Go to homepage
€0.00*
Menu

Privacy policy


PRÄMBEL

This privacy policy informs you about the personal data we collect, the purposes for which we process it and the extent to which we do so. This statement applies to all processing of personal data in connection with our services - in particular on our websites and external online presences, such as our social media profiles.

As at: 21.01.2025

All personal designations apply equally to all genders.


PERSON RESPONSIBLE AND DATA PROTECTION OFFICER

SC Cosmetics Handels GmbH
Baumgarten 206
6320 Angerberg
Austria

Data Protection Officer: Ms. Helga Langreiter
Email address: info@dermasr.com
Phone: +43 5332 56671


PROCESSED DATA AND PURPOSE

Personal data is processed for contract fulfillment, billing, assertion of contractual claims, for customer service purposes and for advertising purposes. In particular, we process inventory data, payment data, contact data, content data and contract data. In addition, we collect and use usage data, meta and communication data as well as log data in order to provide our online services, make them user-friendly and ensure the security of our systems. The data is also used to respond to contact inquiries, for communication via various channels and for direct marketing. This includes the administration and organization of user inquiries (e.g. by email, messenger or telephone) as well as advertising by email, post, telephone or fax in compliance with legal requirements.

Processed data:

  • Inventory data (e.g. name, address, customer number)
  • Contact data (e.g. postal and email addresses, telephone numbers)Usage data (e.g. page views, clicks, click paths, length of stay, devices used, content and functions used, interactions with content)
  • Payment data (bank details, credit card number, invoices, payment history)Meta and communication data (e.g. IP addresses, time data, technical information)Content data (e.g. messages and posts, including authorship and timestamps)Contract data (e.g. subject matter of the contract, term, customer category)Log data (e.g. login times, access log files)

In addition to communication with users and interested parties, data processing is also used to carry out competitions and contests, reach measurement and tracking, target group formation and conversion measurement, as well as affiliate tracking. We also use the data for office and organizational procedures, business management processes, conducting surveys, public relations, sales promotion and direct marketing.

Purposes of processing:

  • Contract fulfillment (processing and handling of orders, fulfillment of contractual obligations)Business processes (organization and business administration)Communication (e.g. contact requests, queries, public relations, direct marketing, targeted placement of advertising)Optimization of our online offering (e.g. reach measurement and user analysis, feedback from surveys via online forms)Implementation of prize draws and competitions
  • Security measures (protection against misuse and data backup)

The data subjects are service recipients, clients, users, communication partners, interested parties and participants in prize draws, competitions, educational offers and courses.


LEGAL BASIS OF DATA PROCESSING

Our data processing is based on the following legal bases in accordance with the GDPR (EU General Data Protection Regulation) and the Data Protection Amendment Act 2018. In addition to the GDPR, national data protection regulations in your or our country of residence may apply.

  • Consent (Art. 6 para. 1 lit. a GDPR): Processing of personal data with the consent of the data subject for specific purposes.Performance of a contract (Art. 6 para. 1 lit. b GDPR): Processing for the performance of a contract or in order to take steps prior to entering into a contract.Legal obligation (Art. 6 para. 1 lit. c GDPR): Processing for compliance with legal requirements.
  • Legitimate interests (Art. 6 para. 1 lit. f GDPR): Processing to safeguard legitimate interests, provided these do not outweigh the rights of the data subject.

Additional regulations in Austria:
In Austria, the provisions of the Data Protection Act (DSG), for example on rights of access, rectification or special categories of personal data, as well as the TKG 2003, in particular Section 96 (3), apply in the case of cookies, tracking and electronic communication.

.

Application of the GDPR and the Swiss DPA:
This data protection notice takes into account both the GDPR and the Swiss Data Protection Act (DPA). We use the terms of the GDPR to ensure uniform comprehensibility. The legal meaning of the terms continues to be based on the requirements of the Swiss DPA.


DURATION OF DATA STORAGE

We process your personal data (address, email address, telephone number), if necessary, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond in accordance with the statutory retention and documentation obligations arising from the Swiss Commercial Code (UGB), among others. The data is stored in accordance with the Austrian Commercial Code (UGB), the Federal Fiscal Code (BAO) and until the end of any legal disputes, ongoing warranty and guarantee periods, etc.

We process your personal data (address, email address, telephone number) for the duration of the entire business relationship (from the initiation and execution to the termination of a contract) and beyond in accordance with the statutory retention and documentation obligations. These result, among other things, from the Austrian Commercial Code (UGB) and the Federal Fiscal Code (BAO). In addition, data is stored until the end of any legal disputes and during ongoing warranty and guarantee periods.

Personal data that we process will be deleted as soon as the underlying consent is revoked or there is no further legal basis for processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. We process data that must be retained for commercial or tax law reasons or for legal prosecution exclusively for these purposes.

The retention periods are based on the legal requirements:

  • 10 years: books, records, annual financial statements, inventories, management reports, opening balance sheets, accounting vouchers, invoices and all necessary work instructions and organizational documents (§ 132 BAO, §§ 190-212 UGB).
  • 6 years: Business documents such as commercial and business letters, price labels, hourly wage slips and similar documents (§ 132 BAO, §§ 190-212 UGB).
  • 3 years: Data for processing potential warranty and compensation claims as well as related inquiries, in accordance with the regular limitation period (sections 1478, 1480 ABGB).

The periods generally begin at the end of the calendar year in which the event triggering the period occurs. In the case of ongoing contractual relationships, this is the time of termination of the contract.

Right of withdrawalYour express consent is required for the processing of your data. As a matter of principle, we do not process the data of minors and assume that you have reached the age of 14 or have the consent of your legal representative.

In accordance with the General Data Protection Regulation (GDPR), you can assert various rights against us at any time. These are regulated in particular in Articles 15 to 21 GDPR:

  • Right to object: You can object to the processing of your personal data at any time for reasons arising from your particular situation, provided that this is done on the basis of Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling based on these provisions. If your personal data is used for direct marketing, you have the unrestricted right to object to processing for this purpose - including profiling, insofar as it is associated with such direct marketing.
Revocation of consent: You have the right to revoke your consent to the processing of your personal data at any time with effect for the future.Right to rectification: You may request the rectification of inaccurate personal data or the completion of incomplete personal data, provided that this complies with the legal requirements. Right to erasure and restriction of processing: You have the right to request the erasure of your personal data without undue delay, provided that the legal requirements are met. Alternatively, you can request the restriction of the processing of your data, insofar as this is permitted by law.Right to information and right to data portability: You have the right to request confirmation as to whether your personal data is being processed and to receive information about this data. You can also request a copy of the processed data. In accordance with the legal requirements, you can also request the provision of your data in a structured, commonly used and machine-readable format or request that it be transferred to another controller if this is technically feasible.Right to lodge a complaint: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Austrian Data Protection Authority (Wickenburggasse 8-10, 1080 Vienna, email: dsb@dsb.gv.at).

Contact us at any time with questions, revocations, corrections or other concerns regarding the processing of your data via the following e-mail address: info@dermasr.com or write to: SC Cosmetics Handels GmbH, Baumgarten 206, 6320 Angerberg.


WEBSHOP PURCHASING AND CONTRACT DEVELOPMENT

When you make purchases via our webshop at https://dermasr.com, we store various data in the form of cookies, including inventory data, payment data and technical information from our customers and interested parties. This data processing is necessary to enable you to use the web store, to process orders, to implement pre-contractual measures and to fulfill legal obligations. It is not possible to conclude a contract without this data. In addition, the data collected is used for administrative purposes and contributes to the security of our business partners and our business operations. In this way, we ensure a smooth and secure ordering process and protect your data at the same time.

Data is only passed on to third parties to the extent necessary, for example to fulfill legal obligations or in the case of legitimate interest.

  • Banking institutions and payment service providers: For the processing of payment transactions.
Transport companies and shipping service providers: For the delivery of ordered goods.Tax consultant: To fulfill our obligations under tax law.

All third-party providers have undertaken to comply with data protection regulations. There are order processing contracts with the service providers in accordance with Art. 28 GDPR. Further information on the processors can be requested at info@swiss-color.com.

Events and functions
When organizing and holding events, we process participant data in order to enable participation and provide services. If special categories of data (e.g. health data) are processed, this is done on the basis of consent, for security purposes or on the basis of obvious information in the context of the event.


NEWSLETTER

Newsletters and electronic notifications
We send out newsletters with information about our services, promotions and offers. Your e-mail address is usually sufficient for free registration. Optionally, we ask for your name or other details in order to create personalized content.

Objection (opt-out)
You can unsubscribe from the newsletter at any time. You will find the unsubscribe link in every email or use the contact options provided (preferably by email).

Deletion and restriction of processing
We may store unsubscribed email addresses for up to three years in order to prove that consent was previously given. This data is processed exclusively for the defense against potential claims. You can request individual deletion at any time, provided that the existence of consent is confirmed. In order to permanently observe objections, we may store email addresses in a blocklist.

Logging and mailing service providers
The registration process is logged for verification purposes. If we commission service providers such as Mailchimp to send emails, this is done on the basis of our legitimate interests in a secure and efficient system.

Note on affected services

  • Mailchimp


SOCIAL NETWORKS (SOCIAL MEDIA)

We operate channels in social networks and process user data in order to communicate with active users or offer information. User data may be processed outside the European Union, which could entail potential risks for users, for example with regard to the enforcement of their rights.

Within social networks, user data is generally used for market research and advertising purposes. For example, user profiles are created on the basis of behavior in order to place targeted advertisements both within and outside the networks. Cookies are used for this purpose, which store the usage behavior and interests of users. In some cases, this data can be stored across devices, especially if users are members of the respective platforms and remain logged in.

For detailed information on data processing and opt-out options, please refer to the privacy policies of the respective platform operators. If you have any questions or wish to assert your rights, please contact us at the following email address: info@swiss-color.com or write to SC Cosmetics Handels GmbH, Baumgarten 206, 6320 Angerberg.

Notes on the affected services:

  • Instagram: https://www.instagram.com/dermasr/
  • Facebook: https://www.facebook.com/DermaSRInternational
  • YouTube: https://www.youtube.com/@dermasr


REGISTRATION, USER ACCOUNT AND AFFILIATE PROGRAM

Registration and user accountUsers can create a personal user account in order to make full use of our services. As part of the registration process, we collect and process the required mandatory information, such as user name, password and e-mail address, in order to provide the account and fulfill contractual obligations. In addition, we store the IP address and times of the respective user actions in the course of using the user account. This serves to protect against misuse and unauthorized use and is based on our legitimate interests. This data is only passed on to third parties if required by law or to enforce claims.

Users can be informed by email about relevant processes, such as technical changes or security-related information. When a user account is terminated, all associated data will be deleted unless there is a legal obligation to retain it. It is the responsibility of users to back up their data before the end of the contract, as we are entitled to irrevocably delete the data.

Affiliate program
We offer an affiliate program in which users as “affiliates” receive commissions or benefits by referring to our offers. The referrals are made via individual links or discount codes that are assigned to affiliates in order to track success.

For the assignment, we store information about whether a user has followed an affiliate link and whether this has resulted in a business transaction or other use of our services. This data processing is used exclusively for commission accounting and is deleted as soon as it is no longer required.

Affiliate links can be supplemented with specific values that are stored in the link itself or in cookies. This allows us to clearly trace the origin of a business transaction.


PAYMENT METHODS

In the context of contractual relationships, legal obligations or our legitimate interests, we offer secure and efficient payment methods for which we use payment service providers in addition to banks and credit institutions.

The data processed by the payment service providers includes inventory data (e.g. name, address), bank data (e.g. account numbers, credit card numbers), passwords, TANs and check digits as well as transaction-related information. This is necessary in order to process payments. The data entered is processed and stored exclusively by the payment service providers. We do not receive any account or credit card information, only a confirmation or rejection of the payment. In some cases, payment service providers transmit data to credit agencies for identity and credit checks.

The terms and conditions and privacy policies of the respective payment service providers, which are available on their websites or apps, apply to payments. We recommend that you also consult these for further information and to exercise your rights (revocation, information, etc.).

Notes on the services concerned:

  • Apple Pay
  • Klarna
  • Mastercard
  • PayPal
  • Visa


WEB ANALYSIS, OPTIMIZATION AND ONLINE MARKETING

In the process of our web analysis, optimization and online marketing measures, we process personal data in order to improve our online offering, increase user-friendliness and place targeted advertising content. Processing is carried out in compliance with the applicable data protection regulations, either on the basis of user consent or our legitimate interests.

Web analysis and optimization
We use web analysis to evaluate visitor flows and measure reach. We collect pseudonymized data, such as pages visited, click paths, intensity of use and technical information (e.g. device types, operating systems). We use test procedures (e.g. A/B tests) to optimize our content and functions in order to increase user-friendliness.

For this purpose, we use IP masking so that the IP addresses of users are processed pseudonymously. Location data is only processed with the express consent of the user.

Online marketing
We also create pseudonymized user profiles for the marketing of advertising space and the display of interest-based content. Information such as content viewed, networks used and technical details are stored and analyzed. Cookies or similar procedures make it possible to analyze this data and read it again on other websites that use the same procedure.

We can use conversion measurements to check which of our marketing measures have led to the desired success, such as the conclusion of a contract. This data is also processed on a pseudonymous basis. Users' personal data is only processed if they have given their additional consent, e.g. as members of a social network.

In this context, we would also like to draw your attention to the information on our cookies / cookie settings.

Affected services:

  • Google Analytics (analysis of visitor flows and reach measurement)
  • Google Ads and conversion measurement (success analysis of advertising campaigns)


GAMES, COMPETITIONS AND SURVEYS

We process participants' personal data as part of competitions, contests and surveys in compliance with the applicable data protection regulations. The processing takes place insofar as it is contractually necessary for the provision, implementation and processing of the respective campaign, the participants have consented or our legitimate interests, e.g. in the security of the campaigns or protection against misuse, are safeguarded.

Competitions and contests
Personal data, such as name, contact details or entries, are processed to enable the implementation and processing of the competitions. If contributions are published within the campaign (e.g. for votes or reports), the names of the participants may also be visible. Participants can object to this publication at any time.

If competitions are held on online platforms such as Facebook or Instagram, the terms of use and data protection provisions of the respective platforms also apply. Please direct any inquiries about the competition directly to us. Participants' data will be deleted as soon as it is no longer required after the end of the campaign. Winners' data may be stored for longer for legal reasons, e.g. for up to three years in the case of non-cash prizes to process warranty claims.

Surveys and polls
Our surveys are used to collect information anonymously, e.g. through feedback forms or online questionnaires. Personal data is only processed if this is necessary for provision and implementation, e.g. to display the survey in the browser or to enable resumption.

Note on affected services:
We may use services such as Google forms for surveys. The respective data protection provisions of the service platform, such as Google Ireland Limited, apply.


DATA SECURITY AND TRANSMISSIONS

SC Cosmetics Handels GmbH takes appropriate technical and organizational security measures in accordance with the legal requirements, taking into account the current state of the art, the implementation costs and the type, scope, circumstances and purposes of the data processing. These ensure a level of protection for personal data appropriate to the risk against accidental or intentional manipulation, loss, destruction and unauthorized access.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access. We already take data protection into account when selecting hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings.

When processing personal data, it may be necessary to transfer it to other bodies, companies or persons, e.g. to providers of integrated IT services. In such cases, we ensure that legal requirements are observed and conclude contracts to protect your data. Within our organization, we may transfer personal data to other departments or grant them access to it if this is done to fulfill contractual obligations or on the basis of legitimate interests.


CHANGES AND UPDATES

Please check our privacy policy regularly. We will make changes if adjustments to data processing are necessary. Should your cooperation (e.g. consent) or individual notification become necessary, we will inform you accordingly.

This website uses cookies to ensure the best experience possible. More information...