PARFÜMERIE DOUGLAS GMBH & CO. KG
Luise-Rainer-Straße 7-11
40235 Düsseldorf
Sitz der Gesellschaft: Düsseldorf
Amtsgericht Düsseldorf HRA 26955
Ust-IdNr. / VAT-Id. DE 8111 46 132
Persönlich haftende Gesellschafterin: Douglas GmbH, Düsseldorf, Amtsgericht Düsseldorf HRB 94247
Geschäftsführung: Alexander "Sander" van der Laan, Mark Langer, Philipp Andrée
Aufsichtsrat: Dr. Henning Kreke (Vorsitzender)
Privacy policy
for the BLOOM IT DGL app
(hereinafter "Privacy Policy")
We are
pleased that you have downloaded and are using our mobile BLOOM IT DGL app
(hereinafter "app"). We would like to inform you about the
processing of your personal data and your rights as a data subject when using
our app,
PARFÜMERIE Douglas GmbH &
CO. KG
Luise-Rainer-Strasse 7-11
40235 Düsseldorf
Registered office of the
company: Düsseldorf
Local Court Düsseldorf HRA
26955
Ust-IdNr. / VAT-Id. DE 8111
46 132
(hereinafter also referred to as "we"
or "Parfümerie Douglas"),
as the
person responsible within the meaning of data protection law and at the same
time service provider, inform you below.
Your
personal data is processed exclusively within the framework of the statutory
provisions of the data protection law of the European Union, in particular the
EU General Data Protection Regulation (hereinafter "GDPR")
and, in addition, the Federal Data Protection Act (hereinafter "BDSG")
and the Telecommunications Teleservices Data Protection Act (hereinafter "TTDSG")
and other statutory provisions on data protection (together hereinafter "data
protection laws").
This
privacy policy only applies to the BLOOM IT DGL app, which can be
downloaded from the Apple and Google app stores. The following information does
not apply to other apps from Parfümerie Douglas or third-party websites/apps from other
providers that are linked to from our app.
The terms
used, such as "personal data" or their "processing",
correspond to the definitions in Art. 4 GDPR.
The subject
of data protection is the protection of personal data. Personal data is any
information relating to an identified or identifiable natural person
("data subject"). Your personal data therefore includes all data that
allows your person to be identified, such as your name, your address, your
telephone number or your e-mail address. Personal data also includes
information that is necessarily generated through the use of our app, such as
the start, end and scope of use or your IP address.
Personal data
will continue to be collected, for example, to the extent that you yourself
enter content in your user profile (profile data).
We will
only process your data if this is permitted by an applicable legal provision.
We will base the processing of your data on the following legal bases, among
others:
-
Consent (Art. 6 para. 1 sentence 1 letter a GDPR): We will
only process certain data on the basis of your previously given express and
voluntary consent. You have the right to withdraw your consent at any time with
effect for the future.
-
Fulfillment of a
contract or implementation of pre-contractual measures (Art. 6 para. 1 sentence 1 letter b GDPR): We require
certain data from you in particular to initiate or execute your user contract
with Parfümerie Douglas.
-
Fulfillment of a legal
obligation (Art. 6 para. 1 sentence 1 letter c GDPR):
In addition, we process your personal data to fulfill legal obligations, such
as retention obligations under commercial and tax law.
-
Protection of legitimate
interests (Art. 6 para. 1 sentence 1 letter f GDPR):
Parfümerie Douglas will
process certain data to protect its interests or those of third parties. However, this only
applies if your interests do not prevail in individual cases.
Please note
that this is not a complete or exhaustive list of the possible legal bases, but
merely examples intended to make the legal bases under data protection law more
transparent. For more detailed information on the legal bases of the individual
data processing operations in our app, please refer to the explanations in the
following sections.
When you download our app, necessary
information is transferred to the respective app store. This includes, in
particular, the user name, email address, time of download and the individual
device identification number. However, we have no influence on this data
collection, as this is done by the respective app store operator. This data is
not stored by us.
In this
context, please also note the respective data protection notices of the app
store operators:
-
for the iOS App Store: Apple
Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill, Cork,
Ireland, available at www.apple.com/de/privacy/privacy-policy/,
and
-
for the Google Play Store: Google
Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, available at policies.google.com/privacy?hl=en.
Our app can
be found and downloaded in the aforementioned app stores via the website of our
software developer, Online Software AG, Forum 7, 69126 Heidelberg, Germany.
In
principle, you can use our app without providing any personal data. However, by
using our app, the following information about your access and use may be
stored:
-
IP
address of the requesting end device,
- Screens
called up,
-
Date,
time, duration and time zone of the server request or interaction (e.g.
first/last time the app was opened/closed, last login, screens/videos viewed,
starting/ending a training session, clicking a call-to-action button),
- Browser
type and version,
-
the
operating system used by the requesting device,
-
Your
device model, unique number of the end device used.
When you access our app,
corresponding information may be stored on your end device and/or corresponding
information that is already stored on your end device may be accessed.
The storage or access takes place on the basis of Section 25 (2) No. 2 TTDSG, as
this information is absolutely necessary to ensure the operation of our app and
IT security and to be able to provide you with our app as requested.
We further
process this usage data on the basis of our legitimate interests pursuant to
Art. 6 para. 1 sentence 1 letter f GDPR to provide the app, to ensure technical
operation, to log any consent you may have given and to ensure the security of
our information technology systems. In doing so, we pursue the interest of
enabling and permanently maintaining the use of our app and its technical
functionality. This data is processed automatically when you access our app.
You cannot use our app without this provision. We do not use this data for the
purpose of drawing conclusions about your identity.
The
automatically collected data is generally deleted or anonymized after the
purpose has ceased to apply, unless we exceptionally need it for longer for the
above-mentioned purposes. In such a case, we delete the data immediately after
the purpose no longer applies.
You cannot
object to the processing of your usage data, as this data is absolutely
necessary for the smooth operation of the app. It is not possible to use the
app without processing this data.
We use
cookie-like technologies to optimize the design of the app. This enables, among
other things, the provision of certain functionalities, easier navigation and a
high degree of user-friendliness.
Cookie-like
technologies are based on identifiers with which our web server can recognize
your end device, e.g. to determine whether there has already been communication
with us from your end device. In this way, they serve the purpose of enabling
the use of our app, making it more convenient for you and optimizing our range
of services. For detailed information on the type, function, purposes and any
third-party providers used with regard to the use of cookie-like technologies,
please refer to the following provisions. The legal basis for the use of
cookie-like technologies is your consent ( § 25 para. 1
TTDSG in conjunction with Art. 6 para. 1 sentence 1 letter a GDPR), which
you give us when you open the app for the first time.
You can
revoke your consent to this at any time by preventing the storage of
cookie-like technologies by making the appropriate app settings. To do this,
deactivate the "Allow cookie-like technologies and usage analysis"
function in the "Settings > Privacy" menu.
a) User
login in the app
In order to
make full use of all the functions of our app, you must log in to our app.
Chat-Login
To register
in our app, it is necessary that you have already been created by us as a user
in our app. In this case, you can select yourself from the list of people
stored in our app and log in with the personal password you have received from
us.
As part of
your registration, we process the following data in addition to your data
already stored in the app (in particular your first name, surname, company,
business contact details, your individual password and your user ID):
- Device
ID,
- Notification
ID.
This data
is processed on the basis of § 25 para. 2 no. 2 TTDSG in conjunction with Art.
6 para. 1 sentence 1 letter b GDPR for the execution of a user contract with
you in order to be able to identify you each time you register.
b) Chat
If a user
profile has been created for you in our app, you also have the option of
chatting with other users of the app who also have a user profile when using
our app.
When you
use this function, the following data is processed by you:
- User
ID,
- Device
ID,
- Notification
ID,
- Your
message text.
This data
is processed on the basis of § 25 para. 2 no. 2 TTDSG in conjunction with Art.
6 para. 1 sentence 1 letter b GDPR in order to be able to offer you this function
as part of the execution of a user contract.
c) Contacts
(list of persons)
The
contacts (list of persons) of persons (e.g. event participants, speakers,
employees) may also be stored in our app. As soon as you click on a
contact, a detail page with contact information (e.g. e-mail address) of this
person will appear. You can contact this person directly via the corresponding
links on this detail page.
When you
click on a corresponding link, corresponding applications or apps provided by
other providers (third-party providers) open on your end device (e.g. your
e-mail program installed on your end device).
Please note that these third-party
applications and apps may process personal data. We have no influence over
this. If necessary, please obtain information directly from the providers of
these applications and apps. The respective provider and controller can be
found in particular in the legal notice and the respective data protection
information in the corresponding application or app.
d) Places
In our app,
you have the option of displaying specific locations (e.g. event venues or
branches) in a list or on a map with corresponding detailed information about
this location. If you share your location, the distance from your location to
the individual locations will also be displayed.
We process
the following data as part of this function:
- exact
geographical location.
The
processing is carried out on the basis of § 25 para. 2 no. 2 TTDSG in
conjunction with Art. 6 para. 1 sentence 1 letter b GDPR in order to provide
you with the desired function within the framework of a user relationship.
The app
will also ask you to grant a corresponding device authorization (to use the
location). Granting the authorization is voluntary. However, if you wish to
receive the specific distances to locations, it is necessary to grant this
authorization, otherwise you will not be able to use the function.
The
authorization remains active as long as you do not deactivate it in your end
device. You can deactivate and reactivate the use of your geographical location
at any time.
e) Speaker
requests
In our app,
you have the option of asking speakers questions anonymously during an event.
Your entered message with your question will be sent to the moderator of the
event, who will then ask the speaker.
We process
the following data as part of this function:
-
Your
individual message and question.
This data
is processed on the basis of Art. 6 para. 1 sentence 1 letter b GDPR in order
to be able to offer you this function of our app as part of the execution of a
user contract.
f) Authorizations
in the end device / push messages
The app
supports the display of messages (so-called push messages) on the home screen
of your device and within the app (so-called in-app messages). The app may
therefore ask you to grant the corresponding device authorization. Granting
authorization is voluntary. However, if you wish to receive push notifications,
you must grant this authorization, otherwise you will not be able to use the
function. We require the authorization in order to provide you with the desired
services as part of a (free) user relationship with you (§ 25 para. 2 no. 2
TTDSG in conjunction with Art. 6 para. 1 sentence 1 letter b GDPR).
A
pseudonymized notification ID is assigned to your end device in order to be
able to display push messages or in-app messages. This serves as the
destination for the push messages or in-app messages.
The
authorization remains active as long as you do not deactivate it in your end
device. The push messages can be deactivated and reactivated at any time.
h) Links
to third-party websites and other apps on your device
aa) Websites
If
we link to third-party websites, you will be redirected to the respective offer
of the third party by clicking on the hyperlink.
Please
note that the third-party offers linked from our app may install cookies on
your device or collect personal data. We have no influence on this. If
necessary, please obtain information directly from the providers of these
linked third-party offers. The respective provider and controller can be found
in particular in the legal notice and the respective data protection notices on
the relevant websites.
bb) Apps
As
part of the "Overview of other apps" function, you may be shown other
apps from other providers ("third-party providers") in connection
with the content of our app. If you click on these apps, the respective app of
the third-party provider or the presence of the third-party provider in the app
store will open, from which you can download the third-party provider's app.
Please
note that the third-party apps may process personal data. We have no influence
on this. If necessary, please obtain information directly from the providers of
these apps. The respective provider and controller can be found in particular
in the legal notice and the respective data protection information in the
corresponding app.
i) Further
functions
The
app may have additional functions, such as agenda, speaker questions &
helpdesk
When
using these functions, no further personal data will be processed by you in
addition to the usage data specified in section 3 of this privacy policy.
If you have
consented to this, we use the open source (web) analysis software Matomo
(formerly "Piwik") for the statistical evaluation of usage behavior
in our app in order to continuously improve our app and make it more
user-friendly.
Matomo uses
cookies and similar technologies (hereinafter collectively referred to as
"cookies"). The information generated by the cookies about your use
of our app is stored locally on servers operated by our web provider in
Germany. The legal basis is § 25 para. 1 TTDSG in conjunction with Art. 6 para.
1 sentence 1 letter a GDPR, as the data processing is based on your consent.
We will use
the information collected by cookies and generated by your end device about the
use of our app, in particular your anonymized IP address, device information
(e.g. screen resolution, operating system used, language settings), date and
time of use of the app and length of stay, to evaluate the use of the app, to
compile reports on the activities in our app and to design our app to meet your
needs. The data is not profiled or passed on to third parties.
We only use
Matomo with activated IP anonymization. This means that the last digits of the
user's IP address are shortened to make it more difficult to draw direct
conclusions about individual users.
The data is deleted as soon as it is no longer
required for our recording purposes. In our case, this is usually the case
after 30 days.
You can
revoke your consent to the use of Matomo at any time by preventing the storage
of cookies through the corresponding app settings. To do this, deactivate the
"Allow usage analysis" function in the "Settings" menu.
Further
information on data protection at Matomo can be found on the Matomo website at https://matomo.org/privacy/
and at https://matomo.org/gdpr-analytics/.
We will
only pass on your personal data to external recipients if this is necessary to
provide the app, if we have your consent to do so or if another legal
permission exists.
External
recipients can be, in particular
-
Processors: These are service providers that we use to provide
services, for example in the areas of technical infrastructure and maintenance
of our app. Such processors are carefully selected and regularly reviewed by us
to ensure that your privacy is protected. These service providers may only use
the data for the purposes specified by us and in accordance with our
instructions. We are authorized to use such processors in compliance with the
legal requirements of Art. 28 GDPR.
-
Public bodies: These are authorities, state institutions and other
public bodies, e.g. supervisory authorities, courts, public prosecutors or tax
authorities. Personal data will only be transferred to such public bodies for
compelling legal reasons. The legal basis for such a transfer may be Art. 6
para. 1 sentence 1 letter c GDPR.
-
Non-public bodies: These are, for example, service providers and
auxiliary persons to whom data is transmitted on the basis of a legal
obligation or to safeguard legitimate interests, for example tax consultants or
auditors. The transfer takes place on the basis of Art. 6 para. 1 sentence 1
letter c and/or f GDPR.
If we
transfer your data to third countries outside the EU or EEA as described above,
we will ensure that, apart from legally permitted exceptions, the recipient
either has an adequate level of data protection or that you consent to the data
transfer. An adequate level of data protection is guaranteed, for example, by the
conclusion of EU standard contractual clauses or the existence of so-called
Binding Corporate Rules (BCR). Please contact us using the above communication
channels to obtain a copy of the specific guarantees for the transfer of your
data to third countries.
We only
store your personal data for as long as this is necessary for the fulfillment
of the purposes or - in the case of consent - as long as you do not revoke your
consent. In the event of an objection, we will no longer process your personal
data unless further processing is permitted or even mandatory under the
relevant statutory provisions (e.g. as part of retention obligations under
commercial and tax law). We will also delete your personal data if we are
obliged to do so for legal reasons.
For further
details on the storage period of your personal data, please refer to the
respective explanations in the above paragraphs.
As a person
affected by data processing, you have numerous rights. In detail, these are
-
Right to information (Art. 15 GDPR): You have the right to receive
information about the personal data we have stored about you.
-
Right to rectification
and erasure (Art. 16 and Art. 17 GDPR): You can demand
that we rectify incorrect data and - insofar as the legal requirements are met
- erase your data.
-
Right to restriction of
processing (Art. 18 GDPR): You can demand that we
restrict the processing of your data, provided that the legal requirements are
met.
-
Right to data
portability (Art. 20 GDPR): If you have provided us
with data on the basis of a contract or consent, you may, if the legal
requirements are met, request that you receive the data you have provided in a
structured and commonly used format or that we transmit it to another
controller.
-
Right to object to data
processing based on legitimate interests (Art. 21 GDPR): You have the right to object to data processing by us at
any time for reasons arising from your particular situation, insofar as this is
based on legitimate interests within the meaning of Art. 6 para. 1 sentence 1
letter f GDPR. If you exercise your right to object, we will stop processing
your data unless we can demonstrate compelling legitimate grounds for further
processing which override your rights.
-
Withdrawal of consent (Art. 7 GDPR): If you have given us your consent to
process your data, you can withdraw this at any time with effect for the
future. This does not affect the lawfulness of the processing of your data
until you withdraw your consent. If you wish to withdraw your consent to the
use of certain cookie-like technologies, please refer to our explanations under
section 4.
-
Right to lodge a
complaint with the supervisory authority (Art. 77 GDPR): You can also lodge a complaint with the competent
supervisory authority if you believe that the processing of your data violates
applicable law. To do so, you can either contact the data protection authority
responsible for your place of residence, your place of work or the place of the
suspected infringement, or the data protection authority responsible for us.
If you have any questions about the processing
of your personal data, your rights as a data subject and any consent you may
have given, our data protection officer will be happy to assist you free of
charge using the communication channels listed in section 11. Please also
contact our data protection officer directly to exercise your rights as a data
subject.
We have
appointed a company data protection officer. You can reach him/her as follows:
We take technical and organizational security
measures to protect your personal data against accidental or intentional
manipulation, loss, destruction or access by unauthorized persons. These
security measures are always adapted to the current state of the art.
Our employees are obliged to maintain data
confidentiality.
From time to time it may be necessary to adapt
the content of this privacy policy. We therefore reserve the right to amend it
at any time. We will also publish the amended version of the privacy policy
here. If you visit our app again, you should therefore read the privacy policy
again.
Status: June 2024