Facebook YouTube Pinterest Beauty Blog Beauty Blog

You have no items in your shopping cart.

Privacy Policy
for the website www.adessa-cosmetics.de

The privacy and rights of visitors to this website are very important to Adessa GmbH (hereinafter also “Adessa”). We process your data in accordance with the provisions and requirements of the General Data Protection Regulation (hereinafter “GDPR”) and the Federal Data Protection Act (hereinafter “BDSG”).

In this Privacy Policy we inform you about your rights and about the collection of personal data when you use our website. Personal data are all data that relate to you personally, e.g. your name, address, e-mail addresses and usage behaviour.

1. Name and contact data of the data controller and our Data Protection Officer

This Privacy Policy applies to data processing by:

Data controller: Adessa GmbH
represented by the MD Torsten Merkl
Sommerstr. 37 a | 92421 Schwandorf | Germany
E-mail: info@adessa-cosmetics.de
Telephone: 49 (0)9431-71 825 0
Fax: 49 (0)9431-71 825 10

The Data Protection Officer of Adessa GmbH can be contacted at the above address, for the attention of Mr. Kurt Mieschala, and/or by sending an e-mail to rechtsanwalt@mieschala.de.

2. Collection and storage of personal data and the type and purpose of their use

a. If you visit our website

If you visit our website www.adessa-cosmetics.de to obtain information, i.e. if you do not register with us or send us information in any other way, the browser you are using on your end device automatically sends information to our website’s server. This information is stored in a temporary file, known as a log file. The following information is collected automatically and is stored until it is automatically erased:

•    IP address of the computer being used
•    date and time of your visit
•    name and URL of the file being retrieved
•    the website from which you came to our website (referrer URL)
•    the browser and computer operating system you are using and the name of your internet service provider.

We process these data for the following purposes:

•    to guarantee a smooth connection to our website
•    to guarantee a pleasant user experience when you visit our website
•    to analyse system security and stability
•    for other administrative purposes.

The legal basis for data processing is Art. 6 (1) f) GDPR. Our legitimate interest in data collection arises out of the purposes listed above. Under no circumstances do we use the collected data for the purpose of identifying you.

When you visit our website we furthermore use cookies and analytical services. For further details of these, please refer to Nos. 4 and 5 of this Privacy Policy.

b. If you conclude a contract in our online store

If you place an order in our online store and offer to conclude a contract with us, we store the data that you input and provide (name, address, etc.) that is required to take care of your order, to deliver the goods and to handle your payment. We may share your payment data with our bank. The legal basis in this instance is Art. 6 (1) b) GDPR.
If you cancel the order process, no data about the order that you may already have placed and declared will be stored.
You may place an order as a guest or you may register. If you register, we will create a password-protected customer account for you using the existing data we have about you.
Data are collected and processed for the purpose of contract performance in accordance with Art. 6 (1) b) GDPR.

We store the data for handling your order for the statutory retention periods and for as long as they are required to handle your order(s) inclusive of warranty periods and/or statutes of limitation.
If you delete your customer account, your existing data stored therein will be erased without delay with due regard for any ongoing orders, warranty periods and/or statutes of limitation and/or retention periods.

c. If you subscribe to our newsletter

(1) You may consent to subscribe to our newsletter with which we inform you about current interesting offers. The advertised goods and services are specified in the Declaration of Consent.

(2) For subscriptions to our newsletter we use what is known as a double opt-in procedure. This means that after you subscribe, we send an e-mail to the e-mail address you have given to us in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your subscription within 24 hours, your information is blocked and automatically erased after one month. We furthermore store the IP addresses you use and the times of your subscription and confirmation. The purpose of this procedure is to verify your subscription and, where necessary, to establish any possible misuse of your personal data.

(3) The only mandatory data we require from you when subscribing to the newsletter is your e-mail address. The provision of any other, separately indicated data is voluntary and is used to address you personally. After you have confirmed, we store your e-mail address so that we can send you the newsletter. The legal basis in this instance is Art. 6 (1) a) GDPR.

(4) You may withdraw your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You may indicate the withdrawal of your consent by clicking on the e-mail link contained in every newsletter.

d. If you use our contact form

For queries of every kind, you may contact us using the contact form on our website. In doing so, you will be required to provide a valid e-mail address so that we know who has sent the enquiry and so that we can answer it. Any other details (e.g. your name and telephone number) are provided on a voluntary basis.
Data processing for the purpose of making contact with us is in accordance with Art. 6 (1) a) GDPR on the basis of your voluntary consent.
The personal data we collect when you use our contact form is automatically erased once your query has been resolved.

e. If you send us an e-mail and/or register for a tutorial/training

If you send us an e-mail or if you register for a tutorial/training, you voluntarily share the data that you send to us. Where it is necessary to process and/or respond to your e-mail, we store the data. The data are erased after we have dealt with your e-mail and any follow-up questions.

f. If you send or e-mail us a job application

We also collect and process the data of job candidates for the purpose of dealing with job application processes. For the purpose of dealing with job application processes we collect and process the personal data of candidates responding to advertised jobs or those submitting applications on spec. As a job candidate you send us these data voluntarily.
When an employment, work, internship or training contract is concluded, the data you send us is stored for the purpose of administering the employment, internship or training relationship.
If your application is rejected, your application documents are erased six months after the rejection has been issued provided that such erasure does not conflict with a legitimate interest of the data controller such as legal proceedings in connection with the General Equal Treatment Act (AGG).

g. Other purposes

The legal basis for processing personal data is

•    your consent to a specific processing of your data, Art. 6 (1) a) GDPR
•    for contract performance, e.g. a purchase, the provision of a service or some other performance or consideration, Art. 6 (1) b) GDPR
•    some statutory obligation to which we are subject such as meeting fiscal obligations, Art. 6 (1) c) GDPR
•    in the case of processing that is not covered by one of the above legal bases, processing is necessary to pursue our legitimate interest or that of a third party insofar as this interest is not overriden by your interests, fundamental rights and fundamental freedoms, Art. 6 (1) f) GDPR.

h. Erasure of data

We process and store personal data for the period necessary to achieve the purpose for which they were stored or for as long as foreseen under legislation and regulations with which we are required to comply.
Once the purpose of storage no longer exists or after the statutory storage or retention period has elapsed, personal data are automatically erased or blocked in accordance with the statutory provisions.

3. Transfer of data

Your personal data are not transferred to third parties except for the purposes set out below.
We only transfer your personal data to third parties if:

•    you have given us your explicit consent in accordance with Art. 6 (1) a) GDPR
•    transfer is necessary for the establishment, exercise or defence of legal claims as set out in Art. 6 (1) f) GDPR and there is no reason to assume that you have any overriding interest in the non-transfer of your data that requires protection.
•    transfer is a statutory obligation as set out in Art. 6, (1) c) GDPR
•    this is lawful and necessary in accordance with Art. 6 (1) b) GDPR to administer our contractual relationship with you, e.g. to effect delivery through third-party transport companies.

4. Your rights

You have the right:

In accordance with Art. 15 GDPR to obtain information about the personal data about you that we process. You may most notably request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data are or will be disclosed, the proposed period of retention, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of the right to lodge a complaint, the source of your data where we did not collect them ourselves, and about the existence of automated decision-making inclusive of profiling and, where relevant, clear detailed information about same.

In accordance with Art. 16 GDPR to request the rectification of incorrect personal data or completion of your personal data that we have stored.

In accordance with Art. 17 GDPR to request the erasure of your personal data that we have stored provided that the processing is not necessary to exercise the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise and defence of legal claims.

In accordance with Art. 18 GDPR to request that the processing of your personal data be restricted insofar as you dispute the correctness of the data, where the processing is unlawful but you refuse the erasure of the data and we no longer need them but where you require these data for the establishment, exercise or defence of legal claims or where you have objected to processing in accordance with Art. 21 GDPR.

In accordance with Art. 20 GDPR to request that we provide you with your personal data in a structured, commonly-used and machine-readable format or that the data be transferred to some other data controller.
In this connection you have the right to request that the personal data be transferred directly from one data controller to another data controller insofar as this is technically feasible and does not adversely affect the rights and freedoms of others or of the data controller.

In accordance with Art. 7 (3) GDPR you may withdraw the consent you have given to us at any time. In consequence, we will no longer be permitted to process data on the basis of that consent.

In accordance with Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule you may do so with the supervisory authority in your usual place of residence or work, or with our Head Office.

5. Right to object

Insofar as your personal data are processed on the basis of legitimate interests as set out in Art. 6 (1) f) GDPR, you have the right in accordance with Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation or where you object to direct advertising. In the latter case you have the general right to object with which we will comply without any specification of a special situation. If you wish to exercise your right to withdraw consent or to object, you may simply send an e-mail to info@adessa-cosmetics.de.

6. Data security

When you visit our website we use well-established SSL encryption (Secure Socket Layer) in conjunction with the highest encryption level that can be supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v.3 technology instead. You can tell whether an individual page of our website is encrypted because you will see a closed padlock symbol in your browser’s address bar.
We also put suitable technical and organisational security measures in place to protect your data against accidental or deliberate manipulation, partial or complete loss, erasure, or unauthorised access by third parties. Our security measures are improved on an ongoing basis in line with technological developments.

7. Use of cookies:

a) This website uses the following types of cookies whose scope and functions are explained below:

        –Transient cookies (see b)

        –Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close your browser. The most notable of these cookies are session cookies. These store what is known as a “session ID” with which various requests from your browser can be associated with your visit. This means that your computer can be recognised when you visit our website at some other future time. The session cookies are deleted when you log out or close your browser.

c) Persistent cookies are automatically erased after a specified period that varies from cookie to cookie. You can use your browser’s security settings to delete cookies at any time.

d) You can configure your browser settings in accordance with your wishes and, for example, block third-party cookies or all cookies. We would like to point out that if you do so, you may not be able to use all of this website’s functions.

e) We use cookies so that we can identify you on future visits, if you have an account with us. Otherwise you will have to log in each time you visit.

8. Analytical tools
a)     Use of Google Analytics
(1)     This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies which are text files that are stored on your computer and allow your website usage to be analysed. As a rule, the information about your website usage generated by the cookie is transferred to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, within the European Union member states or in other European Economic Area signatory states, Google will abbreviate your IP address beforehand. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there. Google uses this information on behalf of this website’s operator to analyse your website usage, to compile reports about website activities and to provide other services relating to website and internet usage to the website operator.
 (2) The IP address transmitted by your browser within the scope of Google Analytics is not combined with any other data held by Google.
 (3) You can prevent the storage of cookies by adjusting your browser settings; we would however advise you that if you do so, you may not be able to use all of the functions of this website. You can also prevent the collection by Google of data related to your website usage (incl. your IP address) generated by the cookie and Google’s processing of this data by downloading and installing the browser plugin available here: http://tools.google.com/dlpage/gaoptout?hl=de.
(4)     This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are abbreviated and processed so that no individual can be identified. This means that where some personal connection is created via the data collected about you, it is ruled out immediately and the personal data are instantly erased.
(5) We use Google Analytics to analyse usage of our website and to regularly improve it. Using the statistics we obtain, we can improve the service we offer and make it more interesting for you, as a user. In exceptional cases where personal data are transferred to the USA, Google has signed up to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
The legal basis for the use of Google Analytics is Art. 6 (1) f) GDPR.
(6) Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/de.html; privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html; privacy policy: http://www.google.de/intl/de/policies/privacy.
(7)    This website further uses Google Analytics for a cross-device analysis of visitor flows that is effected using a user ID. You can deactivate the cross-device analysis of your use in your customer account under “My Data”/”Personal Data”.

b) Privacy terms for cross-device remarketing

Our website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. This function makes it possible to connect the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-related, personalised advertising based on your previous usage and surfing behaviour on an end device (e.g. a mobile phone) can also be displayed on other end devices you use (e.g. tablet or PC). If you have given your corresponding consent, Google will link your web and app browsing with your Google account for this purpose. In this way, the same personalised advertising can be displayed on any end device on which you are logged in to your Google account. To support this function Google Analytics collects Google-authenticated IDs of users that are temporarily linked with our Google Analytics data in order to define and create target groups for cross-device advertising. You may permanently refuse cross-device remarketing/targeting by deactivating personalised advertising in your Google account and you can do so by following this link:

For further information and privacy protection terms, see Google’s Privacy Policy: http://www.google.com/policies/technologies/ads/

9. Social media plugins

We currently use the following social media plugins: Facebook, Google+, Twitter (see A.) Pinterest (see B) and Instagram (see C).

A. (1) In doing so, we use what is known as the “two-click” solution. This means that when you visit our website, no personal data are initially transmitted to the plugin provider. You can recognise the plugin provider by its displayed initial letter or logo. We give you the opportunity to communicate directly with the plugin provider via the button. Only when you click on the marked field and thus activate it does the plugin provider receive the information that you are visiting our website. In addition, the data mentioned at No. 3 of this Privacy Policy are transferred. In the case of Facebook, according to the respective provider in Germany, the IP address is anonymised as soon as it is collected. By activating the plugins your personal data are therefore transferred to the respective plugin provider and stored there (in the USA in the case of US providers). Since the plugin provider collects data, particularly via cookies, we recommend that you delete all cookies in your browser settings before you click on the greyed-out box.
 (2) We have no influence on either the collected data or the data processing processes nor are we aware of the full extent of data collection, the purposes of processing or the retention periods. Equally, we have no information about the erasure of the collected data.
 (3) The plugin provider stores the data collected about you as a user profile and uses these data for the purposes of advertising, market research and/or needs-appropriate design of its website. Such analysis is undertaken in particular (also for users who are not logged in) to display needs-appropriate advertising and to inform other users of the social network about your activities on our website. You may object to the creation of this user profile whereby you must contact the respective plugin provider to exercise this right. Via the plugins we offer you the opportunity to interact with the social networks and other users so that we can improve our service and make it more interesting for you, as a user. The legal basis for the use of the plugin is Art. 6 (1) f) GDPR.
 (4) Data transfer occurs independently of whether you have an account with the plugin provider and are signed in. If you are signed in with the plugin provider, the data we collect about you are associated directly with your account with the plugin provider. If you click on the activated button and, for example, link the page, the plugin provider will also store this information in your user account and will publicly share this with your contacts. We recommend that you regularly log out after using a social network, particularly before activating the button so that you can avoid data being associated with your profile.
 (5) You can obtain further information about the purpose and scope of data collection and their processing by the plugin provider in the privacy policies of the plugin providers as shown below. These also contain further information about your rights in this connection and the settings you can use to protect your privacy.

 (6) Addresses of the respective plugin providers and URLs of their privacy policies:
a)     [Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information about data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications  and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has signed up to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework .
b)     Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has signed up to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
c)    Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has signed up to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

B. Use of Pinterest

We use the service pinterest.com on our website. Pinterest.com is a service provided by
Pinterest, Inc., 808 Brannan St, San Francisco, CA 94103, USA. When you use the integrated “Pin it” button on our website, Pinterest receives the information that you have visited the corresponding page of our website. If you are logged in to Pinterest, Pinterest can associate this visit to our website with your Pinterest account and thus link the data. The data transferred when you click on the “Pin it” button are stored by Pinterest. You can obtain further information about the purpose and scope of data collection, their processing and use, and about your rights in this connection and the settings you can use to protect your privacy in the Pinterest privacy policy which you can see here:

C.    Use of Instagram   

We use the Instagram service on our website. Instagram is a service provided by Instagram Inc. When you use the integrated “Insta” button on our page, Instagram receives the information that you have visited the corresponding page of our website. If you are logged in to Instagram, Instagram can associate this visit to our website with your Instagram account and thus link the data. The data transferred when you click on the “Insta” button are stored by Instagram. You can obtain further information about the purpose and scope of data collection, their processing and use, and about your rights in this connection and the settings you can use to protect your privacy in the Instagram privacy policy which you can see here: http://help.instagram.com/155833707900388.

To prevent Instagram from being able to associate a visit to our website with your Instagram account, you must log out of your Instagram account before visiting our website.

10. Currentness and amendment of this Privacy Policy

This Privacy Policy is currently valid as at May 2018.
In developing our website and services or owing to changes to legislation or official requirements, it may be necessary for us to amend this Privacy Policy. You can see and print the respective current version of our Privacy Policy at any time on our website at:


11. Consent to receiving customer care, information (advertising) and marketing

I herewith agree that for the purposes of customer care, advertising and marketing, Adessa GmbH may collect, store and process my data, and it or its internal team partners may use my data. I furthermore agree that I may be informed about further offers or services from Adessa GmbH in writing, by telephone, by e-mail, SMS, WhatsApp or other electronic means. Data is not transferred to third parties above and beyond the purposes to which I have consented. I may withdraw my consent with future effect at any time by sending an e-mail to info@adessa-cosmetics.de or by writing to the contact address shown in the Legal Information section.