Data Protection Notice -

Data Protection Declaration

The CURA MARKETING GMBH, Dr. Franz-Werner-Strasse 19, 6020 Innsbruck, place of jurisdiction in Innsbruck provides contents and offers services under the domain www.curacosmetic.com. As the CURA Marketing GmbH (in the following referred to as Provider) also processes personal data in the framework of the digital offers, it shall be explained in this declaration how personal data are treated within the framework of use of the website www.curacosmetic.com (in the following referred to as Website).

For privacy requests, please contact us under datenschutz@cura.co.at.

1.    Personal Data:

Personal data are individual details on personal or factual circumstances of the users, such as for example the address, name, email-address, telephone number and other information that enable to identify a person. Insofar as we collect such data, you will in the following be instructed on the purpose and the extent of the utilization of the data.

a. General Information Notice regarding the Handling of Personal Data

Personal data is processed if you subscribe to a newsletter, if you contact us via email and if you request services via the contact form and if you buy a voucher via the website. We analyse user behaviour using Google Analytics. Apart from our website, you may also use social media that is linked via the website. Specifically, we collect and use personal data during the following operations:

b. Recording of the use

We store use processes temporarily on the website in a log file and irrespective of what you do, even in case of use without registration or if you otherwise send us information. We thereby store the date, the time and the duration of the access to the pages of the portal, the IP address as well as the telecommunications provider enabling the access. The operating system of the computer via which access is initiated as well as the web browser used for the access are also stored.

This data is automatically deleted within 365 days after the use. As far as you use special services, such as the newsletter, the personal data is erased after the final termination of the use of the service or if you request to do so, or respectively, in case a legal retention obligation exists, the personal data is blocked.

Legal basis for the storage is a legitimate interest pursuant to art. 6 par. 1 lit. f of the GDPR in order to ensure the functionality of the page and in order to be able to carry out an error analysis in case of technical defects or attacks on the security of the website.

2.    Use of Cookies

Cookies are used to adjust the offers of the website for the user on the website, to facilitate usage of the website or to analyse the use of the website.

Generally, the browser automatically stores cookies on your computer. But you can store in the settings of your browser that your cookies are not stored or that the storage of cookies requires your consent.

You can delete cookies stored at any time in your browser under “Settings”. You may find information regarding the functioning of your browser under the help section of your browser.

To the extent that you do not allow that cookies are stored on your computer or insofar as you delete cookies, this may lead to the fact that you may not be able to use certain services of the offer at all or only to a limited extent.

Further information on cookies are provided by the Association Verband der Digitalen Wirtschaft e.V.: www.meine-cookies.org

3.    Special possibilities to use our website:

We offer different possibilities on our website to get in contact with us or to receive information from us.

a. Contacting per email or via the contact form

If you contact us via a contact form or per email, we store the email communication until your request or the use has been completed, in order to respond to questions and to document the communication. To the extent that retention obligations under business law (6 years starting with the end of the year in which the operation was completed) or retention periods under tax law (10 years starting with the end of the year the operation was completed) exist, the data is stored after execution of your request and we restrict processing, if any.

In case contact is established via email, third parties may possibly take insight into the email if such is not encrypted. You can find out via your email provider if your emails can be encrypted or not.

Legal basis for the use of personal data that is transferred via email is art. 6 par. 1 lit. f of the GDPR, is the legitimate interest and the consent. In case the email contact aims at concluding a contract, the legal basis for processing, namely art. 6 par. 1 lit. b of the GDPR applies additionally.

b. Data Protection in case of job applications and in the course of the job application procedure

The controller for the processing collects and processes the personal data of job applicants to handle the job application procedure. The processing may also be done electronically. This is in particular then the case if the job applicant forwards relevant job application documents electronically, e.g. per email or via the web form that can be found on the website, to the controllers responsible for the processing. In case the controller responsible for the processing concludes an employment contract with the job applicant the data transferred for the settlement of the employment relationship is stored taking into account the legal provisions. In case that no employment contract is concluded with the applicant by the controller responsible for the processing, the job application documents are automatically deleted two months after announcing the decision of refusal, unless other legitimate interests for the processing by the controller are opposed to this. Other legitimate interests in this sense is for example a burden of proof in a proceeding pursuant to the Austrian General Equal Treatment Act (Allgemeine Gleichbehandlungsgesetz; AGG).

4.    Usage analysis for statistical purposes - Google Analytics

In order to optimize our website, to correct sources of error and to find out how visitors use the offer and in which period of time which parts were used, we use Google Analytics, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. Google uses cookies to allow to analyse how you use the website.

The services of Google Analytics were enhanced with the code “anonymizelp”, an application for IP anonymization. Thereby, IP addresses are shortened to prevent that a link can be established to you. Due to the anonymization, the IP address will be shortened beforehand within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. In exceptional cases, it may occur that the full IP address is [sic] to a server of [sic] [1]

The information on the use of our website, including your anonymized IP address, generated by the cookie utilised by Google Analytics is also transmitted to Google servers located in the USA and is stored there.

On our behalf, Google will use this information to analyse the use of the website for us, to draw up reports on website activities and to provide further services to us related to the use of the website and of the internet. The IP address which is sent from your browser within the framework of Google Analytics will not be merged with other data of Google.

You may prevent the storage of cookies making the settings in the browser described under clause 2 above, resulting in the respective restrictions in the utilisation of the website.

You can prevent Google from collecting the data generated by the cookie and related to the use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Alternatively to the above-mentioned plug-in or with mobile devices (e.g. Smart phones, tablets), you may set an opt-out cookie on your device or a block cookie, Deaktivate Google Analytics, which prevents the collection by Google Analytics on this website. This cookie functions only on this device, in this browser and has to be activated again when deleting the cookies.

For further information regarding Google Analytics and the topic data protection, please visit the link https://support.google.com/analytics/answer/6004245?hl=de 

5.    Applications to improve user friendliness

a. Use of Google Web Fonts

This page uses so-called Web Fonts that are made available by Google to uniformly represent the font types. Whenever a page is called up, your browser loads the required web fonts in the cache memory of your browser in order to correctly display the texts and the font types. In case your browser does not support web fonts, a standard font is used by your computer.

For further information on Google Web Fonts, please visit: developers.google.com/fonts/faq and the data protection declaration of Google: www.google.com/policies/privacy/

6. The integration of social networks at www.curacosmetic.com

Various functions of the website are linked to other providers such as LinkedIN, Xing and Kununu via graphics that initially do not transmit data to social networks. If you, as a user, click on these graphics, you will activate the connection to the selected social network and then transfer your information to the social network.

a. Data protection provisions about the application and use of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a LinkedIn component (LinkedIn plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding LinkedIn component of LinkedIn. Further information about the LinkedIn plug-in may be accessed under developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on LinkedIn, LinkedIn detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, then LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores the personal data.

LinkedIn receives information via the LinkedIn component that the data subject has visited our website, provided that the data subject is logged in at LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our website is made.

LinkedIn provides under www.linkedin.com/psettings/guest-controls the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads, as well as the ability to manage ad settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame. The setting of such cookies may be denied under www.linkedin.com/legal/cookie-policy. The applicable privacy policy for LinkedIn is available under www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available under www.linkedin.com/legal/cookie-policy.

b. Data protection provisions about the application and use of Xing/kununu

On this website, the controller has integrated components of XING. XING is an Internet-based social network that enables users to connect with existing business contacts and to create new business contacts. The individual users can create a personal profile of themselves at XING. Companies may, e.g. create company profiles or publish jobs on XING.

The operating company of XING is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a XING component (XING plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding XING component of XING. Further information about the XING plug-in the may be accessed under dev.xing.com/plugins. During the course of this technical procedure, XING gains knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on XING, XING detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the XING component and associated with the respective XING account of the data subject. If the data subject clicks on the XING button integrated on our Internet site, e.g. the "Share"-button, then XING assigns this information to the personal XING user account of the data subject and stores the personal data.

XING receives information via the XING component that the data subject has visited our website, provided that the data subject is logged in at XING at the time of the call to our website. This occurs regardless of whether the person clicks on the XING component or not. If such a transmission of information to XING is not desirable for the data subject, then he or she can prevent this by logging off from their XING account before a call-up to our website is made.

The data protection provisions published by XING, which is available under www.xing.com/privacy, provide information on the collection, processing and use of personal data by XING. In addition, XING has published privacy notices for the XING share button under www.xing.com/app/share;

7.    Security Measures

We endeavour to permanently ensure the security of the personal data that is stored with us using suitable technical and organisational measures and by continually developing the website.

8.    Rights of the User Access, Objection, Deletion and Blocking of Personal Data

You have different so-called rights of the data subject in connection with your personal data you can assert against us. You may at any time request to obtain access to the data stored with us regarding your person, besides you may request that incorrect data is rectified, further processing thereof is restricted or that it is deleted. You have the right to demand that data is ported to a third party.

Pursuant to art. 21 of the GDPR, the right to object against the processing of your data, in particular if there is a legitimate interest that we process your data.

The deletion is however only then permissible to the extent that there are no retention obligations to the contrary. In these cases, the deletion of personal data is replaced by the blocking of this data. In case you have any questions regarding the use of your personal data or in case you wish that your data is deleted, please contact the responsible body of the controller pursuant to clause 9. Please understand that depending on how you contact us we can only satisfy these rights if we can unambiguously identify you.

If you want to complain on how your personal data is handled, you have the right to file a complaint with a data protection supervisory authority competent regarding the processing of personal data by us. The supervisory authority competent for us is the Austrian Data Protection Authority (Datenschutzbehörde).

 

9.    Responsible Body of the Controller

The CURA MARKETING GMBH, Dr.-Franz-Werner-Strasse 19, 6020 Innsbruck, place of jurisdiction Innsbruck, represented by its managing director Roland Kohl is the body of the controller responsible in the sense of the Data Protection Law. When asserting your rights in accordance with clause 6, please contact:

datenschutz@cura.co.at

We will change this data protection declaration to the extent we change the website or to the extent the initial legal situation changes. We would kindly ask you to keep informed in regular intervals on the modifications.

Data Protection Declaration as of May 2018


[1] Translator’s note: German sentence is not complete.