Privacy policy

Dear Users,

We are pleased that you are visiting our website, www.cosmea.de. We want you to feel safe and comfortable during your visit. The following data protection regulations are intended to inform you about the processing of your personal data in accordance with Article 13 of the EU General Data Protection Regulation (GDPR) and Article 19 of the Swiss Federal Act on Data Protection (FADP).

1. Data controller

The entity responsible for the data collection and processing described below is the one mentioned in the legal notice.

2. Usage data and purpose of processing

When you visit our websites, certain usage data is temporarily stored on our web server as a log. This includes, for example, the IP address of your computer, the date and time of access, the referring website, the URL accessed, the amount of data transmitted, status messages and the browser and operating system used.

We use this information to enable access to our website, monitor and administer our systems and improve the design of our websites. In the event of attacks on our websites or systems that constitute criminal offences or impair the functionality of our web services, we evaluate this data to take countermeasures. The IP address is only evaluated in anonymised form. No data about individuals or their behaviour is collected.

3. Data transfer to third parties

We transmit your data as part of commissioned processing to service providers who support us in the operation of our websites and related processes. Our service providers are strictly bound by instructions and contractually obligated (e.g. IT service providers, marketing service providers, web hosting providers).

 

3.1 Data recipients in other countries

We share your personal data within our company with departments and individuals who require this data to fulfil their respective purposes. Where necessary for the purposes outlined above, we may also transfer your personal data to affiliated companies.

We ensure that data processing is limited to Switzerland, the European Union (EU) or the European Economic Area (EEA), for example by selecting storage locations in corresponding data centres in the EU. However, it cannot be ruled out that your data may also be processed outside Switzerland, the EU or the EEA. If personal data is transferred to recipients outside these regions (such as the USA), the transfer will only occur if the third country has been confirmed by the Federal Council or the EU Commission to have an adequate level of data protection, if an adequate level of data protection has been agreed upon with the data recipient (e.g. through standard contractual clauses) and if any other necessary measures to ensure adequate data protection have been taken, or if you have given us your consent (Article 46 GDPR / Article 16 FADP).

4. Cookies

We use cookies on our websites. Cookies are small files stored on the hard drive of a visitor’s device. They allow information to be stored for a certain period and the visitor’s device to be identified. To improve user navigation and provide personalised services, we use session cookies, which are automatically deleted when you close your browser. Thus, no permanent storage of data takes place on your device.

We use session cookies on our websites. The processing is based on a legitimate interest in optimising or enabling user navigation and customising the presentation of our website.

You can configure your browser to inform you when cookies are placed. This makes the use of cookies transparent to you. You can also delete cookies at any time through your browser settings and prevent the setting of new cookies. Please note that disabling cookies may prevent certain web functions from being available.

5. Data security            

We implement technical and organisational measures to protect your data from unwanted access as comprehensively as possible. We use an encryption process on pages where you have the option to enter personal data. Your information is transmitted between your device and our server using TLS 1.2 encryption. You can recognise this by the closed padlock symbol in your browser’s status bar and the address line beginning with https:// (Article 32 GDPR / Article 8 FADP).

6. Contact form

You can contact us via our contact form. To use the contact form, we first require the data marked as mandatory fields.

The processing is based on a legitimate interest in handling and responding to your request.

You may also choose to voluntarily provide additional information, which is not mandatory for contact purposes. Your voluntary information is processed based on your consent.

Your data will only be processed to answer your request. We will delete your data once it is no longer needed and there are no statutory retention obligations.

If the data you submit via the contact form is processed based on a legitimate interest, you can object to the processing at any time. You may also withdraw your consent to the processing of voluntary information at any time by contacting the email address provided in the legal notice.

The specification of your country is required to process your complaint/request, particularly to prepare the appropriate formalities in the case of returns.

7. Embedded videos

We embed videos on our websites that are not stored on our servers. To prevent the automatic loading of content from third-party providers when you access our pages with embedded videos, we initially display only locally stored preview images of the videos. This ensures that no information is passed to the third-party provider.

Only after clicking the preview image is the third-party provider’s content loaded, during which the provider receives the information that you have accessed our site and the technically required usage data. We have no control over further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load content from the third-party provider.

The embedding is based on your consent, given by clicking on the preview image.

Please note that video embedding may result in your data being processed outside Switzerland, the EU or the EEA. There is a risk that authorities may access your data for security and surveillance purposes without informing you or providing you with legal recourse. If you give your consent, the transfer to an unsafe third country is based on Article 49(1)(a) GDPR / Article 17(1)(a) FADP.

Third-party providersWithdrawal of consent
YouTube / Google (USA)If you have clicked a preview image, the third-party provider’s content will be loaded immediately. If you do not wish for such loading on other sites, please refrain from clicking preview images.

 

8. Comment function

You have the option to comment on our posts. In doing so, you will be asked to provide the following information:

  • Name (optional)
  • Comment text

Your comment will be published on our site. Please note that we may manually review comments before publication, so they may appear with a delay. If you provide a name (which may be a pseudonym), it will be published alongside your comment. The legal basis for processing is legitimate interest. Our interest is to facilitate an exchange of opinions.

If you wish to object to the processing of the data you submitted via the comment function, please contact the email address provided in the legal notice.

9. Newsletter registration and distribution

You can subscribe to a newsletter on our website. To register, we need your email address.

The newsletter is only sent if you have given us explicit consent. After registering on our website, you will receive a confirmation email at the address you provided (double opt-in). You can withdraw your consent at any time. A straightforward way to withdraw is via the unsubscribe link in every newsletter.

As part of the newsletter registration, we store additional data to prove that you have subscribed to our newsletter. This may include storing the full IP address at the time of registration or newsletter confirmation and a copy of the confirmation email we send. The corresponding data processing is based on a legitimate interest in demonstrating the lawfulness of the newsletter distribution.

10. Product tests / competitions

You have the opportunity to test our products as part of a competition. The information you provide during competitions is used solely for determining and contacting the winners. Generally, data processing is based on the contractual terms of the applicable competition conditions. Our competition partners, who may also be recipients of your data, regularly assist us in conducting the competitions. We enter into processing agreements with these recipients where necessary. If you have given your consent to data processing in the context of participating in a competition, this consent forms the basis of the data processing. You can withdraw your consent for the competition at any time. Currently, SurveyMonkey assists us with conducting the competitions. Winners will be notified in writing. We exclude any use of your data for advertising purposes. You can withdraw your consent at any time with future effect by sending us an email at mail@cosmea.de. We will delete this data promptly after the prizes have been distributed. If you purchase goods via our Amazon Marketplace, we may use your purchase data to send you surveys/competition information by post. If you do not wish to receive this, simply send us an email at mail@cosmea.de.

11. Third-party tracking technologies for advertising purposes (Google Analytics)

To tailor our websites to your needs, we use the web analytics tool “Google Analytics 4”. Google Analytics 4 creates usage profiles based on pseudonyms. Permanent cookies are stored on your device and read by us to identify and count repeat visitors. In this way we are able to recognise returning visitors and count them as such. Additionally, statistics on usage, approximate location and browser and device information are collected and evaluated.

Google Ireland Limited assists us as a processor within the framework of Google Analytics 4. Data processing may also be carried out by Google outside of Switzerland, the EU or the EEA (especially in the USA). In relation to Google, an adequate level of data protection can be assumed due to the adequacy decision with the USA pursuant to Article 45(1) GDPR / Article 16(1) FADP and certification under the Data Privacy Framework.

Data processing is based on your consent, provided you have given it via our banner. Your consent is voluntary and can be withdrawn at any time.

Please follow and make the appropriate settings via our banner.

12. Integration of other third-party technical content and features

We use the technical features and content of third-party providers listed below to display our websites.

When you access our pages, content from third-party providers is loaded, and this provider receives information that you have accessed our site along with the technically required usage data.

We have no influence over further data processing by the third-party provider.

Embedding is based on a legitimate interest, with the aim of making our site as appealing and informative as possible.

Please note that the use of third-party content and features may result in your data being processed outside Switzerland, the EU or the EEA (especially in the USA). An adequate level of data protection is guaranteed for transfers to the USA based on the adequacy decision (Data Privacy Framework).

Google Tag Manager:

For transfers to the USA, an adequate level of data protection is guaranteed based on the provider’s certification under the adequacy decision (EU-US Data Privacy Framework).

13. Meta Custom Audiences via tracking pixel

We use cross-device tracking technologies to display targeted advertising based on your visit to our websites on other websites and to assess the effectiveness of our advertising efforts.

Data processing is based on your consent, provided you have given it via our banner. If the data is processed outside the EU or EEA, please note that there is a risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to seek legal recourse. The transfer to a third country is based on your consent under Article 49(1)(a) GDPR / Article 17(1)(a) FADP.  Your consent is voluntary and can be withdrawn at any time.

How does tracking work?

When you visit our websites, the third-party provider mentioned below may store or read recognition features (e.g. cookies) on your device or access individual tracking pixels.

The provider can use these features to recognise your device on other websites. We can commission the provider to display advertisements based on the pages you have visited on our site.

What does cross-device tracking mean?

If you log in to the third-party provider’s service using your own user data, the recognition features of various browsers and devices can be linked. If, for example, the provider has created a unique identifier for your laptop, desktop PC or smartphone/tablet, these identifiers can be associated when you use your login details with the provider’s service. This allows the provider to manage our advertising campaigns across different devices.

Which third-party providers do we use for this purpose?

Below we list the third-party providers with whom we cooperate for advertising purposes. Where data is processed outside the EU or EEA, we provide details about the adequate level of data protection. You will also find information on how to withdraw your consent:

 

Third-party providersWithdrawal of consent
Meta (US and/or Ireland)If you wish to withdraw your consent, please click and make the appropriate settings via our banner.

14. Data retention period

Unless we have already informed you in detail about the duration of the data processing, we delete personal data when it is no longer necessary for the aforementioned processing purposes, you have withdrawn your consent and no statutory retention obligations prevent deletion/destruction.

15. Your rights as a user

When your personal data is processed, the GDPR grants you, as a website user, certain rights:

Right of access (Article 15 GDPR / Article 25 FADP):

You have the right to request confirmation as to whether personal data concerning you is being processed. If this is the case, you have the right to access the personal data and the specific information listed in Article 15 GDPR / Article 25 FADP.

Right to rectification (Article 16 GDPR / Article 32(1) FADP) and erasure (Article 17 GDPR / Article 32(2)(c) FADP):

You have the right to request the rectification of inaccurate personal data concerning you without undue delay and, where applicable, the completion of incomplete personal data.

You also have the right to request the erasure of personal data concerning you without undue delay, for example if the data is no longer necessary for the purposes pursued.

Right to restriction of processing (Article 18 GDPR / Article 32(2)(a) FADP):

You have the right to request the restriction of processing, for example if you have objected to processing, pending verification.

Right to data portability (Article 20 GDPR / Article 28 FADP):

In certain cases, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transfer of this data to a third party.

Right to object (Article 21 GDPR / Article 30(2)(b) FADP):

Where data is processed based on a legitimate interest, you have the right to object to the processing at any time on grounds relating to your particular situation. In such cases, we will no longer process your personal data unless compelling legitimate grounds for the processing exist that outweigh your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR):

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection laws. The right to lodge a complaint may be exercised with a supervisory authority in the Member State of your residence, workplace or the place of the alleged violation.

Exercising your rights

Unless otherwise specified above, please contact the entity mentioned in the legal notice to exercise your rights.

16. Contact details for the Data Protection Officer

Our company’s Data Protection Officer will be happy to provide you with information or suggestions on the subject of data protection:

datenschutz nord GmbH
Konsul-Smidt-Straße 88
D-28217 Bremen

Web: www.dsn-group.de

Email: office@dsn-group.de

When contacting our Data Protection Officer, please also specify the data controller mentioned in the legal notice.