Data protection has a particularly high priority in our company and when using our website. Our website www.di1ara.com can generally be used without providing any personal data. We only process users' personal data to the extent that this is necessary to provide a functioning website and to provide and provide our services.
Personal data is only processed with the user's consent. An exception to the prior obtaining of the user's consent only exists if the prior obtaining of the consent is technically and actually not possible and the processing of the data is permitted by statutory provisions.
On our website www .di1ara.com we present cosmetics and lifestyle items of all kinds. Users have the opportunity to get an overview of our range of goods easily and without obligation. In addition, users have the option of purchasing the goods shown via the shop software integrated on our website www.di1ara.com. Personal data is processed for these processes, more details are shown in the following points.
1. Legal basis
If we have the consent of the person concerned for the processing of personal data or we obtain this from the person concerned, Article 6 Paragraph 1 lit. a of the GDPR is the legal basis for data processing .
If we are contractually bound to the person concerned and the processing of personal data is necessary to fulfill our contractual obligations, the data processing takes place on the basis of Article 6 Paragraph 1 lit. b GDPR. This also applies to processing operations that are necessary in the context of initiating contractual relationships.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) applies lit. c GDPR as the legal basis.
If processing is necessary to protect the legitimate interests of our company or a third party and the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first-mentioned interest, then the data will be processed on the basis of Article 6 Paragraph 1 lit. f GDPR.
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage in accordance with the named legal bases no longer applies. Storage can also take place if this has been provided for by the legislature by means of regulations to which we are subject. The stored data will also be blocked or deleted if the storage period prescribed by the specified standards expires, unless further storage is required to fulfill contractual purposes.
2. Responsible within the meaning of the GDPR
The responsible within the meaning of the General Data Protection Regulation and other national data protection laws as well as other data protection regulations is:
Managing Director: Veli Avci
Phone: +49 (0) 175 4484213
3. Operation of an online shop
We have set up an online shop on our website that enables you to order our goods. In order to carry out the order, the customer enters personal data, which we store, as part of the order processing.These include:
- Name, first name
- Address (billing and delivery address)
- Payment data
- Email address
The data is absolutely necessary for the delivery of the goods and for processing your order. The legal basis for data processing is the fulfillment of (purchase) contractual obligations in accordance with Article 6 Paragraph 1 lit. b GDPR.
In order to process the order, we must also pass the data on to third parties.
These are primarily transport and parcel services that need the data to deliver your goods order . We currently ship with DHL.
You can find more information about DHL's data protection regulations here:
https://www.dhl.de/datenschutz Furthermore, these are the payment service providers you selected during the ordering process.
You can find more information about PayPal's data protection regulations here: https://www.paypal.com/de/webapps/mpp/ ua/privacy-full
You can find more information about KLARNA's data protection regulations here:
The personal data collected for the ordering process will be deleted after the order has been completed. For more information on your rights, please refer to the last paragraph of this data protection declaration.
You have the option of subscribing to a free newsletter via our website. When registering for the newsletter, the data from the input mask is transmitted to us. You will then receive an e-mail from us asking you to confirm your subscription to our newsletter. Your e-mail address will be collected during the registration process. Your consent will be obtained for the processing of the data as part of the registration process and reference will be made to this data protection declaration, the legal basis for the processing of your data is Art. 6 (1) lit or request and/or purchase services and provide your e-mail address, this can subsequently be used by us to send a newsletter. In such a case, only direct advertising for your own similar goods or services will be sent via the newsletter. In this case, the legal basis for sending the newsletter is Section 7 (3) UWG.
In connection with data processing for sending newsletters, no data is passed on to third parties. The data will only be used to send the newsletter. The collection of the user's e-mail address serves to deliver the newsletter. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active. The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. The termination also revokes the consent to the storage of the personal data collected during the registration process.
5. Contact form and e-mail contact
We offer a contact form for certain offers, which can be used for electronic contact. If a user takes advantage of this offer, the data entered in the input mask will be transmitted to us and saved. The following data can be entered: Name, address, telephone number, e-mail address.
Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration.
Alternatively, it is possible to contact us via the email address provided.In this case, the user's personal data transmitted with the e-mail will be stored
If the user so wishes, his data will be forwarded to precisely named third parties for the purpose of submitting an offer that the user has requested given. The transmission of the data serves to submit a contract offer according to the specifications of the user, the legal basis for the processing of the data is Article 6 Paragraph 1 lit. b GDPR. In other cases, the legal basis for data processing is the user's consent in accordance with Article 6(1)(a) GDPR.
The processing of personal data from the contact form or an e-mail serves to process the establishment of contact according to the request and specification of the user. Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data transmitted by the user will be deleted after the purpose of their transmission has been achieved. For the data transmitted via the contact form or e-mail, this is the case when the respective conversation with the user or the transfer of the data to third parties according to the user's request has been completed.
The user has the option at any time to revoke his consent to the processing of personal data and to object to the storage of his personal data at any time. It is sufficient if the user notifies us informally orally or in writing; specific communication channels are not prescribed. We recommend notification by email. All personal data stored by us in the course of contacting us via the contact form or e-mail will be deleted in this case.
6. Provision of the website and creation of log files
Every time our website is accessed, our system automatically collects general information from the computer system of the accessing computer.
The following data is collected:
- Information about the browser type and version used
- URL requested by the user
- Websites from which the user's system accesses our website
- IP address of the user
The data is also stored in the log files of our system. The collected data is not stored in connection with other personal data of the user.
The legal basis for the temporary storage of the data and log files is Article 6 Paragraph 1 lit. f GDPR. The temporary storage of the IP address by the system is necessary to enable delivery of our website to the user's computer. The user's IP address must be saved for the duration of the session. The log files are stored to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation for other purposes, e.g. marketing, does not take place.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case at the end of the respective session. Generated log files are deleted after 7 days at the latest. If storage goes beyond this, the recorded IP addresses are deleted or alienated so that it is no longer possible to assign the calling client.
The collection of data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website, the user has no possibility of objection in this respect
The legal basis for the processing of personal data using cookies is Article 6 Paragraph 1 lit f GDPR. Cookies are used to ensure the smooth functioning of the shop and our website.
8. Use of social media plugins
Use of social plugins for Instagram
Our website uses Instagram plugins, which are provided by Instagram Inc. (601 Willow Road, Menlo Park, CA, 94025, USA). The integration can be recognized by the Instagram button, usually the lettering "Instagram" in connection with a pictogram of a camera in white on a colorful (yellow, red, purple) background.
The plugins are only activated when you click on the corresponding buttons. If these are greyed out, the plugins are inactive. You have the option of activating the plugins once or permanently.
The plugins establish a direct connection between your browser and the Instagram servers. This only happens after the plugin has been activated. We have no influence whatsoever on the nature and scope of the data that the plugin transmits to the Instagram servers. You can find more information about the Instagram plugin here:
The plugin informs Instagram that you as a user have visited our website. It is possible that your IP address will be saved. If you are logged into your Instagram account while visiting this website, the information mentioned will be linked to it.
9. Rights of the data subject
If personal data is processed by you, you have the following rights:
A. Right to information
You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.
If such processing is available, you can request information from the person responsible for the following information:
(a) the purposes for which the personal data are processed;
(b) the categories of personal data that are processed;
(c) the recipients or categories of recipients to whom the personal data relating to you was disclosed or will be disclosed;
(d) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
(e) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;
(f) the existence a right of appeal to a supervisory authority de;
(g) all available information about the origin of the data if the personal data is not collected from the data subject;
(h) the existence of a Automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.
2 B. Right to rectification
You have the right to rectification and/or completion from the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
1 C. Right to restriction of processing
Under the following conditions, you can restrict the Request processing of the personal data concerning you:
(a) if you contest the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
(b) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(d) the person responsible for the personal data for the purposes of the processing are no longer required, but you need them to assert, exercise or defend legal claims, or
(e) if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR t and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of the personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or processed to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
1 D.Right to Erasure
·2 Obligation to delete
You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies :
(a) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed
(b) you revoke your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
(c) You object to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR
(d) The personal data concerning you were unlawfully moderately processed.
(e) The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
(f) The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
The right to erasure does not exist if the processing is necessary
(a) to exercise the right to freedom of expression and information;
(b) to fulfill a legal obligation which requires processing by Union or Member State law to which the controller is subject, or to perform a task set out in is in the public interest or in the exercise of official authority vested in the controller;
(c) from green those of public interest in the field of public health in accordance with Art. 9 Para. 2 lit. h and lit. i as well as Art. 9 Para. 3 GDPR;
(d) for archiving purposes in the public interest , scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the law mentioned under Section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or
(e) to establish, exercise or defend legal claims.
·2 E. Right to information
You have If the right to correction, deletion or restriction of processing is asserted against the person responsible, the person responsible is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be the case themselves as unpossible equal or involves a disproportionate effort. You have the right to be informed about these recipients by the person responsible.
·2 F. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that
(a) the processing is based on consent in accordance with Art. 6 Para . 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 lit. b GDPR and
(b) the processing with the help of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other persons are thereby permitted not be affected.
The right to data transferability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that is transferred to the person responsible
1 G. Right to object
You have the right, for reasons that arise from your particular situation, at any time against the to object to the processing of your personal data, which is based on Art. 6 (1) e or f GDPR; this also applies to profiling based on these provisions.
The person responsible will no longer process the personal data relating to you, unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms prevail, or the processing serves to assert, exercise or defend legal claims.
If the personal data relating to you are processed in order to operate direct advertising, you have the right to object at any time to the processing of the submit personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for direct advertising purposes, the personal data relating to you will no longer be processed for these purposes.
In connection with the use of information society services, you have the option - regardless of Directive 2002/58/EC - to exercise your right to object by means of automated procedures that use technical specifications.
·1 H. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
·2 I. Automated decision-making in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(a) is necessary for entering into, or the performance of, a contract between you and the controller,
(b) due to legal provisions of the Union or the Member States to which the person responsible is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms and your legitimate interests or
(c) is carried out with your express consent.
However, these decisions must not be based on special categories of personal data according to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or lit. g GDPR applies and appropriate measures to protect the rights and freedoms as well as your legitimate interests have been met.
With regard to the cases referred to in (a) and (c), the person responsible shall take appropriate measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention of the person responsible, to express your own point of view and to contest the decision
·2 J. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of data concerning you personal data violates the GDPR.
The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the B Complaint including the possibility of a judicial remedy according to Art. 78 GDPR.
Status: December 2020