Data protection

Table of Contents

1       CONTACT

Responsible person in the sense of the Basic Data Protection Regulation (DSGVO) is:
M1 Med Beauty Berlin GmbH
Grünauer Street 5, 12557 Berlin
Phone: 030 34 74 404 (no customer service!)
E-mail: info@m1-beauty.de

Questions about our products and services, changes of address or revocation of consent should be addressed directly to our office: Tel.: 030 34 74 74 400 | E-Mail: info@m1-beauty.de.

Questions regarding data protection can also be addressed directly to our data protection officer:
Tel.: 030 34 74 492 | E-Mail: datenschutz@m1-beauty.de
By mail to: M1 Med Beauty Berlin GmbH
z. Hdn. Data Protection Officer, Grünauer Straße 5, 12557 Berlin, Germany

2       YOUR RIGHTS IN GENERAL

We summarize here the general rights that you are entitled to under the GDPR with regard to your data processed by us. For the explanation of the legal terms, we refer to the applicable definitions in the GDPR. If anything remains incomprehensible, please do not hesitate to ask us.

  1. You can revoke any consent you have given us to process or pass on your data at any time for the future (Art. 7 (3) DSGVO).
  2. Should the legal basis for processing your data be a legitimate interest pursuant to Art. 6 (1) lit. f DSGVO, you may lodge an objection to the data processing pursuant to Art. 21 DSGVO. Insofar as the relevant data processing is direct advertising, you do not have to justify your objection in any way; in all other cases, you would have to provide reasons for your objection that arise from your particular situation.
  3. If we have stored incorrect information about you, you can request us to correct your data (Art. 16 DSGVO).
  4. You can request information from us at any time about which of your data we process (Art. 15 DSGVO, § 34 BDSG).
  5. You can demand the deletion of your data or the restriction of its processing, as far as your wish does not conflict with higher-ranking storage obligations (Art. 17 or 18 DSGVO, § 35 BDSG).
  6. You may request that we provide you with the data you have provided to us yourself in a machine-readable format for disclosure to third parties (Art. 20 DSGVO).
  7. You may complain to a supervisory authority for data protection, e.g. the Berlin data protection commissioner, about data protection issues with us.

3       DATA PROCESSING WITH US

Any form of processing of personal data requires a legal basis that allows us to carry out this processing. The legal basis primarily results from the purpose for which the data is processed. The lawfulness within a legal basis is regularly measured according to the specific scope of the data processing and the measures we have taken to protect your data.

All legal bases for data processing are derived from Art. 6 (1) DSGVO and for particularly sensitive data such as health data from Art. 9 (2) DSGVO. These two regulations name the preparation or fulfilment of contractual, legal or also social obligations as the most important legal basis for data processing. In addition, many data processing operations are carried out in our legitimate interest, unless the interests of the data subjects prevail in view of the specific circumstances. Finally, there is the possibility that data processing is carried out on the basis of your consent (Article 7 of the GDPR) or, for persons under the age of 16, when using information society services (e.g. websites, online games, social media platforms) by children or young people in conjunction with the consent of a parent or guardian (Article 8).

We would like to expressly point out at this point that none of our offers are directed at persons under the age of 18.

In part, our obligation to ask for your consent does not arise solely from data protection law under the GDPR but from the stricter law under the EU ePrivacy Directive/TTDDSG. We have taken the provisions of this directive into account without explicitly referring to them in the following.

3.1       OUR GROUP OF COMPANIES

We offer our services in association with both M1 MVZ GmbH as a medical facility in Germany (http://m1-mvz.de/) and with M1 partner companies in other countries (see our overview at https://www.m1-beauty.de/fachzentren/#international). In principle, each of these companies is solely responsible for the data it processes.

As a rule, a company acts as a processor for other affiliated companies in a data protection-compliant manner pursuant to Article 28 of the GDPR.

In some constellations, companies also jointly access data in order to be able to offer you optimal and also cross-border care. Such a joint use of data takes place on the basis of a joint responsibility agreement pursuant to Article 26 of the GDPR. Wherever processing takes place in the form of shared responsibility, we will point this out to you in the following description of the individual processing operations.

If a data transfer to a state outside the European Economic Area (“EEA”) takes place, we will ensure that data protection in the sense of Articles 44 – 49 DSGVO is secured.

3.2       GENERAL INFORMATION ABOUT COOKIES

Our Internet pages use so-called cookies. These are usually small data packets that are stored by your browser on your device (computer, smartphone, etc.) when you call up a website. Different information can be stored in a cookie. Sometimes a cookie only stores a yes or no (“true” or “false”), sometimes a string of characters is stored that enables the browser to be uniquely identified when the website is called up again.

The right to set cookies is not only determined by the GDPR, but also by the ePrivacy Directive of the EU, the case law of the ECJ and its implementation in national law, such as the Telecommunications Telemedia Data Protection Act (TTDSG) in Germany. The ePrivacy Directive distinguishes between cookies that are absolutely necessary (essential) for the operation of the online offer and those that are not. Essential cookies may also be set without consent, but non-essential cookies always require consent – even if this is not required under the GDPR (and e.g. there is a legitimate interest as a legal basis). The TTDSG defines the permissibility of storage depending on your consent.

Due to the strict requirements of the ePrivacy Directive and the TTDSG, we ask you for your consent to the setting of non-essential cookies when you access our website.

The purpose of each cookie and the legal basis for its use according to the GDPR can be found in the following description of the individual data processing.

There are various ways for you to prevent the acceptance of cookies on your device:

  1. The standard case should be that you decide which cookies you accept and which you do not when you call up one of our Internet pages via our consent manager.
  2. In principle, you can set your browser so that it never accepts cookies. By such a complete exclusion, you will most likely lose functions based on cookies that you would actually like to allow or that are actually not subject to consent.
  3. You can access Internet pages in the private mode of your browser. Private mode also blocks cookies from being set in your browser memory.
  4. Some browsers or browser plug-ins offer you the possibility to make more differentiated default settings as to which cookies you want to accept by default and which ones you do not.
  5. A special case: Google offers you a browser plug-in for download that prevents Google cookies from being set. You can find the corresponding plug-in here: https://tools.google.com/dlpage/gaoptout?hl=de

3.3      MEDICAL TREATMENTS

3.3.1     PATIENT ACTS

Description: If you contact us for information about our medical services or for medical treatment, your data will be processed strictly in accordance with the applicable regulations on medical confidentiality. Our doctors and medical staff are bound to absolute confidentiality by both criminal law (§ 203 StGB) and the professional law of doctors.

The duty of confidentiality also includes the statement as to whether you are or have been undergoing treatment with us. The duty of confidentiality extends beyond the conclusion of the treatment contract and continues to apply after your death. We are also obliged to maintain confidentiality towards your relatives, partners, friends, employers or other persons close to you, unless you release us from the obligation to maintain confidentiality in writing. Confidentiality also applies to insurance companies, unless it is a statutory health or accident insurance. In accordance with § 53 of the German Code of Criminal Procedure, we have a right to refuse to give evidence to criminal investigation authorities.

Exceptions to the duty of confidentiality apply within the framework of statutory health and occupational disability insurance, in the case of reporting obligations under medical register laws (tumour register, implant register, etc.), in the case of threats to the welfare of the child (§ 4 KKG) and for the prevention of serious criminal offences, the preparation of which becomes known to us (§ 138 StGB).

Medical staff are already trained in data protection during their professional training and are obliged to comply with this. Access by non-medical employees is technically restricted by an authorisation concept in accordance with the requirements of the respective activity. We obligate all employees to data protection before they begin their work with us and train all employees to the required extent.

In technical terms, we ensure data security at our company through high standards of information security. We have our own IT department and operate our own servers at various locations with comprehensive protective measures against data loss or unauthorized access. We avoid storing data on end devices that could be lost.

All information on the medical treatment you receive from us is recorded in our own hospital information system (HIS). In addition to us, the medical companies affiliated with us have access to the HIS. We offer healthcare services at various locations and through various companies. Experience shows that patients use our services at several locations and are not always able to independently access the full scope of their previous treatment. Cross-location access to data serves your medical safety, as our medical staff can thus access your data at any location, even in other European countries. Here, too, access is technically restricted by a role-based authorization concept.

In addition, all employees are required to access only those patient records whose viewing is necessary for patient care.

Data categories: Contact data (name, address, telephone, e-mail), date of birth, insurance data (insurer, policy number), relatives data (name, relationship, contact data, confidentiality releases), general practitioner and other specialists, appointments and treatment history, education and consultation documentation, diagnosis data (medical findings: history, pre-existing conditions, personal examination) and measurements (e.g. height, weight).e.g. height, weight), medical laboratory values, X-rays, photographs and video recordings, dental impressions and models, diagnoses and treatment recommendations, treatment documentation (course of treatment, medications used and their dosage, implants used and their serial number), nutritional data (for inpatient care).

Data recipients (if applicable, third country transfer): We share the data with the companies affiliated with us with whom we have concluded a joint responsibility agreement in accordance with Article 26 DSGVO in this respect. M1 Med Beauty Berlin GmbH bears sole responsibility for the technical operation of the HIS and its protection against data protection incidents within the scope of the agreed focal points of responsibility. The responsibility for the medical patient documentation remains with the medical company that acts as the treatment provider for the data subject.

Insofar as patients wish to assert their rights under the GDPR, they should contact M1 Med Beauty Berlin GmbH directly if possible (see above for contact details). However, the persons concerned are also free to address their concerns directly to the company treating them.

A third country transfer takes place to Switzerland and the United Kingdom of Great Britain and Northern Ireland (“UK”). For Switzerland, there is an adequacy decision in accordance with Article 45 of the GDPR, for the UK the direct applicability of the GDPR continues until 31.12.2020.

Purpose + legal basis: Medical treatment documentation. The legal basis is Article 9 para. 2 lit. h DSGVO (health treatment) and § 630f para. 1 BGB (documentation of treatment).

Storage period: 10 years after completion of treatment (§ 630f para. 3 BGB) for injections, 30 years for operations in which an implant is inserted and X-ray images. We reserve the right to adjust the retention periods in connection with the implementation of the implant register according to the then valid specifications, see 3.3.2.

3.3.2     IMPLANT REGISTRY

Description: Some patients receive implants from us. Such implants are provided with an individual serial number in accordance with the high safety standards for medical devices. In addition, as of January 1, 2020, physicians are required to report implants and the names of patients who have received them to the statutory implant registry, which is maintained by the German Institute for Medical Documentation and Information, a state institution of the Federal Ministry of Health.

The implementation of this obligation is suspended until the corresponding legal ordinance for the implementation of the notification procedure has been issued by the Federal Ministry of Health. Further information on the implant register can be found here: https://www.bundesgesundheitsministerium.de/implantateregister-deutschland.html.

Data categories: Name, contact details, type of implant, time of insertion, manufacturer of the implant, serial number, other information provided for by the implant registry.

Data recipient (if applicable, third country transfer): German Institute for Medical Documentation and Information, Waisenhausgasse 36-38a, 50676 Cologne. A third country transfer does not take place.

Purpose + legal basis: Fulfilment of the legal obligation arising from the Implant Register Act.

The legal basis is Article 9 (2) h DSGVO.

Storage period: To be determined by legislative decree.

3.3.3     IMPLANTS WITH RFID CHIP

Description: Some patients receive implants with a so-called RFID chip (Radio Frequency Identification). Only the serial number of the implant is stored in the chips. Via the chip it is possible to read the serial number over a small distance using the corresponding reader.

This function is helpful if a patient does not have their implant passport available, e.g. in case of complaints or concerns about their implant. Then the serial number can be read out easily via a corresponding reader.

The insertion of an implant with an RFID chip does not constitute data processing. However, if patients come to us and want us to read out the serial number, this process is data processing, which we only carry out with the consent of the implant carrier.

Data categories: Serial number of the implant, followed by the manufacturer and model of the implant.

Data recipient (third country transfer if applicable): None.

Purpose + legal basis: Determination of the serial number of an implant with RFID chip. Legal basis is consent according to Article 9 (2) lit. a DSGVO.

Storage period: 30 years (see patient file).

3.3.4     COVID-TESTCENTER

Description: We collect your data and take a sample from you to inform you about a possible infection. On a voluntary basis, your employer can also register you for testing.

Covid rapid antigen tests are evaluated immediately at the time of testing and are not sent to a laboratory.

Covid antibody tests (RT-PCR test) are evaluated in the laboratory. For this purpose, your data including the sample taken will be sent to the laboratory commissioned by us.

Furthermore, there is a cooperation with the company Melos – Medizinische Labor-Organisations-Systeme GmbH, which concerns the hosting of the website, the operation of the webshop and the laboratory services.

As a rule, the Company acts as a processor for other affiliated companies in a data protection-compliant manner in accordance with Article 28 DSGVO. Further information can be found on the Test Center website, at: https://www.covid-testcenter.de/datenschutzerklaerung

Data categories: Registration data (name, e-mail address, password), contact data (telephone number, address), orders (goods/services, payment and delivery conditions, invoices), date of birth, if applicable information about your employer.

Data recipient (third country transfer if applicable): No third country transfer. In our data collection form, you can voluntarily agree to a data transfer of your test result to a Covid representative of your employer. If the test result is positive, the laboratory and we are legally obliged to forward your personal data to the health authority responsible for you. The health department is responsible for forwarding your personal data to other authorities.

Purpose + legal basis: On a voluntary basis, we may scan your ID card to collect your data. Your consent to this is requested in our customer data collection form and is based on Art. 9 (2) lit. a DSGVO. The forwarding to the public health department is based on the requirements of the Infection Protection Act. This can subsequently initiate infection protection measures.

Storage period: We store your customer account for up to six years after the conclusion of the last customer contact. In this respect, we thereby fulfil the retention obligation for business letters from commercial law (§ 257 HGB).

3.4      YOUR CUSTOMER RELATIONSHIP WITH US

3.4.1     PERSONAL USER ACCOUNT (WEBSHOP)

Description: You can create a personal user account on our website for the use of our webshop. You can use this account to manage your purchases from us. We will send you ordered goods and invoices to the addresses stored for this purpose.

For the “stay logged in” function, which saves you having to enter your login data again on your next visit, we set a cookie (PHPSESSID, storage period session (browser session)). This is an essential cookie, the setting of which does not require consent.

Data categories: Registration data (name, e-mail address, password), contact data (telephone number, address), orders (goods/services, payment and delivery conditions, invoices), date of birth, activity history (time of login, logout, completion of order as well as comparable activities during the order process), status auto login.

Data recipients (if applicable, transfer to third countries): Data is not transferred. Our service provider for web hosting is bound to data protection by an order processing agreement and is located in Germany. A third country transfer does not take place.

Purpose + legal basis: The operation of your user account serves the fulfillment of our corresponding user agreement for the webshop. The legal basis is the fulfilment of our contractual obligations towards you.

Storage period: Your customer data remains active until your customer relationship with us ends. After that, we store the data depending on the respective retention obligations that affect our business relationship.

3.4.2     SHOPPING CART FUNCTION

Description: Our website offers a shopping cart function through which services selected by you can already be collected and stored before the order process is completed and also without logging in via a personal user account. This function serves to make the use of the ordering process as convenient as possible for you.

The shopping cart function works via so-called function cookies (woocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_session_, woocommerce_recently_viewed, store_notice[notice id], tk_ai,, storage period 2 days). This means that the shopping cart is not stored in our systems but with you. As soon as the cookie is deleted from your browser, the content of the shopping cart is also deleted. This is an essential cookie, the setting of which does not require your consent.

Data categories: User ID (assigned via the cookie in your browser) and activity history (specifically: contents in the shopping cart).

Data recipient (third country transfer if applicable): None.

Purpose + legal basis: The shopping cart cookie is used to recognize you during your movements through our pages and in the event of an interruption of the visit when you return and, if necessary, to read out the contents of the shopping cart and to display them to you again or continuously in the ordering process. The legal basis is the preparation of a contract.

Storage period: Until you delete the cookie from your browser or until the expiration date of the cookie.

3.4.3     CUSTOMER DATABASE (CRM)

Description: We maintain your data in our customer database in the sense of a Customer Relation Management (CRM). In the CRM we store your contract and invoice data as well as the history of your customer relationship with us. Appointments with you are also made via the CRM. From the CRM, we control the communication with you, which takes place independently of our marketing measures (for this, see the processing “Newsletter registration”), e.g. sending invoices or answers to direct questions from you.

If you have set up a user account with us for our web shop, our CRM accesses your data stored there. If we have included you as a patient in our patient database (HIS), our CRM accesses your general data in the HIS (e.g. your contact details). Access to medical diagnosis data or other details of medical treatment does not take place.

Data categories: Contact details (name, email address, telephone number, address), orders (goods/services, payment and delivery terms, invoices), dates, date of birth/age, activity history, marketing consents.

Data recipients (if applicable, third country transfer): We share the data with the companies affiliated with us with whom we have concluded a joint responsibility agreement in accordance with Article 26 DSGVO in this respect. M1 Med Beauty Berlin GmbH bears sole responsibility for the technical operation of the HIS and its protection against data protection incidents within the scope of the agreed focal points of responsibility. The responsibility for the medical patient documentation remains with the medical company that acts as the treatment provider for the data subject.

Purpose + legal basis: Use of a CRM system that enables us to provide holistic support to our customers from contacting to billing. The legal basis is a legitimate interest, as the use of the CRM affects the rights and freedoms of the data subjects only to an insignificant extent and at the same time increases the level of service.

Storage period: We store your customer account for up to six years after the conclusion of the last customer contact. In this respect, we thereby fulfil the retention obligation for business letters from commercial law (§ 257 HGB).

3.4.4     BILLING OF YOUR ORDER

Description: As far as your order is not ordered online and paid via credit card or PayPal, we will invoice you via invoice or direct debit. Invoices are created and sent internally. Direct debit is collected by our house bank. Your payment details are transmitted to us from our webshop in encrypted form and passed on by us to our bank in encrypted form.

Data categories: Your name, your bank details, invoice number, invoice amount Data recipient (if applicable, transfer to third countries): Our house bank, which as a financial service provider is subject to banking secrecy. A transfer to third countries does not take place.

Purpose + legal basis: Payment processing. The legal basis for us is contract fulfilment and is carried out by our house bank within the framework of a legitimate interest, as it is a service provider under the control of the banking supervisory authority.

Storage period: Accounting vouchers must be kept for 10 years in accordance with the requirements of tax law (§ 147 AO).

3.4.5     SHIPPING OF YOUR ORDER

Description: We send ordered goods by mail, courier service, freight forwarding or a comparable logistics company. Compliance with data protection by these service providers is regulated in the Postal Act in addition to the GDPR and is monitored by the Federal Data Protection Commissioner.

In addition to the postal address, shipping service providers now require the recipient’s e-mail address in order to be able to independently transmit notifications about the expected delivery date and an individual tracking code for shipment tracking. The communication established in this way between the logistics company and the consignee facilitates the delivery process for both parties. The logistics companies provide us with the tracking ID so that our service team can answer questions about the shipping status in the event of difficulties with the delivery.

Data categories: Name + address; e-mail address, tracking ID of the logistics company.

Data recipient (if applicable, third country transfer): Logistics companies that are subject to postal secrecy. A transfer to third countries only takes place if the shipment goes to an address outside the European Economic Area. In these cases, data protection is guaranteed by international agreements on postal secrecy.

Purpose + legal basis: Delivery of ordered goods. The legal basis for the transfer of the postal address is contract performance. The handover of the e-mail address follows a legitimate interest, as a communication of tracking IDs for shipment tracking has become the norm.

Storage period: The documentation of the dispatch process must be stored for six years as a business letter in accordance with the requirements of commercial law (§ 257 HGB).

3.4.6     PAYMENT SERVICE PROVIDER (PAYPAL)

Description: In our webshop you can pay your order via the financial service provider PayPal. For this purpose, an encrypted connection is established from our webshop to PayPal, via which we communicate a transaction number and the invoice amount to PayPal and forward you to PayPal for the release of your payment. Apart from the invoice amount, PayPal does not receive any information from us about the products you have ordered. We do not receive any information from PayPal about your bank account or credit card. PayPal only reports back to us if the invoice amount for a transaction number generated by us could be credited to us.

With regard to all transactions at PayPal, data protection results from your independent contractual relationship with PayPal.

As a financial service provider, PayPal is subject to European banking supervision. Details on data protection at PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Data categories: Transaction number and invoice amount, other personal data and account information required to complete the transaction.

Data recipient (if applicable, third country transfer): PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. A transfer to third countries does not take place.

Purpose + legal basis: Processing of your payment via your PayPal account. Legal basis is for PayPal as well as for us in each case contract performance.

Storage period: Accounting vouchers must be kept for 10 years in accordance with the requirements of tax law (§ 147 AO).

3.4.7     PAYMENT SERVICE PROVIDER SOFORTÜBERWEISUNG (KLARNA)

Description: In our webshop you can pay your order via the service Sofortüberweisung. For the processing of instant transfers we use the service of the financial service provider Klarna. From our webshop an encrypted connection to Klarna is established, through which we communicate a transaction number and the invoice amount and forward you to Klarna for verification of your bank details.

Klarna and thus your account-holding financial institution do not receive any information from us about the products you have ordered other than the invoice amount and our name as creditor. We do not collect or store any data on your bank details, but only store the corresponding transaction confirmation from Klarna if the invoice amount for a transaction number generated by us could be credited to us.

With regard to all processes at Klarna, data protection results from your independent contractual relationship with Klarna. In this respect, we only provide the transfer to this independent service provider as a payment option for you.

As a financial service provider, Klarna is subject to European banking supervision. Details on data protection at Klarna can be found at: https://www.klarna.com/sofort/datenschutz/.

Data categories: Transaction number and invoice amount, other personal data and account information required to complete the transaction.

Data recipient (if applicable, third country transfer): Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden. A transfer to third countries does not take place.

Purpose + legal basis: Processing of your payment via the service Sofortüberweisung. The legal basis for both Klarna and us is the fulfilment of the contract.

Storage period: Accounting vouchers must be kept for 10 years in accordance with the requirements of tax law (§ 147 AO).

3.4.8     PAYMENT WITH MAESTRO OR CREDIT CARDS AT THE READER

Description: In our specialist centres you can pay with Maestro and credit cards. The card reader used for this purpose transmits the data of your card in connection with the payment amount to the network operator who provides us with the reader. The network operator processes the data for payment processing, to prevent card misuse, to limit the risk of payment defaults and for legally prescribed purposes such as combating money laundering. For these purposes, your data will also be transmitted to other responsible bodies in accordance with the provisions of financial market law.

We as the payment recipient and the network operator are independently responsible for the processing of your data, each within our technical sphere of influence. We are responsible for the operation of the card reader at the checkout and for our internal network up to the secure transmission via internet or telephone line to the network operator.

The network operator for the central network operation, the processing there, encryption, risk assessment and further transmission is InterCard AG, Mehlbeerenstraße 4, 82024 Taufkirchen near Munich, https://www.intercard.de. Data protection information for cardholders on card-based payments can be found at:

https://www.intercard.de/sites/default/files/intercard_datenschutzinformation_fuer_karteninhaber_1808.pdf.

We obtain data stored on your card directly from you by reading it from the card. We receive your PIN and your signature from you. Insofar as necessary for the verification of the card payment (authorisation) or for the reversal of a card payment, we also process data that is transmitted to us by third parties (e.g. your bank or a credit reference agency) on a justified basis.

Your PIN entry is cryptographically secured and verified by the card-issuing institution. The network operator takes over cryptographic security, but does not store a PIN and has no access to the encrypted PIN.

In addition to us and the network operator, other bodies require your data in order to make the payment or to comply with legal requirements. Only to this extent will your data be passed on by the payee to the following bodies:

  • the payment card system, e.g. Visa or Mastercard
  • Your card-issuing bank and the acquirer’s bank
  • the intermediaries used by the credit card organisations to settle payments (also known as “clearing and settlement”)
  • law enforcement authorities, in the cases provided for by law
  • Money Laundering Reporting Offices, in the cases provided for by law.

The acquirer forwards your data to the payment card scheme. Most global payment card schemes have their headquarters and data processing systems in third countries, i.e. outside the European Economic Area. The onward transmission is for the purpose of authorising and executing your payment. The acquirer transfers your data to the payment card scheme and thus, in the case of global payment card schemes, to a location outside the European Economic Area. This is done in accordance with the applicable legal requirements, for example for the purpose of fulfilling the contract with the foreign payer and to authorise and execute your payment.

Please refer to the data protection regulations of your card provider for information on the processing of your data by the payment card system.

Data categories: Card data (IBAN or account number and bank code, card expiry date and card number, card type), payment data (amount, date, time, card reader identifier (location, company and branch where you pay)), verification data from your card-issuing institution (your signature, PIN), returned direct debit data (information about your bank’s failure to honour a direct debit or your revocation of a direct debit), debt data (If a returned direct debit is created: Information about the outstanding debt, e.g. your name, address, bank charges, reminder charges, reason for the return debit note, purchase receipt if applicable).

Purpose + legal basis: Processing of your payment via your card provider. The legal basis for both your card provider and us is contract fulfilment.

Data recipients (if applicable, transfer to third countries): Your data will be passed on to your bank, our bank, the bodies designated by the German credit industry for the clearing and settlement of payments, law enforcement agencies in the cases provided for by law, money laundering reporting offices in the cases provided for by law, credit reference agencies in the event of a return debit note. A transfer to third countries does not take place.

Storage period: Accounting vouchers must be kept for 10 years in accordance with the requirements of tax law (§ 147 AO).

3.5      DIRECT COMMUNICATION WITH US

3.5.1     E-MAIL COMMUNICATION

Description: If you send us an e-mail, it will arrive in at least one of our e-mail inboxes. The content of your e-mail and the metadata accompanying it (sender’s address, time of sending, etc.) are stored on M1 Med Beauty Berlin GmbH’s own e-mail server, which is protected and secured according to the current state of the art. In addition, after retrieval from the server, they may be stored in the e-mail programs on the devices that have access to the mailbox (computers, smartphones, tablets).

The specific processing of personal data in an e-mail depends on the thematic content of the e-mail and the resulting retention obligations. It is conceivable that we include your data in our contact directory for customers, business partners and other contacts.

E-mail encryption: E-mails can be sent unencrypted, transport encrypted and end-to-end encrypted. Transport encryption is standard; we do not offer completely unencrypted transmission. Transport encryption means that the communication is almost always encrypted, but the e-mails are unencrypted on the servers of the mailbox providers.

Since we operate our own email server, the encryption on our side corresponds to end-to-end encryption. On your side, access to your email content depends on which provider you use to store your emails and which third parties are allowed to access them. Depending on the national location of your provider, which governmental institutions are allowed to access your e-mails.

End-to-end encryption also excludes access at the provider. Only the sender and recipient can read the contents of the e-mails.

We can send you emails with end-to-end encrypted content in two ways. You will receive an email from us that is encrypted by our firewall, which you can open with a password that you will receive in a second email. This password is issued only once for each e-mail and should be stored securely by you. If you use the reply feature of this email, your reply to us will also be sent to us encrypted. We can also send you encrypted PDF documents. Again, you will receive the password in a separate email. To use these options, you will need Adobe Acrobat Reader.

Sensitive data whose loss or disclosure to unauthorized parties poses a high risk to your rights and freedoms should only be transmitted in end-to-end encrypted form. Health data is often one of such sensitive data. Therefore, we explicitly ask for your consent before communicating with you on medical topics via e-mails that are only transport-encrypted.

You can also send us content-encrypted (end-to-end encrypted) messages. Please let us know in advance which method you want to use for encryption and how M1 can perform decryption.

Data categories: Name, e-mail address; time of delivery or dispatch; other metadata that typically arise in e-mail communication; other personal information in the content of the e-mail, such as other contact data in e-mail signatures, inquiries, orders, offers or complaints by e-mail.

Data recipient (if applicable, third country transfer): A transfer to third countries does not take place (unless you use a hosting service provider outside the European Economic Area or are located there).

Purpose + legal basis: communication by e-mail. Depending on the content of the correspondence, the legal basis is the preparation or fulfilment of a contract or a legitimate interest in answering your e-mail. Sending sensitive data via e-mails that are not end-to-end encrypted is based on your consent.

Storage period: Depends on the content of the correspondence; in principle, commercial law requires business letters to be stored for six years (§ 257 HGB).

3.5.2     TELEPHONE

Description: When we make a phone call to each other, our mobile phones or our telephone system record your number and the time of the call. This data in the call lists is continuously deleted from subsequent calls. If the content of the call suggests this, we create a call note and record it in the appropriate place (e.g. in the customer database or for applicants in the personnel area). It is conceivable that we will include your data in our contact directory for customers, business partners and other contacts.

At the beginning of a call to our appointment centre on 030 347474100, we ask for your consent to listen in on your telephone calls. If you agree, the group management of our call centre can listen to your call together with the employee concerned. This is done for training purposes; the monitored telephone calls will not be stored.

Conversations are only recorded in absolutely exceptional cases and after we have obtained your express consent to do so.

Data categories: Telephone number; time of the call; content of the call, if applicable.

Data recipients (if applicable, transfer to third countries): M1 Med Beauty Berlin GmbH operates its own call centre; there is no commissioned processing. Data recipients are telecommunications providers who are subject to telecommunications secrecy. A transfer to third countries does not take place.

Purpose + legal basis: communication by telephone call. Depending on the content of the conversation, the legal basis is preparation or fulfilment of a contract or a legitimate interest in exchanging information with you. The legal basis for recording or listening to the conversation is your consent.

Duration of storage: Depends on the content of the conversation; regularly only a few days. Individual notes of conversations can fall under the commercial law retention obligation for business letters of six years (§ 257 HGB).

3.5.3     MAIL

Description: If you send us a letter, we regularly respond to it with a letter that we create on the computer and save as a file. We often scan your letter in order to archive it as part of digital office management. The specific processing of personal data in our correspondence depends on the thematic content of the letters and the resulting storage obligations. It is conceivable that we will include your data in our contact directory for customers, business partners and other contacts.

Data categories: Name + address; personal data in the content of the letters such as further contact details in your letterhead, enquiries, orders, offers, complaints or other topics.

Data recipient (if applicable, third country transfer): Postal service provider. A transfer to third countries only takes place if the item is sent to an address outside the European Economic Area. In these cases, data protection is guaranteed by international agreements on postal secrecy.

Purpose + legal basis: communication by letter. Legal basis is, depending on the content of the correspondence, preparation or performance of a contract or a legitimate interest in exchanging with you.

Storage period: Depends on the content of the correspondence; in principle, commercial law requires business letters to be stored for six years (§ 257 HGB).

3.5.4     MESSENGER

Description: We use Nextcloud for internal company communication. The program and the content are stored internally on the M1 server, there is no data transfer to external recipients. We can continue to use Microsoft Teams. Microsoft Teams is used internally within the company. Teams is part of the Microsoft 365 software. All Teams settings are implemented with the utmost protection of data in mind. For more information on Microsoft product privacy, please visit: https://privacy.microsoft.com/de-de/privacystatement.

Data categories: Name, mobile phone number; time of delivery or dispatch; other metadata that typically arise during messenger communication; other personal information in the content of the messages such as inquiries, orders, offers or complaints.

Data recipient (third country transfer if applicable): None.

Purpose + legal basis: The purpose of the processing is the legitimate interest of a company-internal communication at the current state of the art.

Storage period: Depends on the content of the correspondence; in principle, commercial law requires business letters to be stored for six years (§ 257 HGB).

3.5.5     FAX

Description: The use of fax services no longer meets data protection requirements, so we avoid using them and do not communicate a fax number. We can nevertheless use a classic fax machine in the form of a telecopier in justified exceptional cases. If you send us a fax, the document is provided by our receiving machine as a printout. The device records the sender’s data transmitted by you and documents them together with the time of receipt both on the printout and in the device’s journal. If we send you a fax, the journal records the recipient number, time of transmission, number of pages and transmission success.

The security of the transmission corresponds to the security of modern telephone networks, which also transmit fax data as so-called Voice (Fax) over IP. Within the network of a single network provider (e.g. Deutsche Telekom) the data are encrypted, at the network transfer points an unencrypted transmission takes place.

Data categories: Telephone number, sender name if applicable, time of sending or receipt, number of pages, success of transmission; if applicable, personal content of the document sent.

Data recipients (if applicable, transfer to third countries): Telecommunications providers that are subject to telecommunications secrecy. A transfer to third countries does not take place.

Purpose + legal basis: Communication by fax. Depending on the content of the conversation, the legal basis is the preparation or fulfilment of a contract or a legitimate interest in exchanging information with you.

Storage period: Depends on the content of the document sent; in principle, commercial law requires business letters to be stored for six years (§ 257 HGB).

3.5.6     VISIT CARDS

Description: When you hand over a business card to us, we transfer the data made on it about you to our contact directory or our customer database (CRM). Our contact directories are operated as part of the e-mail inboxes (M1’s own Outlook Exchange Server).

Data categories: Name, contact details (address, telephone, fax, e-mail), company, business area of your company, your job title, your area of responsibility, place, time and circumstance of contact as well as, if applicable, special notes on your availability or the business topics addressed.

Data recipient (third country transfer if applicable): None or affiliated companies via the jointly operated CRM (see the corresponding processing).

Purpose + legal basis: Maintaining contacts. Legal basis is a legitimate interest, as you have voluntarily given us your business card.

Storage period: We store your data until you ask us to delete it – unless a business relationship has arisen between us in the meantime, from which independent storage obligations arise for us with regard to your contact data.

3.6      VISITING OUR WEBSITE

3.6.1     DATA TRANSMISSION TO THIRD COUNTRIES

In connection with the use of some of our services, data may be transferred to third countries, until 16.07.2020 on the legal basis of the EU-US Privacy Shield. More information on this can be found in the descriptions of the individual services. Currently, data security is assured by the companies concerned in accordance with the requirements of the EU data protection regulations or, if not yet completed, work is being done on EU standard contractual clauses. If a data transfer to outside the EEA takes place, this is secured by suitable data protection guarantees, as the provider has concluded an agreement with us in accordance with the EU standard contractual clauses or this conclusion is in process. This applies in particular to Google, Google Maps, Google Analytics, YouTube, Facebook, Instagram and Cloudflaire. You can limit the data collection as far as possible according to your cookie settings.

The order data processing conditions for Google advertising products can be found at: https://privacy.google.com/businesses/processorterms.

The data protection information on Facebook can be found here: https://de-de.facebook.com/business/gdpr, the platform terms of use here: https://developers.facebook.com/terms, the data processing terms incl. the reference to the standard contractual clauses here: https://www.facebook.com/legal/terms/businesstools, the addendum for responsible persons here: https://www.facebook.com/legal/controller_addendum.

Cloudflaire‘s standard contractual clauses here: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf

3.6.2     PROVISION OF OUR INTERNET PAGES

Description: In order for a web server to make our website available to your browser, the server must collect technical data about your device used for this purpose, your browser and your Internet access. This is called a log file or weblog. This is the same data that you necessarily leave behind with every Internet page that you call up. The focus is on the IP address from which you call up our pages. To this internet address the web server sends you the data you want to see.

As an editorial system we use WordPress, which sets a so-called session cookie in your browser for the technical delivery of the pages (PHPSESSID; storage period: end of the current visit to our pages).

Data categories: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software Data recipient (if applicable, third country transfer): our web hosting service provider, who is obligated to data protection via an order processing agreement. In the event of attacks on our pages, transfer to investigating authorities and forensic experts commissioned by us. A transfer to third countries does not take place.

Purpose + legal basis: Provision of our website as well as investigations should there be unlawful access to our websites (e.g. a hacker attack). Legal basis is a legitimate interest, as the operation of a website is not possible without the collection of the weblog. In the specific case of an attack on our website, we have a legitimate interest in being able to provide investigators with circumstantial evidence of how the attack took place. The session cookie is an essential cookie that does not require consent even under the ePrivacy Directive/TDDSG.

Storage period: 7 days.

3.6.3     COOKIE MANAGEMENT (BORLABS)

Description: For all cookies requiring consent, we ask for your consent before storing them in your browser cache. The decisions you make will in turn be stored in a cookie on your device, so that we do not have to ask for your consent again when you visit our website again. You can revise your decision at any time by deleting the corresponding cookie (borlabs-cookie, storage period 1 year) from your device via your browser settings.

Data categories: Consent status (Yes/No per cookie for which we need your consent).

Data recipient (third country transfer if applicable): None.

Purpose + legal basis: legally compliant consent management for cookies. Legal basis is a legitimate interest, as saving the cookie decision only slightly restricts the rights of visitors and at the same time simplifies the use of the pages on repeated visits.

Storage period: Until the corresponding cookie is deleted from your browser cache or until the expiration date of the cookie is reached.

3.6.4     LANGUAGE SETTING (POLYLANG)

Description: We offer our website in several languages. For this purpose, we use the WordPress service Polylang, which recognizes your preferred language choice via the settings of your device and accordingly enables the provision of our website in the language that suits you. So that we do not have to go through the analysis of the language choice again when calling up each individual page, Polylang sets a corresponding cookie (pll_language, storage period 1 year).

Data categories: Language selection stored in the device.

Data recipient (third country transfer if applicable): None.

Purpose + legal basis: To provide the website in your preferred language. Legal basis is a legitimate interest, as we may assume that you want to see the pages in the language that suits you. This cookie may also be set without your consent according to the ePrivacy Directive/TTDSG, as the choice of language is to be regarded as an essential function.

Storage period: Until the corresponding cookie is deleted from your browser cache or until the expiration date of the cookie is reached.

3.6.5     CONTACT FORM

Description: Our website has a contact form. You can use it to send us messages, e.g. if you do not have your own e-mail address or do not want to use it for the message to us. Your voluntary entries are technically sent to us as an e-mail (even if you yourself have not stored an e-mail address as sender).

Once you send your message, the data processing is equivalent to sending an email to our central contact address. While you are on the website and enter your details in the form, the data processing is equivalent to calling up any of our websites.

Data categories: See the processing operations “Provision of a website” and “E-mail communication”.

Data recipients (transfer to third countries, if applicable): See the processing operations “Provision of a website” and “E-mail communication”.

Purpose + legal basis: Provision of a contact form as an additional way to contact us. The legal basis is, depending on the content of your contact, the preparation of a contract performance or a legitimate interest.

Storage period: See the processing operations “Provision of a website” and “E-mail communication”.

3.6.6     WEBFONTS (ONLINE FONTS)

Description: To enable an individual design of our internet pages, we use so-called web fonts. These are fonts that your browser loads from the Internet to display our page – if the fonts are not already loaded from a previous visit to a page with this font in the memory of your browser.

In some cases, fonts are available directly on our web server. In this respect, it is not an independent processing that goes beyond the processing of “providing our Internet pages”. In some cases we access fonts from external servers, in our case when using the YouTube player or Google Maps on fonts from Google (Google Fonts). Google enables an outstandingly fast provision of the font files and guarantees a provision of the currently optimal font set.

For the download of the fonts from the Google writing servers (gstatic.com), your IP address must be transmitted to Google, as otherwise a transmission of the data package is not possible. Google does not receive any further data from you in connection with this processing.

Data categories: IP address from which your device accesses the Internet.

Data recipient (if applicable, third country transfer): Google LLC, for us as a European organization addressable via Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The data collected within the scope of Google Fonts is transferred to Google servers in the USA and processed there. Google guarantees that the data will be handled at EU data protection level.

Purpose + legal basis: Provision of Google Fonts in a fast and up-to-date form. The legal basis is a legitimate interest, since only the IP address of your device is transmitted as part of this processing, without any further references to your use of the Internet.

Storage period: The storage period is the responsibility of Google. It is not possible for us to delete your data, as we do not collect any data from you through the use of Google Fonts.

3.6.7     NAVIGATION FUNCTIONS (GOOGLE MAPS)

Description: We have integrated maps from Google Maps, a service from Google, into our web pages. These interactive maps allow you to see our location in map form and to navigate from your location to us.

The map section we use transmits your IP address to Google and – if you have not deactivated this in your device – your current location when you call it up in your browser. If you are logged in with a Google account on your device at the time of the page view, Google also learns specifically who you are via your personal account.

We do not receive any data about you from Google Maps.

You can prevent the transmission of your location to Google by preventing your browser from accessing your location data in the settings of your device. If you have a Google account, you can use it to delete the location data Google stores about you.

We cannot provide any information on the details of data processing at Google. The data protection information from Google applies here: https://policies.google.com/privacy. Additional information about Google Maps can be found at: https://www.google.com/intl/de_de/help/terms_maps.html.

Although we do not receive any data from Google, Google classifies our use of its map service as a joint responsibility, as both Google and we have an interest in providing the service. Accordingly, there is a shared responsibility agreement between Google and us, the contents of which you can read here: https://privacy.google.com/intl/de/businesses/controllerterms/.

Data categories: IP address of your device; location of your device, if location sharing has not been deactivated in your device; time of the data call; content called up from Google Maps and functions used (e.g. route planning); Google ID in the Google cookie, if you have allowed Google cookies to be set.

Data recipient (if applicable, third country transfer): Google LLC, for us as a European organization addressable via Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The data collected within the scope of Google Maps is transferred to Google servers in the USA and processed there. Google guarantees that the data will be handled at EU data protection level.

Purpose + legal basis: The purpose of the integration of Google Maps is to make it easier for you to reach us. The legal basis for the transfer of personal data to Google is your consent. Therefore, we can only grant you access to Google Maps if you have given your consent.

Storage period: The storage period is the responsibility of Google. It is not possible for us to delete your data, as we do not collect any data from you through the use of Google Maps.

3.6.8     VIDEO STREAMING (YOUTUBE)

Description: Our website shows films via a video player from YouTube, a subsidiary of Google. The YouTube player integrated into our pages only establishes its connection to Google after you have clicked on the “Load video” button. By doing so, you give your consent for the cookies associated with the YouTube player to be set by Google in your browser. This tells Google which of our pages you have visited and which film you have watched. Google sets the following cookies via the YouTube player: CONSENT (), GPS, Visitor_Info1_Live, YSC, IDE.

We do not receive any data about your usage behaviour from Google with regard to this data collection. If you are logged into your YouTube or Google account while visiting our site, you enable Google to associate your usage behaviour directly with your personal profile. You can prevent this by logging out of your account.

For more information on how Google handles your data, please see Google’s privacy policy at https://www.google.de/intl/de/policies/privacy.

Data categories: IP address from which our site was accessed; date and time of access; films accessed; sharing functions used to recommend the film; type and version of internet browser; type and version of operating system; Google ID stored in cookies.

Data recipient (if applicable, third country transfer): Google LLC, for us as a European organization addressable via Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The data collected as part of the YouTube application is transferred to Google servers in the USA and processed there. For this purpose, Google guarantees that the data will be handled at EU data protection level.

Purpose + legal basis: We use the YouTube player to offer you powerful video streaming. The legal basis for the data transfer to Google is your consent via cookie management.

Storage period: The storage period is the responsibility of Google. It is not possible for us to delete your data, as we do not collect any data from you through the use of YouTube.

3.6.9     ANALYSIS OF USAGE BEHAVIOUR (GOOGLE ANALYTICS)

Description: We use the web analytics service Google Analytics. On our behalf, Google creates statistical reports about the activities on our website, the origin of visitors and technical parameters of the devices used to visit our pages.

We use Analytics with the extension “anonymizeIP” so that the IP addresses are only processed in abbreviated form to exclude direct personal reference. Through IP anonymization, the end of your IP address is replaced by zeros by Google within the European Union before the data is transferred to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

Google Analytics collects data from your device or internet browser, which you send to a web server by default when you visit websites. If you have agreed to the setting of a Google cookie, Google records the cookie ID stored in the cookie. In addition, Google recognizes supplementary information about your device such as already installed software or fonts and forms a digital fingerprint from this.

The cookie ID or the digital fingerprint gives us the possibility to determine the quota of returning visitors or to trace usage paths within our internet pages.

The Analytics cookies are named _ga (to recognize returning visitors), _gid (to be able to form statistical groups) and _gat (to reduce data matching with advanced Google features).

For full information about how Google uses the information it collects, please see Google’s privacy policy (https://policies.google.com/privacy) and Google’s information about cookies (https://policies.google.com/technologies/cookies) and how Google uses your personal information, (https://policies.google.com/technologies/partner-sites).

We have linked our Analytics account with our marketing account at Google and thus enable Google to play out ads for us in a more targeted manner. In addition, we can better understand which advertising measure had what success. See the processing “Google Ads” and the corresponding note on our joint responsibility with Google within the meaning of Art. 26 DSGVO.

Data categories: IP address via which the device goes online; location or country linked to the IP address as well as Internet service provider for Internet access; date and time of access; objects on our website that are called up (clicked on) in the browser; type and version of the Internet browser; type and version of the operating system; information on the screen resolution and other technical parameters of the end device used; websites from which the user has accessed our website; websites that the user calls up from our website; Google ID stored in the cookie.

Data recipient (if applicable, third country transfer): Google LLC, for us as a European organisation contactable via Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google is obligated to us to observe data protection via an order processing contract in accordance with Article 28 DSGVO. The information collected by the cookies is transferred to Google servers in the USA and stored there. Google has concluded standard data protection clauses with us for this purpose and thus guarantees that the data will be handled at EU data protection level.

Purpose + legal basis: The legal basis is a legitimate interest, which results from the fact that the personal reference of the collected data is greatly reduced, e.g. by anonymising the IP addresses, that the data is not combined by us with other data collections and that the visitors to our Internet pages have various options to prevent the collection by the cookies of Google Analytics. Regardless of this, in view of the requirements of the ePrivacy Directive/TDDSG, we ask for your consent to the setting of Google cookies via our cookie manager.

The legal basis, in particular for the linking of the Analytics data with the advertising functions of Google, is your consent, which you have given via our Cookie Manager.

Storage period: 14 months (Justification: This storage period allows us to export annual reports).

3.6.10   ANALYSIS OF USAGE BEHAVIOUR (FACEBOOK PIXEL)

Description: Our website uses cookies from Facebook, including the cookie also known as the Facebook Pixel. This allows us to provide Facebook with data about your use of our site. This enables Facebook to provide ads for us within Facebook and Instagram in a more targeted manner.

The corresponding data will only be transferred to Facebook if you consent to the setting of the corresponding cookies. The names of the Facebook cookies are: AA003, ATN,_fbp, fr, the name of the Facebook pixel is: M1 Med Beautys Pixel.

Data categories: IP address via which the device goes online; location or country linked to the IP address and Internet service provider for Internet access; date and time of access; objects on our website that are called up (clicked on) in the browser; type and version of the Internet browser; type and version of the operating system; websites from which the user has accessed our website; websites that the user calls up from our website; Facebook ID stored in the cookie.

Data recipient (if applicable, third country transfer): Facebook Inc., for us as a European organization addressable via Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook is obligated to us to observe data protection via an order processing contract in accordance with Art. 28 DSGVO. Insofar as data is transferred to Facebook servers in the USA, Facebook guarantees that the data is handled at EU data protection level.

Purpose + legal basis: The purpose of the data transfer to Facebook is to be able to provide ads on Facebook and Instagram that are as target group-specific as possible. The legal basis is your consent, which you have given via our cookie manager.

Storage period: The storage period is the responsibility of Facebook. It is not possible for us to delete your data, as we do not collect any data from you ourselves through the use of the Facebook pixel.

3.6.11   ANALYSIS OF USAGE BEHAVIOUR (LINKEDIN)

Description: Our internet pages set cookies from LinkedIn. By doing so, we provide LinkedIn with data about your use of our site. This enables LinkedIn to provide ads for us within LinkedIn that are more targeted.

The corresponding data is only transferred to LinkedIn if you consent to the setting of the corresponding cookies. The names of the LinkedIn cookies are: UserMatch- History, bcookie, bscookie, lang, lidc, lissc.

Data categories: IP address via which the device goes online; location or country linked to the IP address and Internet service provider for Internet access; date and time of access; objects on our website that are called up (clicked on) in the browser; type and version of the Internet browser; type and version of the operating system; websites from which the user has accessed our website; websites that the user calls up from our website; LinkedIn ID stored in the cookie.

Data recipient (if applicable, third country transfer): LinkedIn Corp., contactable for us as a European organisation via LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn is obligated to us to observe data protection via an order processing contract in accordance with Art. 28 DSGVO. If data is transferred to LinkedIn servers in the USA, LinkedIn guarantees that the data is handled at EU data protection level.

Purpose + legal basis: The purpose of the data transfer to LinkedIn is to be able to provide ads on LinkedIn that are as target group-specific as possible. The legal basis is your consent, which you have given via our Cookie Manager.

Storage period: The storage period is the responsibility of LinkedIn. It is not necessary for us to delete your data, as we do not collect any data from you ourselves through the use of LinkedIn cookies.

3.6.12   USE OF A CONTENT DELIVERY NETWORK (CLOUDFLARE)

Description: Our hosting service provider makes our websites available via a so-called Content Delivery Network (CDN) as a particularly resilient form of Internet hosting. For us, Cloudflare is used as CDN. Cloudflare with its specialized technology makes it possible that Internet pages can be delivered quickly worldwide even with heavy traffic. In addition, Cloudflare offers special security features that make the Internet hosting particularly stable against attacks.

To take full advantage of its security features, Cloudflare works with cookies (_cfduid, storage time: 1 month). Cloudflare cookies are considered essential cookies, as their sole function is to reliably provide the web pages.

Data categories: IP address through which the device goes online; date and time of access; objects on our website that are called up in the browser; type and version of the Internet browser; type and version of the operating system; websites from which the user has accessed our website; websites that the user calls up from our website.

Data recipient (if applicable, third country transfer): Cloudflare Inc., 101 Townsend Street, San Francisco, California 94107, USA. Cloudflare is obligated to us to observe data protection via an order processing contract according to Art. 28 DSGVO. Insofar as data is transferred to Cloudflare servers in the USA, Cloudflare guarantees that the data is handled at EU data protection level.

Purpose + legal basis: The purpose of the data transfer to Cloudflare is to be able to provide our internet pages securely and quickly. The legal basis is a legitimate interest, as Cloudflare uses the data solely to increase and secure the performance of our internet hosting.

Storage period: The storage period is the responsibility of Cloudflare. A data deletion with us is not possible, since we ourselves do not collect any data from you through the use of Cloudflare cookies.

3.6.13   PROFILING (CRITEO)

Description: If you visit our website and consent to receive profiling marketing cookies, we will use your data accordingly. Depending on your navigation environment, cookie-independent techniques are also used by our partner companies. This helps us to send you advertising and offers tailored to your interests, for this purpose we have contracted the companies mentioned below. Direct identification via your name in plain text is excluded. Profiling involves analysing or predicting a limited amount of data relating to surfing behaviour, data and access times, work performance, event information (e.g. system crashes), economic situation, health, personal preferences, interests, number of ads displayed, reliability, gender, behaviour, location or change of location, also registered across websites and possibly merged, evaluated and suitable advertising offers are displayed to you on the basis of this data, also with a time delay or when visiting third-party websites and apps (so-called retargeting). In the process, information collected directly from you and data from third-party providers are processed.

The companies with which we cooperate in this context have in turn commissioned partner companies with corresponding services, the list of Criteo can be found here: https://www.criteo.com/de/privacy/our-partners/.

The following data may be collected by our partner companies: Identification data such as cookies, advertising IDs, technical information about the device you are using, ad placement information on the website or app, information about your interactions with Ads, data about your internet connection (also shortened), data for fraud prevention and control, matching identification data, location data.

Description of logic used for profiling: location: Germany, if applicable, city or proximity to M1 location. Behavior: Possibly previous visit to an M1 website, has already made beauty appointments, has already added M1 items to shopping cart or is similar to this behavior. Interests: Cosmetics, Beauty, Beauty Salons, Aesthetics, Body Modification, Body shape, Brazilian Butt Lift, Hyaluronic acid, Body fat percentage, Female body shape, Facelift (product), Aging, Body weight, Weight loss, Anti-Aging, Health And Beauty, American Academy of Anti-Aging Medicine or Anti-aging cream. Age: 18 – 65+

We have entered into order processing agreements or standard contractual clauses with the companies contracted by us. In connection with profiling, these are the following companies:

firststars GmbH, Zimmerstraße 79-80, 10117 Berlin, no cookies of its own.

Criteo SA, 32 Rue Blanche, 75009 Paris, France.

Cookies: UID=13278a5c-3997-4b97-826d-19609eecb975

Disable at: https://www.criteo.com/de/privacy/disable-criteo-services-on-internet-browsers/

Werbe-ID: 6D93078A-8259-4BA4-AE5B-76104861E7DC

Disable at: https://www.criteo.com/de/privacy/disable-criteo-services-on-mobile-applications/

Another option, independent of M1, to disable interest-based advertising (see there for more information): https://www.youronlinechoices.com/de/praferenzmanagement/

Data categories: Contact data, customer data, usage data.

Data recipients (if applicable, third country transfer): A transfer to partner companies, service providers and publishers, also to third countries, may be possible.

Purpose + legal basis: The legal basis is the legitimate interest to carry out advertising measures.

Storage period: Personal data is stored for a maximum of 13 months from the date of collection. The same duration applies to cookies placed in your web browsers. You can also manage the storage duration of cookies in the browser settings.

3.7      MARKETING COMMUNICATIONS

3.7.1     NEWSLETTER SUBSCRIPTION

Description: You can sign up for our email newsletter. To do this, you only need to provide an e-mail address. Other information, such as your name, is voluntary and is used so that we can personalise the sending of the emails with a direct salutation. We ask for your date of birth when you register because we are only allowed to offer certain health products to persons of legal age.

If you register online for the newsletter, you will receive a one-time e-mail from us to the e-mail address you have provided, in which we ask you to confirm your registration. In this way, we want to avoid that you are registered for our newsletter by someone who does not have or should not have access to this address. This two-step process is called double opt-in for double consent.

By subscribing to our newsletter, you agree, both in terms of data protection and competition law, that we may send you e-mails on the topics described on the subscription page.

You can revoke your registration and thus your consent at any time for the future. This is possible via the corresponding link at the end of each newsletter sent by us.

We record the use of our newsletter via so-called counting pixels and campaign URLs for the internet links in the newsletter. The counting pixel calls our newsletter server when you open the email. Our newsletter service provider only provides us with the data in anonymised, statistical form, so that we cannot draw any conclusions about the reading behaviour of individual newsletter recipients. The call-up of the internet links in the newsletter is recorded via the campaign assignment at Google Analytics and is also only made available to us in statistical form.

Data categories: E-mail address, documentation of e-mail verification (double opt-in), time of your registration; name (optional); date of birth (optional); usage data (opening the e-mail + clicking on internet links); IP address of your device at the time of opening the newsletter or calling up the internet links in the newsletter.

Data recipient (if necessary third country transfer): Our service provider in Germany for the newsletter dispatch, who is bound to data protection by an order processing contract: Rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany, phone number: +49 761 – 216 08 720, e-mail: info@rapidmail.de.

Purpose + legal basis: Provision of an email newsletter and optimization of our newsletter content. Legal basis is your consent.

Storage period: After revocation of your consent, your registration data will be deleted immediately.

3.7.2     RAFFLE ENTRY

Description: We regularly invite people to take part in competitions. Invitations go both to followers on our social media profiles and to recipients of our newsletters.

We record all participants in a list in order to be able to carry out a draw. The list of participants will be destroyed after notification of the winner.

The winner will be selected without recourse to legal action. Winners will be notified by us via message on Facebook or Instagram or via email or will receive their prize by post.

For tax reasons, we store the name and contact of the recipient in order to be able to prove the correct use of our prize. There will be no further use of the winning addresses.

Data categories: Name or e-mail address.

Data recipient (third country transfer if applicable): None.

Purpose + legal basis: Selection of a raffle winner. The legal basis for the prize draw is the fulfilment of the free prize draw contract. Legal basis for sending invitations is the consent given to receive electronic advertising (newsletter registration).

Storage period: For the participant data until notification of the winners; for the winner data six years (§ 257 HGB).

3.7.3    M1 BEAUTY CLUB PROMOTION

Description: We offer the M1 Beauty Club promotion, through which you can claim a credit for the subsequent treatment in accordance with the General Terms and Conditions. In the context of granting the credit, the data processing is limited to the fact that we use our customer database to check whether you meet the eligibility criteria for the credit and that your user behaviour is statistically evaluated for marketing purposes.

With regard to data processing through registration via our website, see the processing described under “Visiting our website”. With regard to data processing in connection with newsletter registration, see the processing “Newsletter registration”.

Data categories: First name, last name, e-mail address, telephone number, customer status, place of residence (aesthetic clinic), date of birth, metadata, matching with participation in previous credit actions, status newsletter registration.

Data recipients (third country transfer if applicable): Your data stored with us will not be passed on to third parties. Through the use of our website, metadata, data on user behaviour and data entered in form fields may be transferred to third countries.

Purpose + legal basis: Provision of a credit linked to previous treatment and registration for the newsletter. The legal basis is consent to the processing.

Storage period: Apart from the storage of the participation itself, no independent storage of your personal data takes place, as the granting of the credit note is based on the comparison of already existing data.

3.7.4     DISCOUNT PROGRAM (NEW CUSTOMER DISCOUNT)

Description: Subject to a currently valid promotional period, offer a new customer discount. More information can be found at: https://www.m1-beauty.de/aktion/

We can only grant the discount on the basis of the promotional conditions for new customers.

Data categories: Names, address data, customer data.

Data recipient (third country transfer if applicable): None.

Purpose + legal basis: Provision of a discount linked to the status of “new customer”. The legal basis is your consent in the form of the customer data collection completed by you.

Storage period: We store the release from confidentiality as part of our medical documentation for ten years after completion of treatment.

3.7.5     RATINGS (EKOMI)

Description: We are pleased when our services are evaluated. Therefore, we send all customers who have given us the corresponding consent for electronic communication an evaluation invitation from the service provider eKomi. The invitations are sent by eKomi as a processor within the meaning of Article 28 DSGVO.

If you follow the invitation to rate our services on the platform of eKomi, the submission of the rating takes place within the framework of a direct relationship between you and eKomi. Should you subsequently have any questions regarding the reviews you have submitted, you must contact eKomi directly, as we cannot influence the content of the review platform.

Information on data protection at eKomi can be found here: https://www.ekomi.de/de/datenschutz

Data categories: Email address, name, assessable service (product or treatment).

Data recipient (if applicable, third country transfer): eKomi Ltd, Markgrafenstraße 11, 10969 Berlin. eKomi is bound to data protection by an order processing contract. A third country transfer does not take place.

Purpose + legal basis: Invitation on evaluation platform to assess our services. The legal basis is the consent given to receive electronic advertising (newsletter registration).

Storage period: The storage period is the responsibility of eKomi.

3.7.6     ANALYSIS OF USER BEHAVIOUR (MICROSOFT BING)

Description: Our web pages set cookies from Microsoft’s search engine Bing. By doing so, we provide Microsoft with data about your use of our site. In this way, we enable Microsoft to provide ads for us on Bing hit lists in a more targeted manner and to document the success of the ads.

The relevant data will only be transferred to Microsoft if you consent to the setting of the relevant cookies. The names of the cookies for Bing Ads are: MUID (storage time: 1 year), MUIDB, MR.

For complete information about how Microsoft uses the information it collects, see the Microsoft Privacy Statement (https://privacy.microsoft.com/de-de/privacystatement).

Data categories: IP address via which the device goes online; location or country linked to the IP address and Internet service provider for Internet access; date and time of access; objects on our website that are called up (clicked on) in the browser; type and version of the Internet browser; type and version of the operating system; websites from which the user has accessed our website; websites that the user calls up from our website; Bing ID stored in the cookie:

Data recipient (if applicable, third country transfer): Microsoft Corp., contactable for us as a European organization via Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland; Microsoft is committed to data protection via an order processing agreement.  Insofar as the EU subsidiary transfers data to the US parent Microsoft Corp., Microsoft guarantees that the data will be handled at EU data protection level.

Purpose + legal basis: The purpose of passing on data to Microsoft is to be able to provide advertisements on Bing that are as appropriate to the target group as possible and to document the success of the advertising material. The legal basis is your consent, which you have given via our Cookie Manager.

Storage period: The storage period is the responsibility of Microsoft and is 18 months. It is not necessary for us to delete your data, as we do not collect any data from you ourselves through the use of Microsoft cookies.

3.7.7     GOOGLE ADS

Description: We serve ads through Google Ads. In order to optimize our marketing activities, Google Ads accesses personal data that is available to Google via cookies and its various analytics services for websites, apps and the Android and Chrome OS operating systems provided by Google. We ourselves do not have access to the personal data underlying the playout of our ads. We only select general parameters for the target group to which our ads are to be made available. In this respect, we do not process any personal data.

By linking our Google Ads account with our Google Analytics account, we make it easier for Google to recognize prospective customers who have already visited our website.

Our own websites set cookies from Google’s advertising services (Google Ads, Doubleclick). The cookie names are: NID, SID, IDE, DSID, FLC, AID, TAID, exchange_uid, test_cookie, _gads, _gac, _gcl.

The linking of the accounts and the setting of Google’s advertising cookies constitutes a processing of personal data. In this respect, a joint responsibility within the meaning of Article 26 DSGVO arises with regard to the personal data, for which we have concluded a corresponding “controller-controller” agreement with Google (https://policies.google.com/privacy/frameworks?hl=de).

The contract allocates responsibility between Google and us so that we are responsible for collecting the analytics data and Google is responsible for using the data for advertising purposes. As a result, you should exercise all of your rights with respect to the use of your data within Google Analytics with us and exercise all of your rights with respect to the use of your data for the provision of targeted ads directly with Google.

We cannot provide any information on the details of data processing at Google. The data protection information of Google (https://policies.google.com/privacy) applies to this.

Data categories: For the categories of data processed by Google, see Google’s privacy information and our disclosures on our use of Google Analytics; targeting by demographic, regional, technical or economic factors and, most importantly, by areas of interest.

Data recipient (if applicable, third country transfer): Google LLC, for us as a European organization addressable via Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The data collected as part of Google Analytics is transferred to servers in the USA for Google Ads and processed there. Google guarantees that the data will be handled in accordance with EU data protection standards.

Purpose + legal basis: Target group-specific publication of ads. Legal basis is consent, as Google’s tracking technology may only be started after your corresponding consent.

Storage period: The storage period is the responsibility of Google. It is not necessary for us to delete your data, as we do not collect any data from you through the use of Google Ads.

3.7.8     FACEBOOK ADS

Description: We serve ads through Facebook Ads. In order to optimise our marketing activities, Facebook accesses personal data that is available to Facebook on its own platform (facebook.com and instagram.com), via its analytics services for websites and apps, and WhatsApp metadata. We ourselves do not have access to the personal data on which the playout of our ads is based. We only select general parameters for the target group to which our ads are to be made available. In this respect, we do not process any personal data.

By linking our Facebook Ads account with our company profiles on Facebook and Instagram, we make it easier for Facebook to recognize prospects who have already been on our profiles. In addition, we enable Facebook to make our ads available to people who have a similar usage profile to the typical visitors to our pages (so-called lookalike campaigns).

In addition, our internet pages set cookies from Facebook (cookie name: fr, _fbp, M1 Med Beautys Pixel). The linking of the accounts and the setting of Facebook cookies constitutes a processing of personal data.

We cannot provide any information on the details of data processing at Facebook. The data protection information from Facebook applies here: https://www.facebook.com/about/privacy.

Data categories: Usage data from Facebook’s various services and the Facebook Pixel on our websites (see the processing “Facebook Pixel”); targeting by gender, age groups, regions, areas of interest.

Data recipient (if applicable, third country transfer): Facebook Inc., for us as a European organization addressable via Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Insofar as data is transferred to Facebook servers in the USA, Facebook guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Target group-specific publication of ads. Legal basis is consent, as Facebook’s cookies are only set in the browser after consent and the use of Facebook pages requires registration with Facebook.

Storage period: The storage period is the responsibility of Facebook. It is not possible for us to delete your data, as we do not collect any data from you through the use of Facebook Ads.

3.8      USE OF OUR APPS

3.8.1     DOWNLOAD THE APPS

If you want to use our app on your mobile device, you will need to download it to your device from an app store that is appropriate for your device’s operating system. For iOS devices this is Apple’s AppStore, for Android devices it is either Google’s PlayStore or another platform for Android apps.

All data processing in connection with the download of our app takes place between you and the respective app store. We do not receive any personal data, but only statistical compilations of the number of downloads. For all information about the respective data processing, we refer to the corresponding data protection information of Apple, Google or the download platform used by you.

3.8.2     FUNCTIONS IN THE APP (CHAT)

Description: Our app offers you the opportunity to find out about our products and offers and to get in direct contact with us in a particularly simple way. The chat function is at the heart of the app.

Technically, the chat function is hosted on M1’s own server, and M1 Med Beauty employees respond to you as interlocutors. In terms of content, you can ultimately exchange the same content with us in the chat as you can by e-mail or phone call.

Technically, the chat function is hosted on M1’s own server, and M1 Med Beauty employees respond to you as interlocutors. In terms of content, you can ultimately exchange the same content with us in the chat as you can by e-mail or phone call.

Data categories: Time of the chat; IP address; browser type/version, operating system; URL of the website from which the chat is started; contents of the chat (e.g. name, e-mail address, questions and answers discussed, dates agreed).

Data recipient (third country transfer if applicable): None.

Purpose + legal basis: Provision of an online chat as a communication channel. Legal basis is preparation of a contract performance, as the chat communication aims at the conclusion of treatment contracts.

Storage period: 3 months.

3.9      OUR SOCIAL MEDIA PROFILES

3.9.1     FACEBOOK AND INSTAGRAM

Description: We operate company profiles (also called fan pages) on Facebook and Instagram. Such a fan page enables us to present our organisation on Facebook and Instagram, to get in touch with you on this social media platform and to refer to our services and offers via advertisements on these platforms.

Facebook provides us with analytics data about the use of our pages (called Page Insights). This gives us an impression of how successful the individual communication measures are.

For the details of data processing at Facebook, please refer to Facebook’s data protection information: https://www.facebook.com/about/privacy.

In accordance with a ruling of the European Court of Justice, the use of this analytics data is carried out in a joint responsibility with Facebook pursuant to Art. 26 DSGVO. Facebook has provided a joint responsibility agreement accordingly (https://www.facebook.com/legal/terms/page_controller_addendum). In the agreement, Facebook has assumed sole responsibility for all data processing issues. If you wish to exercise your rights under the GDPR with regard to data processed in Page Insights, you should contact Facebook directly via your Facebook account. However, in accordance with the legal rules on shared responsibility, you are also free to contact us with your concern. We would then pass your concern on to Facebook.

Data categories: Facebook username; comments, likes and page views within Facebook and Instagram; and time of action.

Data recipient (if applicable, third country transfer): Facebook Inc., for us as a European organization addressable via Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Insofar as data is transferred to Facebook servers in the USA, Facebook guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Analysis of usage behavior on our fan page and our Instagram profile. The legal basis is the consent that you have given in the context of your Facebook registration.

Storage period: The storage period is the responsibility of Facebook.

3.9.2     GOOGLE MY BUSINESS

Description: We operate a company profile on Google My Business (“GMB”). Via GMB, we publish information about us, from which the presentation of our company in various Google services is fed. This applies in particular to the presentation of our company in the results display for Google Search and in Google Maps. Google provides us with statistical data on the use of our information published on GMB. In addition, you can contact us directly through GMB – e.g. call our phone number directly – or post comments on our company profile. When you contact us or comment on our profile, Google provides us with information about you, such as the Google username you were logged in with during your interaction with GMB.

By linking GMB with our Google Analytics account, we make it easier for Google to recognize prospective customers who have already visited our website.

We have no possibility to influence the data processing at Google. The provision of GMB as well as Google Search and Google Maps are the responsibility of Google. Legally, we as the operator of the GMB profile are considered jointly responsible for these data processing operations, so that we have concluded a joint responsibility agreement with Google in this regard (see: https://privacy.google.com/businesses/controllerterms/). The contract divides the responsibility between Google and us in such a way that we are responsible for the creation of a relationship between your data and our GMB profile and Google is responsible for the further processing of the data. You should exercise all your rights in relation to Google’s processing of your data directly with Google. You should contact us regarding the processing of your data in direct communication with us. Legally, you are free to contact both Google and us at any time with any of your concerns and the recipient will forward your request to the appropriate party as appropriate.

For details of data processing at Google, please refer to Google’s privacy information (https://policies.google.com/privacy).

We use the personal information we receive from you through GMB to respond to your inquiries or to respond to your comments.

Data categories: For the categories of data processed by Google, see Google’s privacy information. We process your name or username provided to Google, your contact requests and the comments you post on GMB.

Data recipient (if applicable, third country transfer): Google LLC, for us as a European organization addressable via Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google is committed to data protection via a shared responsibility agreement. Insofar as the EU subsidiary transfers data to the US parent, Google has concluded standard data protection clauses with us and thus guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Answering your queries and responding to your comments on Google My Business. The legal basis for the processing by us is a legitimate interest, since you yourself have visited our GMB profile in a Google service and have entered into an exchange with us there.

Storage period: The storage period is the responsibility of Google. It is not necessary for us to delete your data, as we do not store any of your data independently through the use of GMB.

3.9.3     PINTEREST

Description: We operate a company profile on Pinterest. The profile allows us to present our organization, to get in touch with you on this social media platform and to refer to our services and offers via ads on this platform.

Pinterest provides us with analytics data via the use of our profile page. This gives us an impression of how successful each of our communication measures is.

For details of data processing at Pinterest, please refer to the company’s privacy information: https://policy.pinterest.com/de/privacy-policy.

Data Categories: IP, name, email address, phone number, photos, pins, location data, if any, internet and network activity, log data, cookies, device information, clickstream data and inferences, comments, and data from other data sources aggregated by Pinterest, and other information.

Data recipient (if applicable, third country transfer): Pinterest Inc., for us as a European organisation contactable via Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Insofar as data is transferred to the USA, Pinterest guarantees that the data is handled at EU data protection level. The provider has concluded an agreement with us in accordance with the EU standard contractual clauses.

Purpose + legal basis: Analysis of the usage behaviour on our Pinterest profile. The legal basis is the consent that you have given in the context of your Pinterest registration.

Storage period: The storage period is the responsibility of Pinterest.

3.9.4     TWITTER

Description: We operate a company profile on Twitter. The profile enables us to present our organisation on Twitter, to get in touch with you on this social media platform and to refer to our services and offers via advertisements on this platform.

Twitter provides us with analysis data via the use of our profile page (Twitter Analytics). This gives us an impression of how successful each of our communication measures is.

For the details of data processing at Twitter, please refer to the data protection information of Twitter: https://twitter.com/de/privacy.

Data categories: Twitter username; comments, likes and page views within Twitter; and time of action. You can decide yourself about the disclosure of your personal data via the settings to be made on Twitter.

Data recipient (if applicable, third country transfer): Twitter Inc., addressable for us as a European organization via Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. If data is transferred to the USA, Twitter guarantees that the data will be handled at EU data protection level.

Purpose + legal basis: Analysis of the usage behavior on our Twitter profile. The legal basis is the consent that you have given in the context of your Twitter registration.

Storage period: The storage period is the responsibility of Twitter.

3.9.5     LINKEDIN

Description: We operate a company profile on LinkedIn. Such a LinkedIn profile enables us to present our organization on LinkedIn, to get in touch with you on this social media platform and to refer to our services and offers via advertisements on this platform.

LinkedIn provides us with analytics data via the use of our profile page. This gives us an impression of how successful each of our communication measures is.

For details of data processing at LinkedIn, please refer to LinkedIn’s privacy information: https://www.linkedin.com/legal/privacy-policy.

Data categories: LinkedIn username; comments, likes and page views within LinkedIn; and time of action.

Data recipient (if applicable, third country transfer): LinkedIn Corp., addressable for us as a European organisation via LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. If data is transferred to LinkedIn servers in the USA, LinkedIn guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Analysis of usage behaviour on our LinkedIn profile. The legal basis is the consent that you have given in the context of your LinkedIn registration.

Storage period: The storage period is the responsibility of LinkedIn.

3.9.6     XING

Description: We operate a company profile on Xing. The profile enables us to present our organization on Xing, to get in touch with you on this social media platform and to refer to our services and offers via advertisements on this platform.

Xing provides us with analysis data via the use of our profile page. This gives us an impression of how successful each of our communication measures is.

For details of data processing at Xing, please refer to Xing’s data protection information: https://privacy.xing.com/de/datenschutzerklaerung.

Data categories: Xing username; comments, likes, and page views within Xing; and time of action.

Data recipient (if applicable, third country transfer): New Work SE (operator of xing.com), Dammtorstraße 30, 20354 Hamburg. A third country transfer does not take place.

Purpose + legal basis: Analysis of the usage behaviour on our Xing profile.

The legal basis is the consent that you have given in the context of your Xing registration.

Storage period: The storage period is the responsibility of Xing.

3.9.7   TIKTOK

Description: We operate a company profile at TicToc. Via TicToc we publish information about us, TicToc provides us with statistical data about the use of our information published there. In addition, you can contact us publicly directly via TicToc – e.g. by liking or commenting on our content. When you contact us or comment on our profile, we receive data about you from TicToc, e.g. your TicToc username with which you were logged in during your interaction with TicToc.

We have no possibility to influence the data processing at TicToc. Legally, as the operator of the TicToc profile, we are considered jointly responsible for this data processing, which you can find out more about here:

https://www.tiktok.com/legal/privacy-policy?lang=de.

The division of responsibility between TicToc and us is such that we are responsible for the establishment of a relationship between your data and our TicToc profile and TicToc is responsible for the further processing of the data. You should exercise all your rights in relation to TicToc’s processing of your data directly with TicToc. You should contact us regarding the processing of your data in direct communication with us. Legally, you are free to contact both TicToc and us at any time with any concerns you may have and the recipient will forward your request to the appropriate party as appropriate.

For details of TicToc’s data processing, please refer to TicToc’s privacy notice:

(1.: https://www.tiktok.com/legal/privacy-policy?lang=de and the Additional Provisions for Users Residing in the Federal Republic of Germany, available at.

2.: https://www.tiktok.com/legal/additional-provisions?lang=de-DE).

We use the personal data we receive from you via TicToc to respond to your comments.

Categories of data: We process your name or the username you provide to TicToc, your contact requests and the content you post on TicToc such as comments, photos and videos. For the categories of data processed by TicToc, please see TicToc’s privacy policy at the links above.

Data recipient (if applicable, third country transfer): TicToc, with its parent company Beijing Bytedance Technology Ltd, can be contacted by us as a European organisation via TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. TikTok is committed to data protection via its own regulations, a third country transfer may take place.

Purpose + legal basis: The purpose is the legitimate interest in advertising measures, answering your enquiries and responding to your comments on TikTok. The legal basis for the processing by us is a legitimate interest, as you yourself have visited our TikTok profile and entered into an exchange with us there.

Storage period: The storage period is the responsibility of TikTok. It is not necessary for us to delete your data, as we do not store any of your data independently through the use of TikTok.

3.10    SUPPLIERS AND SERVICE PROVIDERS

3.10.1   BUSINESS RELATIONSHIP

Description: We have business relationships with suppliers and service providers, for the processing of which personal data is processed, insofar as the companies are self-employed or partnerships or we communicate with specific contact persons.

Data categories: Contact, contract and billing data.

Data recipients (if applicable, transfer to third countries): tax advisors, auditors, lawyers in their function as professional secrecy holders and, in the event of a tax audit, the tax authorities.

Purpose + legal basis: Proper management. Legal bases are contract performance as well as legal obligations and legitimate interests.

Storage period: In accordance with tax law, invoice data must be stored for 10 years (§ 147 AO); contract data must be stored for different periods depending on the type of contract. In the case of copyrights, such periods extend up to 70 years beyond the death of the author.

3.10.2   MENTION IN PUBLICATIONS

Description: In publications published by us, we name authors in accordance with the authors’ right to be named. The naming also extends to the accompanying marketing and public relations work. Insofar as authors represent an institution relevant to the publication, their affiliation with this institution is also mentioned.

Data categories: Name, academic titles; partial institution and professional contact details.

Data recipients (if applicable, third country transfer): printers, third parties to whom the publication is transferred.

Purpose + legal basis: Identification of authorship. The legal basis for the name is the fulfilment of the author’s contract and, where applicable, a legitimate interest with regard to the contact details, as only professional contact details for relevant contacts are published here.

Storage period: After delivery of printed publications, subsequent deletion by us is not possible.

3.11    STAFFING

3.11.1   APPLICATIONS

Description: If you apply for a job with us, we will process your application documents until the end of the application process exclusively for the purpose of deciding on your employment. We restrict access to your documents to those persons whom we reasonably involve in the decision on your employment.

If you are hired, your application documents will become part of your personnel file. If you are not hired, we will either ask you for your consent to be included in our candidate pool or destroy your documents as soon as there is no longer any reason to expect an objection to our decision under anti-discrimination law.

Data categories: Name + contact details (e-mail, telephone, address), profile URL in professional networks (e.g. Xing), photo; details in the letter of application, in the CV, in certificates and references, educational certificates and professional qualifications, notes on job interviews (by telephone and in person), if applicable results from recruitment tests.

Data recipients (if applicable, third country transfer): If you send us applications for employment at our locations outside of Germany, data is exchanged between M1 Med Beauty Berlin and the relevant M1 national company. If this is located in a third country, we have secured the third country transfer of your application data via an order processing agreement (AVV) in accordance with Art. 26 DSGVO.

Purpose + legal basis: Decision-making basis for filling a position. The legal basis is the preparation of a contract performance (employment contract) and subsequently a legitimate interest in the defence of objections against negative decisions.

Storage period: 6 months after the end of the original application process.

3.11.2   CANDIDATE POOL

Description: If we are unable to offer you a suitable position at present, but would like to consider you again in the selection process for future vacancies, we would like to ask you for your consent to keep your application documents beyond the end of the current application process. If we are unable to get back to you for more than two years, we will ask for your consent to keep your documents for a further period, or return or delete them.

Data categories: Name + contact details (e-mail, telephone, address), profile URL in professional networks (e.g. Xing), photo; details in the letter of application, in the CV, in certificates and references, educational certificates and professional qualifications, notes on job interviews (by telephone and in person), if applicable results from recruitment tests.

Data recipient (third country transfer if applicable): None.

Purpose + legal basis: Decision-making basis for future staffing. Legal basis is consent.

Storage period: 2 years since last contact or last consent.

3.12    GENERAL INFRASTRUCTURE

3.12.1   VISITORS TO THE SPECIALIST CENTRES AND THE CASTLE CLINIC

Several patients are regularly in our practice rooms at the same time and it cannot be completely prevented that other patients can hear what we discuss with you outside the closed treatment rooms. This starts with your name when we greet you or call you for treatment in the waiting room. If it is important to you that your data is protected, you are welcome to agree on a pseudonym as your name for all conversations and to inform us that conversations in the reception area, such as making appointments and the like, will only be held with you behind closed doors. In some cases, this type of service may involve somewhat longer waiting times, as we first have to find an available room.

3.12.2   VISITOR WIFI

Description: We provide visitors with access to our WiFi network and thus the Internet. During the required login to the access point for the WiFi network, the unique identifier of your device and the usage times are recorded. For all services that you access while using our network on the Internet, the IP address of our network is logged. Insofar as there are investigations into activities that originated from our IP address, we are partially obliged to make the usage documentation available in the so-called log file of our access points.

Data categories: MAC address of the device, usage times.

Data recipients (if applicable, third country transfer): Normally no recipients; in the case of investigations, competent authorities and, under certain circumstances, private holders of a right to information or forensic experts commissioned by us. A third country transfer does not take place.

Purpose + legal basis: Log files such as this are used to enable and strengthen IT security in our company. The legal basis is a legitimate interest, as we only access the WiFi logfile when a security analysis is required. An allocation of the WiFi data to concrete devices and thus their owners is only possible for us with considerable effort and regularly only with the help of police investigations.

Storage period: Our WiFi logfile is deleted regularly, at the latest once a year.

3.12.3   VIDEO SURVEILLANCE

Description: Video cameras are installed in the entrance area to our business premises. Appropriate signs are mounted and inform about the use of the cameras before you step into the field of vision of the lenses.

The cameras record what is happening within their field of view around the clock. The cameras are set so that they do not record data in the immediate working area of the reception team, so that patient data can be exchanged here without being recorded. The recordings from our cameras are transmitted to a server operated by us.

Data categories: Video recordings.

Data recipient (third country transfer if applicable): None. Only if security incidents occur, we make the video material available to the investigating authorities.

Purpose + legal basis: The video surveillance serves the exercise of the house right for the protection of the object, for the defense against unauthorized entry, protection against assaults, burglaries, thefts and vandalism. Preservation of evidence for the enforcement of legal claims, prevention of fraud and misuse of services. Video surveillance also serves to prevent unauthorised access to particularly security-relevant areas of our business premises or, in the event of unauthorised access, to clarify such access. The justified interest in video surveillance results from the particular dangerous situation or the special security requirements for our organization.

Storage period: The video surveillance recordings are automatically deleted from our servers after 72 hours.

3.12.4   FINANCIAL ACCOUNTING

Description: All payments are recorded in financial accounting. We have commissioned an external service provider to carry out the financial accounting.

Data categories: Name, customer or supplier number, bank or credit card details, travel details (time, destination, accommodation, means of transport, costs), hospitality (date, place/hospitality establishment, persons hosted, reason for hospitality, costs), details of other expenses (purchases, gifts).

Data recipient (if applicable, transfer to third countries): Our service provider for financial accounting, who is obligated to data protection via an order processing agreement. A third country transfer does not take place.

Purpose + legal basis: management of all payment transactions. Legal basis is contractual performance or legal obligation (tax and commercial law).

Storage period: We keep the data in the financial accounting for 10 years (§ 147 AO).

3.12.5   PAYMENT TRANSFERS

Description: Payments via a bank or credit card account from us are documented accordingly in the account documents.

Data categories: Name, bank details, payment date, payment amount, reason for payment (booking text).

Data recipient (if applicable, third country transfer): Our account-holding financial institutions, which are legally bound to data protection via banking secrecy and banking supervision. A third country transfer does not take place.

Purpose + legal basis: cashless payment transactions; legal basis is contract performance.

Storage period: We keep account statements for 10 years (§ 147 AO).

3.12.6   IT ADMINISTRATION

Description: In some cases, we use service providers for the administration, maintenance and care of our information technology. These service providers do not deal with the content of the personal data processed by us. However, when maintaining databases and other system units, personal data may be accessed by the service providers. All of our service providers have been explicitly committed to confidentiality through appropriate contracts, in accordance with the sensitivity of the data to which they may have access.

Data categories: Any type of data.

Data recipients (if applicable, third country transfer): IT service providers who are obligated to data protection via an order processing contract or another form of confidentiality obligation. A third country transfer does not take place.

Purpose + legal basis: Use of competent service providers for professional IT administration. Legal basis is a legitimate interest, as the service providers have been committed to data protection via adequate confidentiality obligations.

Storage duration: Independent storage does not take place.

3.12.7   FILE STORAGE (METADATA)

Description: In addition to data collection in individual databases (described above), we store documents on our storage media. This typically includes Office documents (Word, Excel, PowerPoint), PDF files, images, films, layouts, other formats of text, table and presentation files, and ultimately any type of file whose use is appropriate in the context of our business processes.

The data protection issues concerning the content of the files depend on the relevant processing purposes in each case. In parallel, the storage of the files and the metadata regularly attached to them (primarily the creator signature) results in independent processing. Office documents contain personal metadata in particular when they are worked on jointly (collaboration) and the comment and note functions as well as the change mode are used for this purpose.

We use Microsoft Office 16 as a local solution for file storage.

Data categories: Any kind of data, but here focus on metadata: signature of file creator, signatures of file editors (also in comments + notes); time of creation, editing or storage.

Data recipient (third country transfer if applicable): None.

Purpose + legal basis: File storage and collaboration on Office documents. Legal basis is a legitimate interest in storing files provided to us.

Storage time: Depends on the storage time for the individual file.

3.12.8   DISPOSAL OF DATA CARRIERS AND DOCUMENTS

Description: The deletion or destruction of data also constitutes data processing. Paper documents with personal data requiring protection are shredded by us or destroyed by a disposal company. The quality level of the shredder used and the disposal company corresponds to the risk and confidentiality classification of the documents to be destroyed. We have concluded an order processing agreement (AVV) with the disposal company in accordance with Art. 28 DSGVO.

Storage media (hard disks; e.g. from servers, computers, smartphones, tablets, USB sticks, memory cards) on which personal data worthy of protection were previously stored are securely deleted by our own IT department by multiple, at least triple, complete overwriting when they are no longer to be used to store this data and are then physically destroyed. The level of erasure or destruction will be commensurate with the risk or confidentiality rating of the data previously stored on the media.

Data categories: Any type of data.

Data recipients (if applicable third country transfer): No additional data recipients, a third country transfer does not take place.

Purpose + legal basis: Risk-compliant destruction or deletion of personal data. The legal basis is the legal obligation to minimise and delete data from the DSGVO.

Storage period: No storage beyond deletion/destruction takes place.