Search
  • Home
  • /
  • Privacy Policy (GDPR)

Privacy Policy (GDPR)

This Privacy Policy explains how DERMONIQUE GmbH processes personal data, including collection, use, storage, protection, and the rights of data subjects.
It applies to data processing on our website www.dermonique.com, our online shop (WooCommerce), social media presence, and communication with us (e.g. via email, phone, or contact forms).

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

DERMONIQUE GmbH
Girardet Haus, Königsallee 27
40212 Düsseldorf, Germany
Phone: +49 211 238 55 189
E-mail: rp@dermonique.com

Privacy contact: rp@dermonique.com

2. Scope and Purpose of Data Processing

Personal data refers to any information relating to an identified or identifiable natural person (e.g. name, address, email address, payment data, IP address, usage data).

We process personal data in particular to:

  • operate and technically provide our website and online shop,

  • process orders, payments, deliveries, and invoices,

  • respond to inquiries and provide customer support,

  • analyze and optimize marketing and website performance (only with consent),

  • ensure system security and prevent misuse or fraud,

  • comply with legal obligations (e.g. tax and commercial law).

If personal data is processed for purposes other than those listed here, we will inform you accordingly.

3. Website Access and Server Log Files

When accessing our website, technical data is automatically processed, including:

  • IP address,

  • date and time of access,

  • browser type and version,

  • operating system,

  • referrer URL,

  • error messages where applicable.

Purpose:
Ensuring functionality, security, stability, error analysis, and abuse prevention.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest).

Storage period:
Generally up to 30 days, unless longer storage is required for security reasons.

4. Cookies and Consent Management

We use cookies and similar technologies.

4.1 Essential Cookies

These cookies are required for the operation of the website and online shop (e.g. shopping cart, language selection, security features).

Legal basis:
Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest).

4.2 Analytics and Marketing Cookies (Consent Required)

Analytics and marketing cookies are used only after your explicit consent.

Legal basis:
Art. 6(1)(a) GDPR (consent).

You may withdraw your consent at any time with effect for the future.

4.3 Consent Management – Complianz

We use Complianz as our consent management platform to obtain and document cookie consent in compliance with GDPR and EU ePrivacy regulations.

Complianz processes:

  • consent status,

  • timestamp of consent,

  • anonymized IP address,

  • browser and device information.

Provider:
Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands

Legal basis:
Art. 6(1)(c) GDPR (legal obligation)
Art. 6(1)(f) GDPR (legitimate interest in lawful consent management)

5. Analytics, Marketing and Embedded Services

5.1 Google Analytics

We use Google Analytics to analyze website usage and performance (e.g. page views, interactions, approximate location, device information).

Legal basis: Art. 6(1)(a) GDPR (consent)
Provider: Google Ireland Limited, Dublin, Ireland
Third-country transfer: Data may be transferred to the USA; safeguards such as EU Standard Contractual Clauses are applied.

5.2 Google Ads (Conversion Tracking & Remarketing)

Used to display advertisements and measure campaign effectiveness.

Legal basis: Art. 6(1)(a) GDPR (consent)
Provider: Google Ireland Limited

5.3 Meta Pixel (Facebook / Instagram)

Used to measure advertising success and provide remarketing.

Legal basis: Art. 6(1)(a) GDPR (consent)
Provider: Meta Platforms Ireland Limited, Dublin, Ireland
Third-country transfer: Possible (USA) with appropriate safeguards.

5.4 TikTok Pixel

Used for marketing performance measurement and retargeting.

Legal basis: Art. 6(1)(a) GDPR (consent)
Third-country transfer: Possible with appropriate safeguards.

5.5 Google Maps

Used to display maps and location information.

Processed data may include IP address and location data (if enabled on your device).

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest), or Art. 6(1)(a) GDPR if cookies are set.

5.6 YouTube Videos

We embed YouTube videos. When videos are loaded or played, data such as IP address and device information may be transmitted to Google/YouTube.

Legal basis:
Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR for content presentation.

6. Online Shop (WooCommerce)

When placing an order, we process:

  • name,

  • billing and shipping address,

  • email address,

  • phone number (if provided),

  • order and product details,

  • payment and transaction information,

  • invoice data.

Purpose: Contract performance, payment processing, shipping, invoicing, customer service.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR.

Retention:
Order and invoice data are stored for up to 10 years in accordance with legal requirements.

7. Payment Processing

7.1 PayPal

If you choose PayPal, required payment data (name, address, total amount, order number) is transmitted to PayPal.

Legal basis: Art. 6(1)(b) GDPR
PayPal processes data under its own responsibility.

7.2 Credit Card – WooPayments

Credit card payments are processed via WooPayments, operated by:

Automattic Inc.
60 29th Street #343
San Francisco, CA 94110, USA

Processed data includes:

  • name,

  • billing and shipping address,

  • payment amount,

  • transaction ID and payment status.

Legal basis: Art. 6(1)(b) GDPR
Third-country transfer: Possible transfer to the USA with EU Standard Contractual Clauses.

More information:
https://woocommerce.com/document/woocommerce-payments-privacy/

8. Shipping Provider

For delivery, necessary data is transferred to DHL (name, address, and where applicable email/phone number for delivery notifications).

Legal basis: Art. 6(1)(b) GDPR

9. Contact (Email, Phone, Forms)

When contacting us, we process the data you provide to respond to your inquiry.

Legal basis:

  • Art. 6(1)(b) GDPR (contract-related inquiries), or

  • Art. 6(1)(f) GDPR (general communication).

Data is deleted after completion of the request, subject to statutory retention obligations.

10. Social Media Presence

We maintain profiles on social media platforms (e.g. Instagram, Facebook, TikTok).
Data processing on these platforms is carried out by the platform operators under their own responsibility. We may receive aggregated statistics (insights).

Please refer to the privacy policies of the respective platforms.

11. Data Recipients

Personal data may be shared with:

  • hosting and IT service providers,

  • payment service providers,

  • shipping and logistics providers,

  • tax authorities and advisors,

  • marketing and analytics providers (only with consent).

All processors are bound by data processing agreements pursuant to Art. 28 GDPR.

12. Third-Country Transfers

Where services involve data transfers outside the EU/EEA (e.g. USA), such transfers are based on appropriate safeguards such as EU Standard Contractual Clauses.

13. Data Retention and Deletion

Personal data is stored only as long as necessary for the stated purposes or as required by law. Thereafter, data is deleted or anonymized.

14. Your Rights

You have the right to:

  • access (Art. 15 GDPR),

  • rectification (Art. 16 GDPR),

  • erasure (Art. 17 GDPR),

  • restriction of processing (Art. 18 GDPR),

  • data portability (Art. 20 GDPR),

  • objection (Art. 21 GDPR),

  • withdraw consent at any time (Art. 7(3) GDPR),

  • lodge a complaint with a supervisory authority (Art. 77 GDPR).

Competent authority (Germany, NRW):
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)