing of your data or revoking consent
(1) If you have given your consent to the processing of your data, you can revoke this consent at any time. Such a revocation, once expressed to us, will affect the permissibility of the processing of your personal data.
(2) Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When you exercise your right to make such an objection, we will ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
(3) You may, of course, object to the processing of your personal data for the purposes of marketing and data analysis at any time. You can inform us of your objection to marketing using the following contact details:
Retterspitz GmbH & Co. KG
Laufer Str. 17-19
Section 10: Concluding provisions
Our business operations are reliant on data being collected and processed. Where data is collected and processed, data protection and data security must be guaranteed. For us, this is not only a legal requirement but also a very real concern.
If you have any questions or suggestions regarding data protection in connection with our services, please do not hesitate to contact us using the above contact details (see Section 1).
Last changed at 15.05.2022