Date of last update: 29 January 2021
Welcome to https://www.susannekaufmann.com (the "Site"), a website operated in Austria by Susanne Kaufmann Kosmetik GmbH, a company incorporated in Austria with company registration number FN514360M, VAT number ATU74851804 and whose registered office is located at Brugg 35, 6870 Bezau, Österreich ("SK", "we", "us" or "our"). For the purposes of applicable laws, the “data controller” is Susanne Kaufmann Kosmetik GmbH.
We operate the following social media channels:
1. Information we collect from you
1.1 Information you give to us. You may give us information about you by filling in forms on our Site, on our social media channels, at events or by corresponding with us by live chat, telephone, e-mail, post or otherwise. This includes information you provide when you register to use our Site (which you must do if you would like to use some of the services and features we offer), subscribe to our services, or place an order on our Site. This information may include: your name, age, date of birth and gender your contact details (e.g. address, telephone number, e-mail address); debit or credit card information (if you wish to place an order on our Site); your communication and shopping preferences and interests; feedback and survey responses; correspondence with us. We may also processes other personal information (such as enquiries, feedback, reviews, suggestions, ideas, photographs, messages or other information) that you may post, share, reproduce or otherwise make available to us (“User Content”). Upon prior information in the specific case and with your consent we may record or monitor calls that you receive from us or make to us. We do this for security and training purposes, and to improve the services we provide to you. When you register with us you can view your personal information in 'My Account'. You can access 'My Account' directly to amend any personal details, for example if you change your address. If you forget your password, simply click on the 'forgotten password' link on the register or login page and an e-mail will be sent to the e-mail address that you originally provided containing a link enabling you to change your password.
1.2 Information we collect about you. With regard to each of your visits to our Site, we may automatically collect the following information:
- information about your device: technical information including the Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; location and
- your browsing and shopping activities: information about your visit including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any telephone number used to call our customer service number.
1.3 Information we receive from other sources. We may receive information about you if you use any of the other websites we (or any member or brand within our Group (as defined below)) operate or other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this Site. We are also working closely with third parties (including, for example sub-contractors in technical, payment and delivery services, advertising networks, marketing services, analytics providers, search information providers, and credit reference agencies) and may receive information about you from them.
3. Use made of the information
We use information held about you in the following ways:
3.1 Information you give to us. We will use this information in relation to:
(a) Performance of our contract with you: The information you give to us is necessary to enable us to (i) fulfil your order (including acknowledging your order and communicating with you if there is any issue regarding the fulfilment of your order); (ii) to make sure your order is delivered correctly; (iii) to maintain your account; (iv) accounting, billing, reporting and audit; (v) credit checking or screening based on our legitimate interests to review contract parties prior to concluding a contract(vi) authentication and identity checks (vii) credit, debit or other payment card verification and screening; (viii) debt collection; (ix) safety, security, health, legal and administrative purposes.
(b) Providing customer service: We ask for your contact details such as your e-mail address and telephone number and order details to enable us (i) to answer any questions you have about using our Site or products; (ii) to notify you about the status of your order, and (iii) other customer care services such as identifying your requirements and shopping preferences; in each case as necessary in order to take steps at your request in regards to your order. To provide those customer care services we may use your data for our legitimate interest in statistical and market analysis; studies, research and development by us, or a third party we appoint as a data processor but in doing so your personal data will be pseudonymised for the use of it by these parties. They will not receive your name, address, email address or telephone number;
(c) User Content: We may use this on our Site, social media channels and marketing communications to promote our products, provided in each case that we have your permission (e.g. when we ask you to leave a review);
(d) Direct Marketing (e.g. newsletters): In order to improve your shopping experience with us and to promote our products, we want to keep you up-to-date on our latest products, promotional offers and events. If you are an existing customer (ie you have purchased products from SK) and you have not Opted-Out (see next point), we may contact you by electronic means (email) about goods and services similar to those which were the subject of a previous sale or negotiations for a sale. We may contact you as an existing customer by direct postal mail as it is in our legitimate interests to do so as a retailer seeking to market similar products or products we think you may be interested in. If you are a new customer (ie you have not purchased products from SK), we, will contact you by electronic means only if you have expressly consented to this or we are otherwise permitted to do so in accordance with applicable laws.
(e) Opt-out of Direct Marketing: You can at any time tell us not to send you marketing communications (i) by e-mail by clicking on the unsubscribe link within the marketing e-mails you receive from us; or (ii) by postal mail by following the instructions that may be included in a particular promotion. If you have registered with us, you may also opt out of receiving postal mail from us by logging into your account and amending your preferences.
(f) We may use the information you provide and the information we collect about you (e.g. shopping history, product interests) based on our legitimate interests to build a picture of your interests so that we may tailor our communications to you to ensure they are relevant and of interest to you and so that when you visit our Site we can tailor your experience so that it is easier to shop with us.
(g) Our services: To notify you about changes to our services e.g. where we are in a contractual relationship with you.
(h) Our Site: To ensure that content from our Site is presented in the most effective manner for you and for your device, and so that we can enhance your experience of using our Site. We process your personal data based on our legitimate interests in providing an appealing and up-to-date website while implementing adequate security measures (e.g. to prevent hacking attacks).
3.2 Information we collect about you. We will use this information based on our legitimate interests in relation to:
(a) Administration of our Site: To administer our Site and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes. We may collect information from visitors to our Site and analyse it to build up a picture of how people use our Site. This helps us to improve the service we offer you.
(b) Site improvement: To improve our Site to ensure that content is presented in the most effective manner for you and your computer.
(c) Our legitimate interest as a retailer: Where it is necessary for us to understand our customers, promote our services and operate effectively as a luxury manufacturer and retailer of branded natural skincare, bath and body, and related cosmetic and home products and accessories provided in each case that this is done in a legitimate way which does not unduly affect your privacy and other rights. For example (i) to allow you to participate in interactive features of our service when you choose to do so; (ii) allow us to measure or understand the effectiveness of advertising we serve to you and others; (iii) allow us to make suggestions and recommendations to you and other users of our Site about goods or services that may be of interest to you; (vi) to operate an automated abandon cart email programme that will contact you via email if you decide to exit your shopping basket without making a purchase (this email is sent shortly after you have abandoned your cart and contains information only related to the product(s) left in the cart); and (vi) to conduct certain market analysis to understand our customers in sufficient detail so we can create new services and improve the profile of our brand.
(d) Security of our Site: As part of our efforts to keep our Site safe and secure.
3.3 Information we receive from other sources. We may combine the information we collect from you and the information you provide to us with information we receive from other sources, in each case while providing you with proper information on the processing. We may use this combined information for the purposes set out above (depending on the types of information we receive).
4. Disclosure of your information
4.1 We may share your personal information with members or brands within our Group where (i) we have a legitimate interest to do so , or (ii) you have consented to such disclosure , or (iii) such Group company is processing your data on our behalf as a data processor. In each case we will provide you with proper information on any data transmission(s). Please visit https://www.manzanitacapital.com for more information about which members and brands constitute our Group. They may use the information in accordance with their privacy policies for purposes such as: management, analysis, planning and decision making; financial reporting and analysis; strategic planning; the development of customer segmentation and metrics to provide a consistent view of our customer base; the creation of inspiring content and editorial features, and the development and sale of new products and collaborations to enhance your experience as a customer of SK or other brands in the Group.
4.2 From time to time we retain the services of other carefully selected and monitored companies and individuals to perform functions on our behalf in connection with the successful operation and continuous improvement of this Site. These companies and individuals are appointed as data processors or as joint controllers. We may share your information with such third parties including:
(b) Advertisers and advertising networks we appoint to assist us and who require the data to select and serve relevant adverts to you on our behalf including our third-party advertising partners and their service providers in order to deliver to you banner advertisements and other advertising tailored to your interests when you visit certain websites. Our advertising partner will make the data we provide it pseudonymous. To learn more about this information or to make choices about receiving personalised advertising provided by third parties, please visit the European Digital Interactive Advertising Alliance by clicking here: http://www.youronlinechoices.eu. We may also work with third parties (such as Facebook and Instagram) to serve ads to you as part of a customized campaign on their platforms. If you prefer not to see customized ads from us, you can opt out by changing your account settings or preferences on such platforms.
(c) Analytics and search engine providers that assist us in the improvement and optimisation of our Site.
4.3 We do not provide your personal details to other companies or individuals for their marketing purposes unless you have indicated when you registered that you wish to receive information about other companies' products, offers and services.
4.4 We may disclose your personal information to other third parties:
(a) In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets based on our legitimate interests.
(b) If SK (or its ultimate holding company and its subsidiaries, as defined in section 244 of The Austrian Commercial Code) or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets based on our legitimate interests.
4.5 Data recipients
For the purposes mentioned above we may, inter alia, transmit your data to the following recipients:
- Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
Types of data: Contact details, order details, payment details, pages visited, products purchased
Processing purpose: Order process and shipping, processing all data collected from the website (website hosting)
- BMD Systemhaus GesmbH, Sierninger Straße 190, A - 4400 Steyr, Austria
Types of data: Contact details, order details, products purchased
Processing purpose: Order process and shipping
- PayPal (Europe), 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg
Types of data: Contact details, order details, payment details, products purchased
Processing purpose: Payment processing
- Google Ireland Limited, register number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland
Types of data: Tracker, usage data, IP address, device brand/name/model, operating system version, browser version, ISP, pages visited, products purchased
Processing purpose: Google Tag Manager and Google Analytics to improve performance
- Google Ireland Limited, register number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland
Types of data: Tracker, usage data
Google Maps widget for store locator
- Google Ireland Limited, register number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland
Types of data: Tracker, usage data, Contact details, order details, products purchased
Processing purpose: Google Ads Manager for advertising and remarketing
- Klaviyo, 49 Southwark Bridge Rd, London, SE1 9HH, UK
Types of data: Contact details, order details, products purchased, pages visited, shopping history
Processing purpose: Email marketing, CRM and abandoned basket emails
Transmission to a third country based on the EU-UK Trade and Cooperation Agreement
- Hotjar, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta
Types of data: Tracker, usage data, device resolution, pages visited, operating system, browser, source
Processing purpose: Heat maps, recordings and analytics to improve performance
- Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Types of data: Tracker, usage data, contact details, order details, products purchased
Processing purpose: Advertising, remarketing, lookalike audience and custom audience
- Pandectes, Gounari 65, 26223, Patra, Greece
Types of data: Cookie consent details
Processing purpose: Record and amend consent to cookies
- Cloudflare Ltd, County Hall/The Riverside Building, Belvedere Road, London, SE1 7PB
Processing purpose: Traffic optimization and distribution
Transmission to a third country based on the EU-UK Trade and Cooperation Agreement.
5. Where we store and process your personal data
6. How we safeguard your data
We have put in place safeguards to check that our internal procedures meet our high policy standards. We use the latest strong encryption technology to ensure that all transactional information (e.g. credit or debit card details, personal contact information together with any other names and addresses you provide when you place an order for delivery to another address, and your purchasing history) is protected to the highest standard. We also use reasonable efforts to ensure that our service providers agree to protect your personal information. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Site and/or social media channels; any transmission is at your own risk. Our Site is not intended for children under the age of 14 and we do not knowingly collect personal information online from visitors of this age group.
7. Third party websites
Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
8. Data Retention and Destruction
We store data for as long as it is necessary for the purpose for which it was collected and so long as we are legally required to do so. Information associated with your account will be kept until your account is deleted, unless we no longer need the data to provide products and services, or until any legal requirement to keep it no longer exists. Data linked to orders will be retained for at least 7 years based on the legal retention obligations due to commercial and tax law (§ 132 BAO, §§ 190, 212 UGB). When we no longer need personal data, we securely delete and destroy it.
9. Rights of Data Subjects
You have certain rights in relation to your personal data. These include: the right to object to the processing of your data for certain purposes, the right to access your personal data, the right to correct any inaccurate data, and the ability to erase, restrict or receive a machine-readable copy of your personal data. We will handle any request to exercise your rights in accordance with applicable law and any relevant legal exemptions. If you wish to exercise any of these rights, please contact us using the contact details in Section 11 below. You may also have the right to complain to a data protection authority if you think we have processed your personal data in a manner which is unlawful or breaches your rights. If you have such concerns, we request that you initially contact us (using the contact details in Section 11 below) so that we can investigate, and hopefully resolve, your concerns.
We do not process your personal data for the purpose of making decisions that are based solely on automated processing, including profiling, which produce legal effects on you or may similarly significantly affect you.
13. Law, jurisdiction and language
This Site, any content contained herein, and any contracts entered into as a result of usage of this Site are governed by Austrian law. The parties to any such contract agree to submit to the exclusive jurisdiction of the courts of Austria. All contracts are concluded in English.
14. UK Data Protection Representative
Representative of controllers or processors not established in the United Kingdom (Article 27 UK GDPR):
Susanne Kaufmann Limited
57 Southwark Street