Support:

support@geske.com

Data protection:

privacymanager@geske.com

Data protection officer:

Trusted Shops AG

Subbelrather Str. 15c

50823 Köln

privacymanager@geske.com

In this section we explain the data processing that can take place during the use of the app. In the following sections we will explain the special functions of the app.

In addition, the general provision and maintenance of the app is carried out with the support of service providers who work on our behalf and may therefore also be able to view your data to the required extent. We also explain the service providers involved individually for each section or special function of the app.

Details:

During general use, we process (technical) data about your mobile device and your internet connection.

Examples:

·      MAC and IP address

·      Date and time of access, time zone

·      End device (model), operating system, version and language

·      Name of the mobile device

·      Unique number of the mobile device (IMEI)

·      Unique number of the network subscriber (IMSI)

·      Advertising ID of your mobile device (assigned by the manufacturer of the mobile device)

The actual amount of data transmitted depends on which mobile device (smartphone or tablet) and which operating system (iOS or Android) you are using.

In addition, each installed Beauty App receives a pseudonymous user ID (e.g. 1234567890) assigned by us.

·      Beauty App User ID (User ID)

The user ID is mandatory in order to be able to distinguish between the users of the Beauty App and to be able to offer the functions of the app.

Storage period:

Our protocols (logs) are deleted after max. 90 days.

Legal basis:

The data is technically required to offer you the Beauty App and to ensure the stability and security of the Beauty App. 

Participating service providers:

We use the services of Amazon Web Services Inc. (AWS) to provide the Beauty App.

Processing outside your region:

Despite the server location within your region, data processing within the scope of providing the Beauty App via AWS in countries outside your region cannot be ruled out. For the exceptional cases in which your data is transmitted to other countries (e.g., as part of technical support), we have implemented suitable data protection guarantees. These are the standard contractual clauses, which we will be happy to make available to you on request.

Registering or creating a user account allows you to experience all the functions of the Beauty App. For your permanent user profile, we absolutely need a (fictitious) login name chosen by you. A profile picture, however, is not required. Entering your e-mail address is used to recover a forgotten password and possibly to register for the newsletter. Alternatively, you can also use the Beauty App with a guest profile. However, not all functions are then fully available to you.

Details:

The following data is required when registering in the app

·      Login name

·      E-mail address for password recovery

After registration, you can add further data to your account on a voluntary basis.

·      Profile picture (optional)

·      Date of birth (voluntary)

·      Gender (voluntary)

·      Skin type (optional)

Storage period:

The data will be processed until you delete your user account.

Legal basis:

Our terms and conditions and your consent.

Participating service providers:

To create the user profile, we pass on your data to Emarsys eMarketing Systems GmbH, Zeppelinstrasse 2, 85399 Hallbergmoos Germany. 

Data processing outside your region:

Transfers to third countries are possible. So-called standard contractual clauses were concluded as suitable guarantees, which we would be happy to make available to you on request.

Storage period:

The data will be processed until you delete your user account.

Legal basis:

Our terms of use.

Participating service providers:

Depending on the chosen login platform, these can be the following providers:

·      Facebook Login (Meta Platforms Ireland Ltd. 4 Grand Canal Square, Dublin 2, Ireland)

·      Google Login (Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland)

·      Apple Login (Apple Inc., Cupertino, CA 95014,)

Data processing outside your region:

By registering using one of the social login platforms, you may be redirected to third parties who process your data outside your region and possibly in a third country. We have no influence on this data processing.

Push notifications are notifications that can be displayed on your mobile device without opening the Beauty App.

We provide you through these notifications information about various events, such as information on current studies and campaigns as well as helpful tips and tricks for using our products and your personal routine.

In addition, we can also inform you regularly about an update of the Beauty App and new functions.

No sensitive content is displayed within a push notification. You can adapt the display of push notifications to your needs in the settings of the Beauty App and in the settings of your mobile device.

Details:

Additional (pseudonymous) data is transmitted to our servers for the delivery of notifications about (firmware) updates and new functions of the Beauty App. This is data about your mobile device and certain events that are triggered within the Beauty App while our messages are being displayed.

Examples:

·      App ID for every mobile device

·      Hardware ID for every mobile device (only for the guest profile)

·      App start time

·      Notification was displayed / clicked

If you use a user profile (login name), the app ID is linked to your user ID. If you use a guest profile, an additional pseudonymous hardware ID (e.g. 4hvtjtv4j-5646-5456-gkicv-6sl44t443) will be created instead of the user ID and linked to your app ID. The app ID and the hardware ID are mandatory in order to be able to distinguish the users of the Beauty App and to be able to send the push notifications for (firmware) updates to your mobile device.

The actual amount of data transmitted depends on the operating system of your mobile device and your individual settings.

Storage period:

Our logs for push notifications are deleted when they are no longer required. If you delete your user profile and thus also the individual user ID assigned by us, our logs can no longer be related to individuals.

The push notifications themselves are saved in the logs of your mobile device without any specific content.

Legal basis:

You can revoke your consent to the delivery of push notifications at any time in the Beauty App settings.

Participating service providers:

The delivery of push notifications with messages about an available (firmware) update or new functions of the Beauty App is implemented with the Mobile Engage technology, a software development kit (SDK) from our service provider Emarsys eMarketing Systems GmbH.

Data processing outside your region:

Despite the server location within the EU, data processing in the context of the Mobile Engage technology from Emarsys eMarketing Systems GmbH in countries outside the EU cannot be ruled out. For the exceptional cases in which your data is transmitted to the US or other countries outside the EU (e.g. as part of technical support), we have implemented suitable data protection guarantees. These are the standard contractual clauses of the European Union, which we will be happy to make available to you on request.

In-app notifications are messages that are displayed within the Beauty App during use. With your consent, we would like to occasionally show you in-app notifications.

Examples:

·      Information on (new) app features (explanations, tutorials, etc.)

·      Attractive offers around the beauty offer

·      Links to voluntary surveys (outside the app)

You can (de)activate the display of in-app notifications in the settings of the Beauty App.

Details:

Additional pseudonymous data is transmitted to our server here. This is data about your mobile device and certain events that are triggered within the Beauty App while our messages are being displayed.

Examples:

·      App ID for every mobile device

·      Hardware ID for every mobile device (only for the guest profile)

·      App start time

·      Notification was displayed / clicked

If you use a user profile (login name), the app ID is linked to your user ID. If you use a guest profile, an additional pseudonymous hardware ID (e.g. 4hvtjtv4j-5646-5456-gkicv-6sl44t443) will be created instead of the user ID and linked to your app ID. The app ID and the hardware ID are mandatory in order to be able to distinguish the users of the Beauty App and to be able to send the in-app notifications to your mobile device.

The actual amount of data transmitted depends on the operating system (iOS or Android) of your mobile device and your individual settings.

Storage period:

Our in-app notification logs are deleted after 90 days. If you delete your user profile and thus also the individual user ID assigned by us, our logs can no longer be related to individuals.

Legal basis:

The in-app notifications are delivered with your consent. You can revoke your consent at any time in the settings of the Beauty App.

Participating service providers:

The in-app notifications are delivered using the Mobile Engage technology, a software development kit (SDK) from our service provider Emarsys eMarketing Systems GmbH.

Processing outside your region:

Despite the server location within the EU, data processing in the context of the Mobile Engage technology from Emarsys eMarketing Systems GmbH in countries outside the EU cannot be ruled out. For the exceptional cases in which your data is transmitted to the US or other countries outside the EU (e.g. as part of technical support), we have implemented suitable data protection guarantees. These are the standard contractual clauses of the European Union, which we will be happy to make available to you on request.

Diagnostic data is information about the “health” of the Beauty App. This data enables us to analyze possible errors and crashes in the Beauty App. With your consent, you allow us access to the diagnostic data in order to improve the Beauty App.

Details:

In this case some additional pseudonymous data is transmitted to our server. This is data about your mobile device and certain events that led to a problem or a crash while you were using the Beauty App.

Examples:

·      Crashlytics Installation UUID for every mobile device

·      Timestamp of a crash

·      Version number of the Beauty App

·      Operating system and version

·      Manufacturer and type of mobile device, processor, RAM and storage capacity

·      Technical parameters related to a crash during use (program code and logic)

The actual amount of data transferred depends on which operating system you are using, which error has occurred and which settings you have made for advertising tracking on your mobile device.

Storage period:

The diagnostic data is generally deleted after 180 days.

Legal basis:

The evaluation of the diagnostic data takes place with your consent . You can revoke your consent at any time in the settings of the Beauty App.

Participating service providers:

We use the Firebase Crashlytics technology, a software development kit (SDK) from our service provider Google Ireland Ltd., to evaluate the diagnostic data.

Data processing outside your region:

Despite the server location within the EU, data processing within the framework of the Firebase Crashlytics technology from Google Ireland Ltd. in countries outside the EU cannot be ruled out. For the exceptional cases in which your data is transmitted to the US or other countries outside the EU ( e.g. as part of technical support), we have implemented suitable data protection guarantees. These are the standard contractual clauses of the European Union, which we will be happy to make available to you on request.

Details:

To do this, we use data from ad technologies both in and outside our services, pixels, tags, cookies and device identifiers, data from your use of our services (e.g. search history, feed, content you read, page visits, videos you watch, clicks on an ad, etc.) to infer your interests.

Storage period:

The data will be processed until you delete your user account or revoke your consent.

Legal basis:

Your user behavior is analyzed with your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time in the settings of the Beauty App.

Participating service providers:

To analyze how the app is used, we use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) and Emarsys Predict

Emarsys eMarketing Systems GmbH, Zeppelinstrasse 2, 85399 Hallbergmoos, Germany.

Data processing outside your region:

Transfers to third countries are possible. So-called standard contractual clauses, which we would be happy to make available to you on request.

Details:

With this so-called Skin Scan, the condition and texture of your facial skin is analyzed using artificial intelligence based on the selfies that have been taken. For example, we can then determine the evenness and firmness of your skin. If you have also entered your skin type and age in your account, we will also include this data in the analysis.

The recordings you made could also provide information about your ethnic origin. However, this is not the focus of the processing. We do not actively use this data.

If you have registered in our app, additional functions are available to you. This enables us to show you personalized skin care and product recommendations as well as recommendations for your daily skin routine based on the analysis results and any additional data that may have been provided, such as age, gender, skin type and individual goals. With your digital skin diary, the development of your skin can also be tracked.

Optionally, you can contribute to us improving and researching the Beauty App functionalities by giving separate consent to the storage of your photos. The storage refers to the creation of quality evaluations and statistics as well as possible error corrections and for the training and improvement of the AI for the analysis of the photos.

The actual amount of data transferred depends on whether you have already registered in the app and how you have configured your privacy settings in the app.

In principle, the following data can be transmitted to us as part of the Skin Scan:

·      Skin scan photos (storage only with consent)

·      Skin scan results / individual characteristics of your skin

·      Data about your routines and results

·      Number of your sessions

Storage period:

If you have a user account with us and have agreed to the further storage of your photos by us, these photos will first be used to carry out the skin analysis and then stored with us for the above-mentioned purposes until you revoke your consent or delete your account. In any case, photos will be deleted after 5 years at the latest. If you do not have agreed to the storage of your photos, the image you use for the skin scan will only be used to carry out the skin analysis and will be automatically deleted after the analysis.

Legal basis:

Your skin is analyzed in accordance with our terms and conditions. The photos are only stored with your consent. You can revoke your consent at any time in the settings of the Beauty App.

Participating service providers:

We use the services of Amazon Web Services Inc. (AWS) for data storage and analysis as a data processor for us. In addition, certain data (date of your skin scan, your individually defined goals and your skin routines) will be linked to your user profile and, in this context, transmitted to Emarsys eMarketing Systems GmbH, Zeppelinstrasse 2, 85399 Hallbergmoos Germany (hereinafter referred to as EMARSYS) as a data processor for us.

Data processing outside your region:

Despite the server location within the EU, data processing within the scope of providing the Beauty App via AWS and EMARSYS in countries outside the EU cannot be ruled out. For the exceptional cases in which your data is transmitted to the US or other countries outside the EU (e.g. as part of technical support), we have implemented suitable data protection guarantees. These are the standard contractual clauses of the European Union, which we will be happy to make available to you on request.

Details:

The product suggestions can be based, for example, on your individual goals and results of the Skin Scan as well as other data provided by you, such as age, gender or skin type.

Storage period:

The data will be processed until you delete your user account.

Legal basis:

Our terms of use.

Participating service providers:

For individual product recommendations based on your profile data, we use the services of Emarsys eMarketing Systems GmbH, Zeppelinstrasse 2, 85399 Hallbergmoos Germany.

Data processing outside the your region:

Despite the server location within the EU, data processing by EMARSYS in countries outside the EU cannot be ruled out. For the exceptional cases in which your data is transmitted to the US or other countries outside the EU (e.g. as part of technical support), we have implemented suitable data protection guarantees. These are the standard contractual clauses of the European Union, which we will be happy to make available to you on request.

Details:

If you subscribe to our newsletter, your e-mail address will be sent to EMARSYS (further information such as name or other personal data will not be requested).

For the compilation of our individual e-mail newsletter, we use the analysis tool Emarsys Predict, which evaluates your use of the newsletter as well as our app and the shop.

In addition, our newsletters may contain hyperlinks (“links”) containing random but unique identification numbers. We may collect and store these identification numbers when you access these links to retrieve additional information from our servers.

We use this information about the calls you make to understand your use of our newsletter and our app and website, to measure the success of certain marketing measures and to adapt our offers to your individual interests and needs.

Storage period:

The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you have canceled the newsletter.

Legal basis:

The legal basis for processing the data after registering for the newsletter is your consent. You can revoke your consent at any time. 

If we receive your e-mail address in connection with the sale of goods or services and you have not objected to this, we reserve the right to regularly send you offers by e-mail for similar products to those already purchased from our range. This serves to safeguard our overriding legitimate interests in advertising to our customers within the framework of a balancing of interests.[MB1] 

You can object to this use of your e-mail address at any time by sending a message to the contact option described in this Privacy Policy or via a link provided for this purpose in the advertising e-mail.

Participating service providers:

We use the service Emarsys eMarketing Systems GmbH, Zeppelinstrasse 2, 85399 Hallbergmoos Germany (hereinafter referred to as EMARSYS) for processing.

Data processing outside your region:

Despite the server location within the EU, data processing by EMARSYS in countries outside the EU cannot be ruled out. For the exceptional cases in which your data is transmitted to the US or other countries outside the EU ( e.g. as part of technical support) , we have implemented suitable data protection guarantees. These are the standard contractual clauses of the European Union, which we will be happy to make available to you on request.

Details:

When you contact us via the contact form or by e-mail, the data you provide (your e-mail address and your message) will be stored by us in order to answer your question(s) or your request(s).

By voluntarily providing technical data about your operating system, your device model and the screen resolution of your smartphone as well as any other system data, you make it easier for us to analyze and subsequently troubleshoot technical problems.

Storage period:

We delete the data arising in this context after the storage is no longer necessary or restrict the processing if there are statutory retention requirements (max. ten years in the context of the archiving of business e-mail traffic required under commercial and tax law).

Legal basis:

The processing takes place on the basis of our legitimate interest in handicap-accessible processing and answering of your request.  Our interest lies essentially in the provision and use of a modern, flexible and handicap-accessible information medium. Your data will be used exclusively for the purpose of answering your request or for contacting you and for the associated technical administration. In certain individual cases, processing may be necessary to carry out pre-contractual measures that are taken at your requestor for contacting you and for the associated technical administration..

In certain individual cases, processing may be necessary to carry out pre-contractual measures that are taken at your request. 

Participating service providers:

No additional service providers.

Data processing outside your region:

No additional data processing outside the EU.