PRIVACY POLICY

1. Data protection at a glance

1.1. General information

When you use this website, various data (personal and non-personal data) are collected. This privacy policy explains what types of data we collect and what we use them for. It also explains how and for what purpose this takes place.

The following sections provide a simple overview of what happens to your personal and non-personal data when you visit our website.

The Data Protection Officer is
Ansgar Fritze
Dircksenstraße 88
10178 Berlin
Tel. 030 54 43 15 47
Email: piercing@mayduna.de

1.2. Minors
Protecting children’s data is of great importance, particularly online. This website is not designed for or directed at children. Minors may only use our services with the prior consent or authorization of a parent or legal guardian. We do not knowingly collect personal data from minors. If a parent or legal guardian becomes aware that their child has provided us with personal data without their consent, they may contact us at [insert appropriate email address here].

1.3. What data is collected?
We collect two types of data and information from users; this privacy policy applies to both forms of their data.

The first category includes non-identifying and non-identifiable user data provided or collected through the use of the website (“non-personal data”). We do not know the user’s identity; the collected data—such as aggregated usage data and technical data—is transmitted by your device. This includes certain information regarding software and hardware (e.g., the browser and operating system used on the device, language settings, access time, etc.). We use this data to improve the functionality of our website. We may also collect data regarding your activity on the website (e.g., pages viewed, browsing behavior, clicks, actions, etc.).

The second category includes “personal data”—that is, data that identify an individual or can be used to identify an individual through reasonable measures.
Such data include:
Device data: Personal data from your device is also transmitted. Such data includes geolocation data, IP address, unique identifiers (e.g., MAC address and UUID), and other data resulting from your activity on the website, such as language settings.
Contact form data: When you use our contact form, you are asked to provide certain information, such as: first and last name, email address, postal address, or other information.

1.4. How do we collect your data?
Some of your data is collected when you provide it to us—for example, data you enter into a contact form.
Other data is recorded automatically by our IT systems or with your consent when you visit the website. This primarily consists of technical data (e.g., internet browser, operating system, or the time the page was accessed). This data is collected automatically as soon as you enter this website.
You can find detailed information on these points under section 4, “Technical Information,” of this privacy policy.

1.5. What do we use your data for?
Some data is collected automatically when you visit the website to ensure its error-free operation. Other data is used by our host to analyze your user behavior. Further details on this can be found in section 4, “Technical Information.”

If you contact us and provide data in the process, your inquiry—including any personal data arising from it—will be stored and processed by us for the purpose of handling your request for the duration of that process. We will not pass this data on to third parties without your consent.

When you use the contact form, the information provided therein is transmitted to us and stored. We use this data exclusively to respond to your inquiry and—if the inquiry relates to a contractual relationship or leads to the formation of one—to initiate and process that contractual relationship (Art. 6(1)(a), (b), and (f) GDPR). If you are already a customer or become one in the future, we may collect, store, modify, and transmit the data for the purpose of establishing, performing, or terminating the contractual relationship without requiring your consent, to the extent permitted by law. In other cases—including situations where a contractual relationship has not yet been established—we do not store your data for longer than three years; furthermore, you have the right to object, with future effect, to the use of data transmitted to us via the contact form based on your consent. You may exercise your right of revocation by notifying us using the contact details provided in our legal notice.

The same data protection provisions apply to inquiries made via email, telephone, or fax.

1.6. How do we protect your data?
We implement security measures on the website with great care and protect your data. We employ industry-standard practices and policies to ensure the protection of collected and stored data and to prevent the unauthorized use of such data.
We also require third parties to adhere to similar security requirements in accordance with this privacy policy.
Although we take reasonable steps to protect data, we cannot be held liable for the actions of those who gain unauthorized access to or misuse our website, and we make no warranty, express or implied, that we can prevent such access.

1.7. Cookies, analytics tools, and third-party tools
When you visit this website, your browsing behavior may be statistically analyzed. This is primarily done using cookies and analytics programs.
Detailed information on these points can be found in section 4, “Technical Information,” of this privacy policy.

2. Notes and mandatory information

2.1. Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your data confidentially and in accordance with statutory data protection regulations and this privacy policy.

Please note that data transmission over the Internet (e.g., via email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

2.2. Information on the Controller
The controller responsible for data processing on this website is:
BFK Visions GmbH
Dircksenstr. 88
10178 Berlin
Phone: +49 (30) 44 03 44 33
E-mail: piercing@mayduna.de

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, or similar).

3. Rights of website visitors

3.1. Right to information

You may request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing takes place, you may request information from the controller regarding the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; (4) the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
(6) the existence of the right to lodge a complaint with a supervisory authority;
(7) all available information as to the source of the data, where the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and—at least in those cases—meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR regarding the transfer.

3.2. Right to rectification
You have the right to obtain from the controller the rectification and/or completion of personal data concerning you if such data is inaccurate or incomplete. The controller must carry out the rectification without undue delay.

3.3. Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims; or
(4) if you have objected to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

If the processing of personal data concerning you has been restricted, such data may—with the exception of storage—only be processed with your consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
If the restriction on processing has been imposed in accordance with the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

3.4. Right to erasure
a) Obligation to erase
You may request the controller to erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay where one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.

b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17(1) GDPR, the controller shall take reasonable measures—including technical measures—taking into account available technology and the cost of implementation, to inform controllers processing the personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, such personal data.

c) Exceptions
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of ​​public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise, or defense of legal claims.

3.5. Right to be informed
If you have exercised the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right vis-à-vis the controller to be informed about these recipients.

3.6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be adversely affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

3.7. General information regarding your right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.
If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to object by means of automated procedures using technical specifications.

3.8. Right to withdraw consent under data protection law
You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

3.9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing—including profiling—which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into, or the performance of, a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.
However, such decisions shall not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

3.10. Right to lodge a complaint
In the event of complaints regarding data protection, you may contact us or a data protection supervisory authority.

4. Technical Information

4.1. External Hosting
This website is hosted by an external service provider (1&1 IONOS SE). Personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website access data, and other data generated via the website.

The hosting service is used for the purpose of fulfilling contracts with our prospective and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR).

Our host will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

4.2. Conclusion of a Data Processing Agreement
To ensure data protection-compliant processing, we have entered into a data processing agreement with our host, 1&1 IONOS SE.

4.3. 1&1 IONOS SE Data Analysis via Snowplow Analytics & WebAnalytics
The tool used by IONOS is based on Snowplow Analytics technology. The tool does not collect personal data and is used by our web hosting and service provider solely to improve their own services. Tracking and logging are automatically enabled. Data is captured via either a pixel or a log file. To protect personal data, WebAnalytics does not use cookies.

IONOS does not store personal data of website visitors, ensuring that no conclusions can be drawn about individual visitors. The following data is collected:

  • Referrer (previously visited website)

  • Requested webpage or file

  • Browser type and browser version

  • Operating system used

  • Device type used

  • Time of access

  • IP address in anonymized form (used only to determine the location of access)

4.4 Cookies
We and our partners use cookies to provide the relevant services. This also applies when you visit our website or access our services.

A “cookie” is a small data packet that is assigned to your device by a website when you visit it. Cookies are useful and can be used for various purposes. These include, for example, facilitating navigation between different pages, automatically activating certain functions, saving your preferences, and optimizing access to our services. The use of cookies also enables us to display relevant advertising tailored to your interests and to collect statistical information regarding your use of our services.

This website uses the following types of cookies:

a. “Session cookies,” which ensure normal system usage. Session cookies are stored only for a limited time during a session and are deleted from your device as soon as you close your browser.

b. “Permanent cookies,” which are read only by the website and—rather than being deleted when the browser window is closed—are stored on your computer for a specific period. This type of cookie enables us to identify you upon your next visit and, for example, save your preferences.

c. “Third-party cookies,” which are set by other online services that feature their own content on the page you are visiting. These may include, for example, external web analytics companies that track and analyze access to our website.

Cookies do not contain personal data that identifies you; however, the personal data we store may be linked to the data contained in the cookies. You can remove cookies via your device settings by following the relevant instructions. Please note that disabling cookies may limit certain functions when using our website.

The tool we use is based on technology from Snowplow Analytics. The data we collect regarding the use of our website includes, for example, how often users visit the site or which areas are accessed. The tool does not collect personal data and is used by our web hosting and service provider exclusively to improve their own services.

4.5. Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

These are:

  • Browser type and browser version

  • operating system used

  • Referrer URL

  • Hostname of the accessing computer

  • Time of server request

  • IP Address

These data are not combined with other data sources.

This data is collected on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website—collecting server log files is necessary for this purpose.

4.6. Google Web Fonts
This page uses web fonts provided by Google to ensure the uniform display of fonts. When you visit a page, your browser loads the required web fonts into its browser cache to display text and fonts correctly.

For this purpose, the browser you use must connect to Google’s servers. This informs Google that this website has been accessed via your IP address. The use of Google Web Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on their website. If appropriate consent has been requested (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; consent may be revoked at any time.

If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google Web Fonts can be found at
https://developers.google.com/fonts/faq and in Google’s privacy policy:
https://policies.google.com/privacy?hl=de .

4.7. Google Maps
This page uses the Google Maps map service via an API. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

Google Maps is used in the interest of presenting our online services in an appealing manner and making the locations we list on the website easy to find. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR; such consent may be revoked at any time.

You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de .

4.8. Contact Form & Appointment Booking

When you contact us via the contact form or WPAmelia, or book an appointment, we process the data you provide (name, email address, telephone number, message, preferred appointment time, etc.) to handle your inquiry or manage the appointment.

Legal basis: Art. 6(1)(b) GDPR (contract or pre-contractual measure) or Art. 6(1)(a) GDPR (consent).
Your data will not be passed on to third parties without your express consent.

4.9. Social media plugins with Shariff
This website uses social media plugins (e.g., Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr).

You can generally recognize the plugins by their respective social media logos. To ensure data protection on this website, we use these plugins only in conjunction with the so-called “Shariff” solution. This application prevents the plugins integrated into this website from transmitting data to the respective provider the moment you first visit the site.

A direct connection to the provider’s server is established only when you activate the respective plugin by clicking the corresponding button (consent). As soon as you activate the plugin, the provider receives information that you have visited this website using your IP address. If you are simultaneously logged into your social media account (e.g., Facebook), the provider can associate your visit to this website with your user account.

Activating the plugin constitutes consent within the meaning of Art. 6(1)(a) GDPR. You may revoke this consent at any time with effect for the future.

4.9.1. Facebook Plugins (Like & Share Button)
Plugins from the social network Facebook are integrated into this website. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

You can recognize the Facebook plugins by the Facebook logo or the “Like” button on this website. You can find an overview of the Facebook plugins here:
https://developers.facebook.com/docs/plugins/?locale=de_DE.

When you visit this website, the plugin establishes a direct connection between your browser and the Facebook server. This informs Facebook that you have visited this website using your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the transmitted data or how it is used by Facebook. Further information on this can be found in Facebook’s privacy policy at:
https://de-de.facebook.com/privacy/explanation.

If you do not wish for Facebook to be able to associate your visit to this website with your Facebook user account, please log out of your Facebook user account.

The use of Facebook plugins is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in achieving the greatest possible visibility on social media. Where corresponding consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR; consent may be revoked at any time.

4.9.2. Instagram Plugin
Features of the Instagram service are integrated into this website. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the transmitted data or how it is used by Instagram.

The storage and analysis of the data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in achieving the greatest possible visibility on social media. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; this consent may be revoked at any time.

You can find further information on this in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/ .

5. Miscellaneous

5.1. Transfer of data outside the European Economic Area
Please note that some recipients may not be located within the European Economic Area. In such cases, we will only transfer your data to countries approved by the European Commission as having an adequate level of data protection, or we will ensure an adequate level of data protection through a legal agreement.

5.2. Corporate Transaction
We may disclose data in the event of a corporate transaction (e.g., the sale of significant parts of the business, a merger, a consolidation, or an asset sale). Should such an event occur, the acquirer or the relevant company will assume the rights and obligations set out in this privacy policy.

5.3. Updates or Amendments to this Privacy Policy
We reserve the right to amend or review this Privacy Policy from time to time. You can find the date of the current version under “Last modified on.” Your continued use of the platform following the announcement of such changes on our website constitutes your acceptance of such amendments to the Privacy Policy and signifies your agreement to be bound by the amended terms.

5.4. How to contact us
For general questions regarding the website, the data we collect about you, or the use of that data, please contact us at piercing@mayduna.de.

You can find further information about our company in our legal notice.

Last modified on April 14, 2020.