Data protection has a particularly high priority in our company and use of our website. The use of our website www.di1ara.com is basically possible without the indication of personal data. We process personal data of the users only to the extent that this is necessary for the provision of a functional website and for the provision and performance of our services is required.
The processing of personal data is generally only carried out with the consent of the user. An exception to the prior obtaining of the user's consent is only where prior consent is technically and factually impossible and the processing of the data is permitted by legal regulations.
On our website www.di1ara.com we present cosmetics and lifestyle products of all kinds.
Users have the possibility to get an overview of our product range easily and without obligation. In addition, users have the possibility to purchase the displayed goods via the shop software integrated on our website www.di1ara.com. Personal data is processed for these procedures, more details are given in the following points.
(1) Legal basis
Insofar as we require the consent of the data subjects for the processing of personal data person or we obtain this from the person concerned, according to Art. 6 para. 1 lit. a of the DSGVO Legal basis for data processing.
If we have a contractual relationship with the data subject and we are required to process personal data is necessary for the fulfilment of our contractual obligations, the transfer of data processing occurs on the basis of Art. 6 para. 1 lit. b DSGVO. This also applies to processing operations required in the context of the initiation of contractual relationships.
As far as the processing of personal data for the fulfilment of a legal obligation, to which our company is subject, Article 6 para. 1 lit. c DSGVO serves as legal basis.
If the processing is necessary to protect the legitimate interests of our company or of a third parties, and the interests, fundamental rights and freedoms of the data subject require the former interest does not prevail, then the data shall be processed on the basis of Art. 6 para. 1 lit. f DSGVO.
The personal data of the person concerned are deleted or blocked as soon as the purpose of the storage according to the named legal basis is not applicable. A storage can the legislator by means of regulations to which we are subject and to which we have was provided for. A blocking or deletion of the stored data is also carried out when the storage period prescribed by the standards cited expires, unless that the further storage is necessary for the fulfilment of contractual purposes.
(2) Responsible person in terms of the DSGVO
The controller in the sense of the data protection basic regulation and other national data protection laws and other data protection regulations:
45478 Mühlheim an der Ruhr
(3) Operation of an online shop
On our website we have set up an online shop, which enables you to order our goods. For the execution of the order the customer provides in the context of the order processing personal data, which are stored by us. This includes:
- name, first name
- Address (billing and delivery address)
- Payment data
- E-mail address
The data are mandatory for the delivery of the goods and for the processing of your order. The legal basis for data processing is the fulfilment of (purchase) contractual Obligations pursuant to Art. 6 para. 1 lit. b DSGVO.
To process the order, we must also pass on the data to third parties.
These are primarily transport and parcel services, which use the data for the delivery of your ordered goods. We currently ship with DHL.
Furthermore, these are the payment service providers selected by you in the order process.
You can find more information about the data protection regulations of KLARNA here:
You have the possibility to subscribe to a free newsletter via our website.
When registering for the newsletter, the data from the input mask will be transmitted to us. You will then receive an e-mail from us with the request to confirm the subscription to our newsletter. During the registration process, your e-mail address is collected. For the processing of the data, your consent will be obtained during the registration process and reference will be made to this data protection policy. The legal basis for the processing of your data is Art. 6 para. 1 lit. a DSGVO.
If you inquire and/or purchase goods or services from us and provide your e-mail address, we may use this address to send you a newsletter. In such a case, the newsletter will only be used to send direct advertising for our own similar goods or services. Legal basis for the dispatch of the newsletters in this case is § 7 para. 3 UWG.
In connection with the data processing for the dispatch of newsletters no transfer of data takes place to third parties. The data will be used exclusively for sending the newsletter. The collection of the user's e-mail address is used to deliver the newsletter.
The data is deleted as soon as it is no longer required for the purpose of its collection. The user's e-mail address is therefore stored as long as the subscription to the newsletter is active. The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter. By cancelling the subscription, the consent to the storage of the personal data collected during the registration process is revoked at the same time.
(5) Contact form and e-mail contact
We offer a contact form for certain offers, which can be used for electronic contact. If a user takes advantage of this offer, the information provided in the data entered in the input mask is transmitted to us and stored. The following data must be entered: Name, address, phone number, e-mail address.
Alternatively, it is possible to contact us via the provided e-mail address. In this case the personal data of the user transmitted with the e-mail will be stored.
If the user wishes, his data will be passed on to precisely designated third parties for the purpose of submission of an offer, which was requested by the user. The transmission of the data serves for the submission of a contract offer according to the The legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO. In other cases, the legal basis for data processing is the consent of the user according to Art. 6 paragraph 1 lit. a DSGVO.
The processing of personal data from the contact form or an e-mail serves the processing according to the request and specifications of the user. Other, personal data processed during the sending process are used to to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data transmitted by the user will be deleted after the purpose for which it was transmitted has been achieved. For data transmitted via contact form or e-mail, this is the case if the respective conversation with the user or the transfer of data to third parties has been terminated in accordance with the user.
The user has the possibility at any time to withdraw his consent to the processing of his personal data and the storage of his personal data at any time. In this respect, it is sufficient if the user informs us informally verbally or in writing, certain communication channels are not foreseen. We recommend the notification by e-mail. All personal data, which is collected in the course of contacting us by contact form or e-mail from us will be deleted in this case.
(6) Provision of the website and creation of log files
Every time you visit our website, our system automatically collects general information from the computer system of the calling computer.
The following data is collected:
- Information about the browser type and the version used
- URL accessed by user
- Websites from which the user's system accesses our website
- IP address of the user
The data is also stored in the log files of our system. A storage of the data in connection with other personal data of the user does not take place.
The legal basis for the temporary storage of data and log files is Article 6(1)(b). f DSGVO. Temporary storage of the IP address by the system is necessary in order to enable a delivery of our website to the user's computer. The IP address of the user must remain stored for the duration of the session. The storage of the log files is done to ensure the functionality of the website. In addition, the data serves us for optimization of the website and to ensure the security of our information technology systems. An evaluation for other purposes, e.g. marketing, does not take place.
The data is deleted as soon as it is no longer needed for the purpose of its collection. In the case of the collection of data for the provision of the website, this is the case at the end of the respective session. Generated log files will be deleted after 7 days at the latest. If a storage beyond this takes place, the recorded IP addresses will be deleted or alienated so that an assignment of the calling client is no longer possible.
The collection of the data for the provision of our website and the storage of the data in logfiles is mandatory for the operation of the website, the user has no rights of opposition.
The legal basis for the processing of personal data using cookies is article 6 paragraph 1 lit f DSGVO. Cookies are used to ensure the smooth function of the shop and our website.
(8) Use of Social Media Plugins
Using Social Plugins for Instagram
Our web site uses Instagram plugins, which are provided by Instagram Inc. (601 Willow Road, Menlo Park, CA, 94025, USA). The Instagram button, usually the word "Instagram" in conjunction with a pictogram of a camera in white on a colorful (yellow, red, purple) background, indicates the Instagram plugin.
The plugins are only activated when you click on the corresponding buttons.
If they are greyed out, the plugins are inactive. You have the possibility to activate the plugins once or permanently.
The plugins establish a direct connection between your browser and the Instagram servers. This only happens after the plugin has been activated. We have no influence on the nature and extent of the data that the plugin transmits to Instagram's servers. You can find more information about the Instagram plugin here: http://instagram.com/about/legal/privacy/.
The plugin informs Instagram that you have visited our website as a user. It is possible that your IP address will be stored. If you are logged in to your Instagram account while visiting this website, the above information will be linked to your Instagram account.
(9) Rights of the person concerned
As far as personal data is processed by you, you are entitled to the following rights:
A. Right of access to information
You may be required to confirm whether personal data concerning you will be processed by us.
If such processing exists, you can request the data controller to inform you of the following Request information:
(a) the purposes for which the personal data are processed;
(b) the categories of personal data processed;
(c) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(d) the intended duration of the storage of the personal data relating to you; or, if it is not possible to give specific details, criteria for determining the storage duration;
(e) the existence of a right of rectification or erasure of the data concerning your personal data, of the right to limit the processing by the data controller or a right to object to such processing;
(f) the existence of a right of appeal to a supervisory authority;
(g) any available information as to the origin of the data, where the personal data are data are not collected from the data subject;
(h) the existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) DSGVO and - at least in these cases - meaningful information about the logic involved, the scope and the intended the consequences of such processing for the data subject.
You have the right to obtain information as to whether the data concerning you transfers personal data to a third country or to an international organisation. In this context, you may demand to be informed about the appropriate guarantees according to Art. 46 DSGVO in connection with the transfer.
B. Right of rectification
You have a right of correction and/or completion towards the responsible person, if the personal data processed concerning you is incorrect or incomplete. The person responsible shall make the correction without delay.
C. Right to restrict processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
(a) if you dispute the accuracy of the personal data concerning you for a period which enables the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data;
(d) the controller no longer needs the personal data for the purposes of the processing, but you need the personal data for the purpose of asserting, exercising or defending legal claims; or
(e) if you have lodged an objection to the processing pursuant to Art. 21 (1) DPA and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data relating to you has been restricted, you may access data - apart from their storage - only with your consent or for assertion, the exercise or defence of legal claims or the protection of the rights of another natural or legal person or for reasons of important public interest of Union or a Member State. If the restriction on processing restricted according to the above-mentioned requirements, you will be informed by the person responsible before the restriction is lifted.
D. Right of cancellation
Obligation to delete
You may request the person responsible for the personal data concerning you to delete this data immediately, and the person responsible is obliged to do so immediately, if one of the following reasons applies:
(a) the personal data concerning you are, for the purposes for which they were collected or otherwise processed, no longer necessary.
(b) you revoke your consent to which the processing is subject pursuant to Art. 6, para. 1, lit. a or Article 9(2)(a) DPA, and there is no other legal basis for the processing.
(c) you lodge an objection to the processing in accordance with Art. 21 Par. 1 DSGVO and it there are no legitimate reasons for the processing, or you submit a request according to § 3. Art. 21 para. 2 DSGVO, or you object to the processing.
(d) the personal data concerning you have been processed unlawfully.
(e) the erasure of personal data concerning you is necessary to comply with a legal obligation under Union or national law to which the person responsible is subject to.
(f) the personal data concerning you has been collected in relation to the services offered of the information society according to Art. 8 para. 1 DSGVO.
The right of cancellation does not exist insofar as the processing is necessary
(a) to exercise the right to freedom of expression and information;
(b) to comply with a legal obligation which imposes on the processing under the law of Union or of the Member States to which the responsible person is subject, or to performance of a task carried out in the public interest or in the exercise of of public authority delegated to the person responsible;
(c) for reasons of public interest relating to public health pursuant to Art. 9 para. 2 lit. h and lit. i as well as Art. 9 para. 3 DSGVO;
(d) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 DSGVO, insofar as the law referred to in point (a) is likely to achieve the objectives of this makes processing impossible or seriously prejudices it, or (e) to assert, exercise or defend legal claims.
E. Right to information
If you have exercised the right to rectify, erase or limit the processing, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or limitation of processing, unless this proves to be is impossible or involves a disproportionate effort. You are facing the responsible for the processing of such information and have the right to be informed about these recipients.
F. Right to data transferability
You have the right to access the personal data concerning you, which you have given to the person in charge in a structured, common and machine-readable format.
You also have the right to transfer this data to another person in charge without hindrance by the controller to whom the personal data have been made available provided that
(a) the processing is based on a consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 (a) the processing is based on a consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and (b) the processing is carried out using automated procedures.
In exercising this right, you also have the right to obtain that the personal data directly from one controller to another controller be transmitted as far as technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability shall not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or exercise of official authority delegated to the person responsible.
G. Right of objection
You shall have the right to appeal at any time, for reasons arising from your particular situation, against the processing of personal data concerning you, which is carried out pursuant to Article 6(1) lit. e or f DSGVO; this also applies to an objection based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or if the processing is for the purpose of asserting them, exercise or defence of legal claims.
Are the personal data concerning you processed for the purpose of direct marketing you have the right to object at any time to the processing of data concerning you personal data for the purpose of such advertising; this also applies to the profiling, insofar as it is related to such direct mail.
If you object to processing for the purposes of direct marketing, the personal data is no longer processed for these purposes.
You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to directive 2002/58/EC, by means of automated procedures using technical specifications.
H. Right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.
I. Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or which significantly affects you in a similar way. This shall not apply if the decision
(a) for the conclusion or performance of any contract between you and is required,
(b) is authorised by Union or national law to which the person responsible is subject and that law provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
(c) with your expressed consent.
However, these decisions may not be based on special categories of personal data in accordance with Art. 9 Para. 1 DSGVO, unless Art. 9 Para. 2 lit. a or lit. g DSGVO applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in (a) and (c), the controller shall take appropriate measures to protect the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the controller, to present his or her point of view and to contest the decision.
J. Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State in which you are resident, in your place of work or in the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you is in breach of the DSVGO.
The supervisory authority to which the complaint has been submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.
Status: Dec. 2019