Data protection

Data safety

Privacy Policy of R-Pharm Germany GmbH

R-Pharm Germany GmbH is a limited liability company with its registered office in Illertissen, registered in the commercial register B of the Memmingen district court with the commercial register number: HRB 16246 and operates an online shop under the website www.bloombeauty.de (the “website”). The following data protection regulations apply to all customers who place orders via the online shop of R-Pharm Germany GmbH (the “customers”).

General information These data protection regulations clarify the type, scope and purposes of the collection and use of customer data by R-Pharm Germany GmbH.

R-Pharm Germany GmbH Heinrich Mack Str. 35 89257 Illertissen Germany Phone.: +49-7303-12-7888 info@bloombeauty.de www.bloombeauty.de

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the legal regulations (DSGVO, TKG 2003). In this data protection information we inform you about the most important aspects of data processing on our website.

The data protection officer of the responsible body can be contacted at the following e-mail address

datenschutz@r-pharm.com

Contact: If you contact us by form on the website or by e-mail, the data you provide will be stored for six months for the purpose of processing your inquiry and in the event of follow-up questions. These data will not be passed on to third parties without your consent.

Data storing We would like to point out that for the purpose of simplifying the purchasing process and for subsequent contract processing the webshop operator stores the IP data of the connection owner within the framework of cookies, as well as the name, address and contact data (e-mail, telephone) of the purchaser. The data provided by you is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures. Without these data we cannot conclude the contract with you. Data will not be transmitted to third parties, with the exception of the transmission of credit card data to the processing bank institutions/payment service providers for the purpose of debiting the purchase price, to the transport company/shipping company commissioned by us for the delivery of the goods and to our tax consultant for the fulfilment of our tax obligations.

Duration of the storage of personal data Personal data is stored for the duration of the respective legal retention period. After expiry of this period, the data will be routinely deleted, unless there is a need to initiate or fulfil a contract.

Cookies Our website uses so-called cookies. These are small text files that are stored on your mobile device using the browser. We use cookies to make our website user-friendly. Some cookies remain stored on your device until you delete them. They enable us to recognize your browser the next time you visit us. If you do not wish this, you can set your browser so that it informs you about the setting of cookies and you only allow this in individual cases. When cookies are deactivated, the functionality of our website may be limited.

Web-Analyse Our website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses targeted cookies. More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de. Cookies are used for this purpose, which enable an analysis of the use of the website by your users. The information generated in this way is transferred to the provider’s server and stored there. You can prevent this by setting your browser so that no cookies are stored. We have concluded a corresponding contract with the provider for order data processing.

Using facebook Social Plugins
We use components of the provider facebook.com on our site. Facebook is a service of facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. Every time you visit our website, which is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the facebook component. Through this process facebook is informed about which specific page of our website you are currently visiting. If you access our site while logged in to facebook, facebook uses the information collected by the component to identify which specific page you are visiting and assigns this information to your personal account on facebook. For more information, please see Facebook’s Privacy Policy at https://www.facebook.com/about/privacy/. If you do not want Facebook to associate the data collected via our website directly with your profile, you must log out of the relevant service before visiting our website. You can also completely prevent the plugins from loading with add-ons for your browser, e.g. with the “NoScript” script blocker. External tools are also available on the market to block Facebook social plug-ins with add-ons for all major browsers https://adblockplus.org/de/. An overview of the Facebook plugins can be found at https://developers.facebook.com/docs/plugins/.

Using Instagram Social Plugins
On our site we use components of the provider Instagram. Instagram.com is a service of Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”. When you access a page of our website that contains such a plugin, your browser establishes a direct connection to Instagram’s servers. Instagram transfers the content of the plugin directly to your browser and integrates it into the page. This integration informs Instagram that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. If you interact with the plugins, for example by pressing the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts. Please refer to Instagram’s privacy policy for the purpose and scope of data collection and the further processing and use of the data by Instagram and your rights and setting options for protecting your privacy: https://help.instagram.com/155833707900388/. If you do not want Instagram to associate the information collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the Instagram plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).

Sending information by e-mail newsletter

With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter you agree to the receipt and the described procedures. E-mails containing advertising information about us and our services are only sent with the express consent of the user. Users may object to receiving the newsletter at any time. A possibility of objection can be found in every e-mail. Before sending the newsletter, the e-mail owner will receive a confirmation e-mail in which he must confirm the newsletter registration. Unconfirmed registrations will be automatically deleted within four weeks at the latest. Messages within the scope of the contractual relationship with the user do not belong to advertising information. This includes the sending of technical information, information on payment processing, queries on orders and similar messages. During registration we store the time of registration, the time of confirmation and the IP address of the user. We are legally obliged to record the registrations in order to be able to prove a proper registration.


R-Pharm Germany setzt für die Erstellung und Verwaltung des Newsletters das Newsletter-Tool, des US-Anbieters Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, „MailChimp“ ein. Die erforderlichen Daten der Newsletter-Empfänger werden dabei webbasiert auf einem Server von „MailChimp“ in einem Bereich gehostet, zu dem ausschließlich die Firma R-Pharm Germany einen passwortgeschützten Zugang hat. Vertragsbasis zwischen R-Pharm Germany und „MailChimp“ ist die AGB und Datenschutzerklärung von „MailChimp“ die Sie hier nachlesen können: „MailChimp“ AGB/ Datenschutz. „MailChimp“ verwendet diese Informationen zum Versand und zur Auswertung der Newsletter in unserem Auftrag. Des Weiteren kann „MailChimp“ nach eigenen Informationen diese Daten zur Optimierung oder Verbesserung der eigenen Services nutzen, z.B. zur technischen Optimierung des Versandes und der Darstellung der Newsletter oder für wirtschaftliche Zwecke, um zu bestimmen aus welchen Ländern die Empfänger kommen. „MailChimp“ nutzt die Daten unserer Newsletterempfänger jedoch nicht, um diese selbst anzuschreiben oder an Dritte weiterzugeben. „MailChimp“ ist unter dem US-EU-Datenschutzabkommen „Privacy Shield“ zertifiziert und verpflichtet sich damit die EU-Datenschutzvorgaben einzuhalten. Des Weiteren haben wir mit „MailChimp“ ein „Data-Processing-Agreement“ mit EU-Standardvertragsklauseln abgeschlossen. Dabei handelt es sich um einen Vertrag, in dem sich „MailChimp“ dazu verpflichtet, die Daten unserer Nutzer zu schützen, entsprechend dessen Datenschutzbestimmungen in unserem Auftrag zu verarbeiten und insbesondere nicht an Dritte weiter zu geben. Mit dem Absenden Ihrer Daten in unserem Newsletter-Formular erklären Sie sich mit der Auftragsdatenverarbeitung durch „MailChimp“ in dem ersichtlichen Umfang einverstanden.

R-Pharm Germany uses the newsletter tool of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, “MailChimp” for the creation and administration of the newsletter. The necessary data of the newsletter recipients are hosted web-based on a server of “MailChimp” in an area to which only the company R-Pharm Germany has password-protected access. The contractual basis between R-Pharm Germany and “MailChimp” is the general terms and conditions and data protection declaration of “MailChimp” which you can read here: “MailChimp” general terms and conditions/ data protection. “MailChimp” uses this information to send and evaluate the newsletter on our behalf. Furthermore, “MailChimp” can use this data according to its own information to optimize or improve its own services, e.g. to technically optimize the sending and presentation of newsletters or for economic purposes, in order to determine from which countries the recipients come. “MailChimp” does not use the data of our newsletter recipients to write them down or pass them on to third parties. “MailChimp” is certified under the US-EU data protection agreement “Privacy Shield” and thus commits itself to comply with EU data protection regulations. Furthermore, we have concluded a data processing agreement with “MailChimp” with EU standard contract clauses. This is a contract in which “MailChimp” undertakes to protect the data of our users, to process them on our behalf in accordance with their data protection regulations and in particular not to pass them on to third parties. By submitting your data in our newsletter form you agree to the order data processing by “MailChimp” to the extent visible. The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the “MailChimp” server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times.
The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention, nor that of “MailChimp”, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

There are cases in which we direct the newsletter recipients to the “MailChimp” website. For example, our newsletters contain a link with which the newsletter recipients can call up the newsletters online (e.g. in case of display problems in the e-mail program). Furthermore, newsletter recipients can subsequently correct their data, e.g. the e-mail address. Likewise, the privacy policy of “MailChimp” can only be accessed on their site.

In this context we pointed out that on the web pages of “MailChimp” cookies are used and thus personal data are processed by “MailChimp”, its partners and service providers (e.g. Google Analytics). We have no influence on this data collection. Further information can be found in the privacy policy of “MailChimp”. In addition, we would like to draw your attention to the possibilities of objecting to the collection of data for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European area). You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent to its dispatch via “MailChimp” and the statistical analyses expire. A separate cancellation of the dispatch via “MailChimp” or the statistical evaluation is unfortunately not possible.

You will find a link to cancel the newsletter at the end of each newsletter.

In accordance with the provisions of the Basic Data Protection Ordinance (DSGVO) valid from 25 May 2018, we inform you that your consents to the sending of e-mail addresses are based on Art. 6 para. 1 lit. a, 7 DSGVO and § 7 para. 2 no. 3 and para. 3 UWG. The use of the shipping service provider “MailChimp”, carrying out statistical surveys and analyses as well as recording the registration procedure, is based on our legitimate interests pursuant to Art. 6 Para. 1 lit. f DSGVO. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of users. We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements pursuant to Art. 21DSGVO. The objection may be lodged in particular against processing for direct marketing purposes.

Transfer of data to third parties

User data will only be passed on to third parties if this is permitted by law or if a user has consented to the forwarding. This is the case, for example, if the forwarding of the data serves the fulfilment of contractual obligations towards the user, such as the postal address is transferred to a forwarding company after a shop order or the payment data is forwarded to the commissioned credit institution and, if applicable, to the payment service selected by you in the order process; or if the data is requested by competent authorities such as law enforcement authorities. The personal data of users will in no way be sold or passed on to third parties for advertising purposes or for the purpose of creating user profiles.

Creation of log files
Every time the website www.bloombeauty.de is accessed, data and information are collected by an automated system. These are stored in the log files of the server. The following data can be collected:

  1. Information about the browser type and version used

  2. The user’s operating system

  3. The user’s Internet service provider

  4. The IP address of the user

  5. Date and time of access

  6. Websites from which the user’s system accesses our website (referrer)

  7. Websites accessed by the user’s system via our website

The processing of data serves to deliver the contents of our website, to guarantee the functionality of our information technology systems and to optimize our website. The data of the log files are always stored separately from other personal data of the users.

Registration on our website / user account

If the data subject uses the opportunity to register on the website of the person responsible for the processing by providing personal data, the data will be transmitted to the webshop hoster. The data is stored exclusively for internal use, e.g. to process orders. During registration, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services. Registration of the data is required for the provision of content or services. Registered persons have the possibility to delete or modify the stored data at any time. The person concerned receives information about the personal data stored about him or her at any time.

Routine deletion and blocking of personal data

The controller shall process and store the personal data of the data subject only for as long as is necessary to achieve the purpose of the data retention. Furthermore, data may be stored insofar as this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. As soon as the purpose of storage ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely deleted.

Your rights

If personal data are processed by you, you are affected within the meaning of the DS-GMO and you have the following rights vis-à-vis the person responsible:

1. right to information

You can ask the person in charge to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you can request the following information from the person responsible:

a. the purposes for which the personal data are processed;
b. the categories of personal data processed;
c. the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
d. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
e. the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of the processing by the controller or a right to object to such processing;
f. the existence of a right of appeal to a supervisory authority;
g. any available information on the origin of the data if the personal data are not collected from the data subject;
h. the existence of automated decision-making including profiling in accordance with Article 22(1) and (4) DS-GMO and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject. 

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 DS-GMO in connection with the transmission.

2. the right of correction

You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.

3. right to limitation of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:

a. if you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
b. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
c. the data controller no longer needs the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims, or
d. if you have filed an objection to the processing pursuant to Art. 21 para. 1 DS-GMO and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

4. right of cancellation

4.1. You may require the data controller to delete the personal data relating to you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:

a. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
b. You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DS-GMO, and there is no other legal basis for the processing.
c. You file an objection against the processing pursuant to Art. 21 para. 1 DS-GMO and there are no overriding legitimate grounds for processing or you file an objection against the processing pursuant to Art. 21 para. 2 DS-GMO.
d. The personal data concerning you have been processed unlawfully.
e. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
f. The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 DS-GMO.

4.2. If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 DS-GMO, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

4.3. The right to cancellation does not exist if the processing is necessary.

a. the exercise of freedom of expression and information;
b. for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
c. for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DS-GMO;
d. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 DS-GMO, insofar as the right referred to in para. 1 is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
e. to assert, exercise or defend legal claims.

5. the right to be informed

If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. The person responsible shall have the right to be informed of such recipients.

6. Recht auf Datenübertragbarkeit

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that

a. processing is based on consent pursuant to Art. 6 para. 1 lit. a DS GMO or Art. 9 para. 2 lit. a DS GMO or on a contract pursuant to Art. 6 para. 1 lit. b DS GMO and
b. processing is carried out using automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

7. right of objection

You have the right to object at any time, for reasons arising from your given situation, to the processing of personal data concerning you based on Article 6(1)(e) or (f) DS-GMO; this also applies to profiling based on these provisions. The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

8. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out based on the consent until revocation.

9. automated decision in individual cases including profiling

They shall not be subject to a decision based exclusively on automated processing, including profiling, which has legal effect vis-à-vis it or significantly affects it in a similar manner. This does not apply if the decision

a. is necessary for the conclusion or performance of a contract between you and the person responsible
b. is admissible by law of the Union or of the Member States to which the person responsible is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
c. with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DS-GMO unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. Regarding to the cases mentioned in a. and c., the person responsible takes appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision.

10. right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you infringes the DS GMO. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 DS-GMO.

Legal basis of the process

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the Basic EU Data Protection Regulation (DSGVO) serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6 paragraph 1 lit. c DSGVO serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the DSBER serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) DSGVO serves as the legal basis for processing. The legitimate interest of our company lies in the performance of our business activities.