Dear users,
Thank you for visiting our website www.cosmea.de. We want you to feel safe and comfortable here. The following data protection provisions are intended to inform you about the processing of your personal data in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR) and Art. 19 of the Swiss Data Protection Act (DSG).
1. responsible person
The entity named in the legal notice is responsible for the data collection and processing described below.
2. usage data & purpose of processing
When you visit our website, so-called usage data is temporarily stored on our web server as a log. This includes, for example, the IP address of your computer, date and time of access, source website, URL accessed, amount of data transferred, status messages, browser used and operating system.
We use this information to enable you to access our website, to monitor and administer our systems and to improve the design of our websites. In the event of attacks against our websites and systems that constitute criminal offenses or prevent or impair the functionality of our website, we evaluate this data in order to initiate countermeasures. The IP address is only evaluated anonymously. Data about persons or their individual behavior is not collected.
3. data transfer to third parties
We transmit your data to service providers who support us in the operation of our websites and the associated processes as part of order processing. Our service providers are strictly bound by our instructions and contractually obligated accordingly (service providers for IT services, marketing service providers, web hosting service providers).
3.1 Data recipients in other countries
We pass on your personal data within our company to the departments and persons who need this data to fulfill the respective purpose. Insofar as this is necessary for the purposes described above, we may also transfer your personal data to companies affiliated with us.
We ensure that data processing is restricted to Switzerland, the European Union (EU) or the European Economic Area (EEA) as far as possible, e.g. by selecting storage locations at corresponding data centers in the European Union. However, it cannot be ruled out that your data may also be processed outside Switzerland, the EU or the EEA. If personal data is transferred to recipients outside Switzerland, the EU or the European Economic Area (EEA) (such as the USA), the transfer will only take place if the third country has been confirmed by the Federal Council or the EU Commission as having an adequate level of data protection, an adequate level of data protection has been agreed with the data recipient (e.g. by means of standard contractual clauses) and any other measures necessary to ensure an adequate level of data protection have been taken or you have given us your consent to do so (Art. 46 GDPR / Art. 16 FADP).
4. cookies
We use cookies on our websites. Cookies are small files that are stored on a visitor’s hard disk. They make it possible to store information for a certain period of time and to identify the visitor’s computer. We use so-called session cookies to improve user guidance and individual performance. These are automatically deleted when you close your browser. This means that there is no permanent storage of data on your computer.
We use session cookies on our websites. The processing is based on the legitimate interest and in the interest of optimizing or enabling user guidance and adapting the presentation of our website.
You can set your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that if you deactivate cookies, certain web functions will unfortunately not be technically available.
4.1. Consent banner
We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the settings you have made is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, in our legitimate interest to display our content according to your preferences and to be able to prove the consent(s) you have given. The settings you have made, the consent you have given and parts of your usage data are stored in a cookie. This means that it is retained for subsequent page requests and your consent can still be tracked. You can find further information on this under the heading “Required cookies”.
The provider of the consent management platform works for us as a strictly instruction-bound service provider (processor). An order processing contract in accordance with Art. 28 GDPR has been agreed.
5. data security
We take technical and organizational measures to protect your data from unauthorized access as comprehensively as possible. We use an encryption process on pages where you have the option of entering personal data. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS 1.2 encryption. You can recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https:// (Art. 32 GDPR / Art. 8 FADP).
6. contact form
You have the option of getting in touch with us via our contact form. To use our contact form, we first need the data marked as mandatory fields.
The processing is carried out in the legitimate interest of processing and answering your request.
In addition, you can decide for yourself whether you would like to provide us with further information. This information is voluntary and is not mandatory for contacting us. We process your voluntary information on the basis of your consent.
Your data will only be processed to answer your request. We will delete your data if it is no longer required and there are no legal obligations to retain it.
If your data transmitted via the contact form is processed on the basis of legitimate interest, you can object to the processing at any time. You can also withdraw your consent to the processing of voluntary data at any time. To do so, please contact the e-mail address given in the legal notice.
It is necessary to specify the country so that we can process your complaint/request, in particular in order to be able to prepare the corresponding formalities in the event of a return.
7. embedded videos
We embed videos on our websites that are not stored on our servers. To ensure that accessing our websites with embedded videos does not automatically result in the third-party provider’s content being loaded, we only display locally stored preview images of the videos in a first step. This means that the third-party provider does not receive any information.
Only after you click on the preview image will the third-party provider’s content be loaded. As a result, the third-party provider receives the information that you have accessed our site and the usage data technically required in this context. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load content from the third-party provider.
Embedding takes place on the basis of your consent, provided you have given your consent by clicking on the preview image.
Please note that embedding the videos means that your data will be processed outside Switzerland, the EU or the EEA. There is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal. If you give your consent to this, the transfer to an insecure third country takes place on the basis of Art. 49 para. 1 lit. a GDPR / Art. 17 para. 1 lit. a FADP.
| Third party provider | Revocation of consent | |
| YouTube / Google (USA) | If you have clicked on a preview image, the content of the third-party provider will be loaded immediately. If you do not want such a reload on other pages, please do not click on the preview images. |
8. comment function
You have the opportunity to comment on our contributions. In this context, you will be asked to provide the following data:
- Names (optional)
- Comment text
Your comment will be published on our site. Please note that we may check it manually before publication and comments may therefore appear with a delay. If you enter a name (this can also be a pseudonym), this will be published next to your comment. The legal basis for processing is legitimate interest. Our interest is to enable an exchange of opinions.
If you wish to object to the processing of your data transmitted via the comment function, please contact the e-mail address stated in the legal notice.
9. newsletter registration and dispatch
You can subscribe to a newsletter on our website. To subscribe to the newsletter, we need your e-mail address.
The newsletter will only be sent if you have given us your express consent. Once you have placed an order on our website, you will receive a confirmation e-mail to the e-mail address you have provided (so-called double opt-in). You can withdraw your consent at any time. An uncomplicated way to withdraw your consent is, for example, via the unsubscribe link provided in every newsletter.
As part of the newsletter registration, we store further data in addition to the data already mentioned, insofar as this is necessary so that we can prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of the order or confirmation of the newsletter, as well as
a copy of the confirmation email sent by us. The corresponding data processing takes place on the basis of the legitimate interest and takes place in the interest of being able to account for the legality of the newsletter dispatch.
10. product tests / competitions
You have the opportunity to test our products as part of a competition. We use the information you provide in the context of competitions exclusively to determine and contact the winners. In principle, data processing takes place on the contractual basis of the applicable competition conditions. Our competition partners, who may also be recipients of your data, regularly support us in running competitions. We conclude contracts with these recipients – where necessary – for order processing.” If you have given your consent to data processing when participating in the competition, this consent is the basis for data processing. You can withdraw the consent you gave for the competition at any time. SurveyMonkey currently supports us in running the competitions. The winners will be notified in writing. We do not use your data for advertising purposes. You can withdraw your consent at any time with effect for the future. To do so, please send us an e-mail to mail@cosmea.de. We will delete this data promptly after the prizes have been handed over. If you purchase goods via our Amazon Marketplace, we may use your purchase data to subsequently send you surveys/competition information by post. If you do not want this, simply send us an email to mail@cosmea.de.
11. third-party tracking technologies for advertising purposes (Google Analytics)
We use the web analysis tool “Google Analytics 4” for the needs-based design of our websites. Google Analytics 4 creates user profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognize returning visitors and count them as such. Furthermore, statistics on usage, approximate location determination and browser and device information are recorded and evaluated.
As part of the Google Analytics 4 service, Google Ireland Limited supports us as a processor. Data processing may also be carried out by Google outside Switzerland, the EU or the EEA (in particular in the USA). With regard to Google, an adequate level of data protection can be assumed on the basis of the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR / Art. 16 para. 1 FADP and certification under the Data Privacy Framework.
Data processing is based on your consent, provided that you have given your consent via our banner. Your consent is voluntary and can be revoked at any time.
Please follow and make the appropriate settings via our banner.
12. integration of other technical third-party content and functions
We use the technical functions and content of third-party providers listed below to display our websites.
When you visit our website, content from the third-party provider that provides these functions and content is loaded. As a result, the third-party provider receives the information that you have accessed our site as well as the usage data technically required in this context.
We have no influence on further data processing by the third-party provider.
Embedding takes place on the basis of legitimate interest and in the interest of making our website as appealing and informative as possible.
Please note that the use of third-party content and functions may result in your data being processed outside Switzerland, the EU or the EEA (in particular in the USA). For transfers to the USA, an appropriate level of data protection is guaranteed on the basis of the adequacy decision (Data Privacy Framework).
Google Tag Manager:
For transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework).
13. meta custom audiences using tracking pixels
We use cross-device tracking technologies so that you can be shown targeted advertising on other websites based on your visit to our websites and we can recognize how effective our advertising measures were.
Data processing is based on your consent, provided that you have given your consent via our banner. If the data is processed outside the EU or the EEA in this context, please note that there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. The transfer to a third country is based on your consent on the basis of Art. 49 para. 1 lit. a GDPR / Art. 17 para. 1 lit. a FADP. Your consent is voluntary and can be revoked at any time.
How does tracking work?
When you visit our websites, it is possible that the third-party provider named below stores or reads recognition features on your end device (e.g. cookies) or gains access to individual tracking pixels.
The individual features can be used by the third-party provider to recognize your device on other websites. We can commission the relevant third-party provider to place advertisements based on the pages you visit on our website.
What does cross-device tracking mean?
If you log in to the third-party provider with your own user data, the respective recognition features of different browsers and end devices can be linked with each other. If, for example, the third-party provider has created a separate feature for the laptop, desktop PC or smartphone or tablet you are using, these individual features can be assigned to each other as soon as you use a service of the third-party provider with your login data. In this way, the third-party provider can also target our advertising campaigns across different end devices.
Which third-party providers do we use in this context?
Below we list the third-party providers with whom we work for advertising purposes. If the data is processed outside the EU or the EEA in this context, we will provide information on the appropriate level of data protection. You will also find out how you can withdraw your consent:
| Third party provider | Revocation of consent | |
| Meta (USA and/or Ireland) | If you wish to withdraw your consent, please click and make the appropriate setting via our banner. |
14. storage period
Unless we have already informed you in detail about the duration of data processing, we delete personal data when it is no longer required for the aforementioned processing purposes, you have withdrawn your consent to data processing and there are no statutory retention obligations to prevent deletion/destruction.
15 Your rights as a user
When processing your personal data, the GDPR grants you certain rights as a website user:
Right to information (Art. 15 GDPR / Art. 25 FADP):
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR/Art. 35 FADP.
Right to rectification (Art. 16 GDPR / Art. 32 para. 1 FADP) and erasure (Art. 17 GDPR / Art. 32 para. 2 lit c FADP):
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed.
You also have the right to demand that personal data concerning you be deleted immediately, e.g. if the data is no longer required for the purposes pursued.
Right to restriction of processing (Art. 18 GDPR / Art. 32 para. 2 lit a FADP):
You have the right to request the restriction of processing, e.g. if you have objected to processing, for the duration of any review.
Right to data portability (Art. 20 GDPR / Art. 28 FADP):
In certain cases, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.
Right to object (Art. 21 GDPR / Art. 30 para. 2 (b) FADP):
If data is collected on the basis of legitimate interest, you have the right to object to the processing at any time on grounds relating to your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defense of legal claims.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you infringes data protection regulations. The right to lodge a complaint can be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
Assertion of your rights
Unless otherwise described above, please contact the office named in the legal notice to assert your rights as a data subject.
16. contact details of the data protection officer
Our company data protection officer will be happy to provide you with information or suggestions on the subject of data protection:
datenschutz nord GmbH
Konsul-Smidt-Straße 88
D-28217 Bremen
Web: www.dsn-group.de
E-mail: office@dsn-group.de
If you contact our data protection officer, please also indicate the responsible person named in the legal notice.