📦 Free shipping from 50€ | 🚚 Free returns

Privacy policy

Privacy policy of MetricsCosmetics GmbH (AVE & YOU)

as amended in September 2021

1. Scope of application

MetricsCosmetics GmbH ("AVE & YOU" or "we") is committed to protecting your privacy and personal data. With this privacy policy, we would like to inform you comprehensively about how we handle your personal data.

This privacy policy applies to the handling of your personal data when you visit our website at www.aveandyou.com, when you contact us by e-mail, mail or telephone and when we subsequently provide services to you.

2. Who is responsible and to whom can I turn?

MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin is responsible for the processing of personal data described in this Privacy Policy.

You can contact the following office regarding all inquiries on data protection issues:

MetricsCosmetics GmbH

Fasanenstrasse 47

10719 Berlin

email: hello@aveandyou.com

We are not legally obligated to appoint a data protection officer. As a contact person for data protection issues, please feel free to contact Dr. Franziska Leonhardt.


3. Which data we process from you?

We collect and process various personal data from you depending on the specific processing situations. Below you will find a list of the data related to the respective processing situation:

3.1 Which data do we process when you visit our website?

When you visit our Internet pages, we process from you, among other things:

Data about the use of the Internet pages provided (e.g. browser used, operating system used, referrer url, time of server request, content retrieved, duration of use, type of use);

IP address; and

Other technical data comparable to the preceding.

We process this data in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interests of ensuring the technical functionality of the website and system security.

3.2 Which data do we process when you contact us?

Depending on your request, you can contact us via our Internet pages by e-mail or in writing. When contacting us by e-mail or mail, we regularly store and process only your e-mail address, telephone number, address and the information that you have provided to us in the course of contacting us.

In this case, we process your data pursuant to Art. 6 (1) lit. b DSGVO on the basis of contractual or quasi-contractual obligations or to establish a contract with you.

3.3 What data do we process when you register on our website?

You can register voluntarily on our website. In this case, we will only process the data provided during the registration process.

In this case, we process your data pursuant to Art. 6 para. 1 lit. b DSGVO on the basis of contractual or quasi-contractual obligations or to establish a contract with you.

3.4 What data do we collect when you sign up for our newsletter?

You can receive our newsletter. For this purpose, it is necessary to provide your e-mail address. In this case, we use the data specified in the declaration of consent for sending our newsletter. To verify your ownership of the specified e-mail address, we perform the so-called "double-opt-in procedure". After registering for the newsletter, we first send you a confirmation email. Only after you have clicked on the link contained therein do we include your e-mail address in the newsletter distribution list.

In this case, we process your data in accordance with Art. 6 para.1 lit. a DSGVO based on your consent.

If you purchase products via our online store and provide your email address, we may use this data to inform you about similar products via a newsletter. The legal basis for this data processing is Art. 6 para. 1 lit. f DSGVO in conjunction with. § Section 7 (3) of the Unfair Competition Act (UWG). Our legitimate interest is to provide you with up-to-date information about our products and services.

You can opt out of receiving the newsletter at any time by sending an email to info@aveandyou.com or by clicking on the link contained in the newsletter.

3.5 What data do we process when we personalize your cosmetics?

If you decide to create cosmetics on our website with the help of our special algorithm and simply take our skin test, you can do this by providing various information, for example, about your skin type and your diet and work habits. The more data you share with us, the better we can adapt our products to your needs or assess your skin.

We also use your data in this case to improve our algorithm. This enables us to offer you as well as other customers even better products in the future. For this purpose, it is not necessary to process your name. Nevertheless, it cannot be ruled out that this data can be assigned to you.

In this case, we process your data in accordance with Art. 6 para. 1 lit. a DSGVO in conjunction with. Art. 9 para. 2 lit. a DSGVO on the basis of your express consent. You can revoke this consent at any time with effect for the future without giving reasons.

4. From whom do we collect your personal data?

Personal data is predominantly collected from you directly, for example when you visit our websites or use the services we offer, such as the option to contact us by email.

When you interact with us through a social media site or third-party service, for example, when you "like," follow, or share our content on Facebook or other sites, we may receive information from the social network, including your profile information, your picture, your user ID associated with your social media account, and any other information you allow the social network to share with third parties.

5. For what purposes do we process your data and on what legal basis?

We process your personal data exclusively in accordance with the requirements of the relevant data protection laws. In certain situations, we also process your personal data to fulfill other legal obligations or based on your explicit consent.

5.1 To fulfill contractual obligations

We process your personal data for the fulfillment of contractual or quasi-contractual obligations or for the establishment of a contract, for example for the provision of our services or the sale of the products we offer. The legal basis for the processing in this case is Art. 6 para. 1 lit. b DSGVO.

5.2 To fulfill legal obligations

Insofar as we are subject to legal obligations for compliance with which the processing of your personal data is necessary, we process your personal data on the basis of these legal obligations. The legal basis for the processing in this case is Art. 6 (1) lit. c DSGVO.

5.3 Due to legitimate interests

We also process your personal data to protect our legitimate interests, unless these are overridden by your interests or fundamental rights and freedoms that require the protection of your personal data. Subject to a balancing decision to be made in individual cases, we regularly assume that our legitimate interests are overridden in the context of the following processing situations, which are not listed exhaustively:

Optimization of our offers and services;

Analysis of the use of our Internet pages;

Ensuring the confidentiality and integrity of our IT systems; and

Cooperation with government authorities.

The legal basis for the processing in this case is Art. 6 para. 1 lit. f DSGVO.

5.4 Based on your consent

If you have given us separate consent for the processing of your personal data, we will process your personal data within the scope of and on the basis of this consent. Consent is required, for example, for the personalization of your cosmetics. However, consent may also relate, for example, to the disclosure of data for targeted advertising measures or the sending of newsletters.

Consent is always voluntary and can be revoked at any time and without giving reasons with effect for the future.

The legal basis for the processing in this case is Art. 6 para. 1 lit. a DSGVO or Art. 6 para. 1 lit. a DSGVO in conjunction with. Art. 9 (2) lit. a DSGVO.

6. With whom do we share your data?

Within the company, your data will be disclosed to those persons who absolutely need it to fulfill our contractual and legal obligations.

We only pass on your personal data to external recipients if there is a legal justification for this or you have consented to it. External recipients may be:

Order processors: service providers we use to provide services or who are entrusted with the maintenance of our IT systems.

Public bodies: Authorities and government institutions, such as public prosecutors, courts or tax authorities, to which we may need to transfer personal data in individual cases.

Private bodies: Private bodies to which we transmit your personal data, for example lawyers (disputes, debt collection, etc.), tax consultants, auditors.

7. Do we transfer your data to third countries?

As part of the processes described in this data protection declaration, your personal data may be transferred to bodies whose registered office or place of data processing is not located in a member state of the European Union or in another state party to the Agreement on the European Economic Area. In this case, we ensure before the transfer that, outside of exceptional cases permitted by law, either an adequate level of data protection exists at the recipient (e.g., through an adequacy decision of the European Commission or through suitable guarantees such as the agreement of so-called EU standard contractual clauses of the European Commission with the recipient) or your express consent has been obtained. You can obtain a copy of these guarantees from us. Please use the contact details under point 2 for this purpose.

In the case of consent, compliance with the data protection principles of Union law is not guaranteed in the respective third country concerned. In this respect, there may be a violation of fundamental rights and freedoms and resulting damage. This may make it more difficult for a data subject to assert his or her rights under the General Data Protection Regulation (e.g., information, rectification, erasure, damages) and, if necessary, to enforce them with the help of authorities or in court.

8. How long do we store your personal data?

We process and store your personal data only as long as necessary for our processing purposes.

If we use your e-mail address for our e-mail newsletter, we usually store the data until you unsubscribe from our newsletter. This does not affect our legal ability to store this data for other purposes, such as maintaining a blacklist to ensure that email addresses are not used for marketing purposes after unsubscribing.

We store purely technical information for a maximum of 400 days.

We will delete the data collected and stored as part of the use and provision of our Internet pages upon request at any time and independently on a regular basis within a few days, unless we have a special interest in continued storage in individual cases, such as cyber attacks.

Insofar as a longer storage period is required due to legal storage and documentation obligations or to protect our legitimate interests, such as in the case of possible legal disputes, your personal data will also be stored and processed after the expiry of the above-mentioned period. With complete settlement of a contract or contract-like relationship, we will, as far as possible, immediately block your personal data for further processing.

In the context of a contact request, we generally only store your data for the period of time required to answer your contact request. We generally store data that we process on the basis of your consent until you revoke your consent.

Final deletion takes place after expiry of the periods resulting from the statutory storage and documentation obligations, which are between two and ten years and result, among other things, from the German Fiscal Code or the German Commercial Code.

9. Your rights

Below is a summary of your rights regarding the processing of your personal data by us:

9.1 Rights of access, erasure, recitification, restriction of processing, data portability and revocation

According to Art. 15 of the GDPR, you have a right of access, according to which you can request confirmation as to whether we are processing your personal data. If this is the case, you have the right to request comprehensive information about this personal data from us.

In accordance with Art. 16 DSGVO, you can demand that incorrect data relating to you be corrected without delay.

Pursuant to Art. 17 DSGVO, you have the right to request that your personal data be deleted if it is either (i) no longer necessary for the purposes for which it was collected, (ii) you have withdrawn your consent to processing, (iii) you object to processing pursuant to Art. 21 para. 1 DSGVO and there are no overriding legitimate grounds for continued processing, (iv) your Personal Data have been processed unlawfully, (v) erasure of the Personal Data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which AVE & YOU is subject, or (vi) the Personal Data have been collected in relation to information society services offered pursuant to Art. 8(1) DSGVO.

You have the right under Article 18 DSGVO to request the restriction of processing under the following conditions. Such a right exists if (i) you have contested the accuracy of your personal data, (ii) the processing is unlawful and you object to the erasure of the personal data and request the restriction of its use instead, (iii) the data is no longer needed for the purposes of processing but you need it for the establishment, exercise or defense of legal claims, or (iv) you have objected to the processing pursuant to Art. 21(1) DSGVO as long as it has not yet been determined whether we have legitimate grounds for the processing that override yours.

According to Art. 19 DSGVO, you have the right to request information about the recipients of data who have been notified of a correction, erasure of your personal data or a restriction of processing.

According to Art. 20 DSGVO, you have the right to receive the personal data concerning you from us in a structured, common and machine-readable format and to transfer this data to another controller.

Insofar as the processing or transmission of your personal data is based on consent declared by you, you may revoke such consent at any time with effect for the future.

Against the processing of your data or a decision taken by AVE & YOU in relation to one of the rights exercised by you, you also have the right to lodge a complaint with the competent supervisory authority.

9.2 Contract

For the assertion of your rights listed in section 9.1, you can contact us informally by mail or e-mail to the contact options listed in section 2.

9.3 RIGHT OF OBJECTION ACCORDING TO ART. 21 DSGVO

9.3.1 OBJECTION ON THE GROUNDS OF YOUR PARTICULAR SITUATION

ACCORDING TO ART. 21 ABS. 1 DSGVO, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA WHERE SUCH PROCESSING IS CARRIED OUT FOR THE PURPOSES OF OUR LEGITIMATE INTERESTS, INCLUDING PROFILING BASED THEREON (E.G. FOR CREDIT ASSESSMENT). NO FURTHER PROCESSING OF YOUR PERSONAL DATA WILL THEN TAKE PLACE UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

9.3.2 OBJECTION TO DIRECT ADVERTISING

ACCORDING TO ART. 21 PARA. 2 DSGVO YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE USE OF YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING. THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT TO THE PROCESSING FOR THE PURPOSES OF DIRECT MARKETING, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR THESE PURPOSES.

9.3.3 CONTACT POSSIBILITY

YOU CAN DECLARE YOUR OBJECTION INFORMALLY BY MAIL OR E-MAIL, ADDRESSED TO:

METRICSCOSMETICS GMBH

FASANENSTRASSE 47

10719 BERLIN

GERMANY

E-MAIL: hello@aveandyou.com

10. Is there an obligation on your part to provide personal data?

There is neither a contractual nor a legal obligation to provide us with your personal data for the use of our internet pages. However, if you wish to contact us or purchase our cosmetic products, certain information may be required so that we can process your request.

11. Does the processing rely on automated decision making of profiling?

You have the right not to be subject to a decision based solely on automated processing, including profiling, where the decision is not necessary for the conclusion or performance of a contract, is not required by mandatory legal provisions or is not based on your explicit consent.

AVE & YOU does not use any automated decision-making procedures, including profiling, unless we have explicitly informed you about them.

12. What kind of cookies and tracking technology do we use?

In order to provide, maintain and analyze our websites and their usage, we use various software tools from third parties and us that regularly rely on the use of cookies, Flash cookies (also called Flash Local Shared Objects), web beacons or similar technologies (collectively, " Tracking Technologies"). Tracking Technologies help us learn how you use our Services (e.g., the pages you view or the links you click and other actions you take with the Services), give us information about your browser and online usage patterns (e.g., IP address, log data, browser type, browser language, referring/exit pages and URLs, pages viewed, whether you opened an email, links clicked, etc.), and information about the devices you use to access our Services. Tracking technologies allow us to link the devices you use to access our Services in such a way that we can recognize and, if necessary, contact you on the various devices you use.

You can limit the use of tracking technology by changing your browser settings. You can determine what access you give us to your devices, as well as whether cookies can be stored on your device and for how long. Furthermore, you can delete cookies that have already been stored at any time. Please note that the functionality of our websites may be impaired after deactivating all cookies. You can disable or delete similar functions (such as Flash cookies) used by so-called browser add-ons by changing the settings of the browser add-on or also via the website of the manufacturer of the browser add-on.

12.1 What are cookies?

A cookie is a small file that is transferred from the host server of the website during the use of a website and stored on the user's device (desktop computer, laptop, tablet, smartphone, other internet-enabled devices) by the browser used. Cookies are used to store information about the user and to retrieve it when the website is accessed again.

12.2 What are cookies used for?

Cookies help us understand how our websites are used, analyze trends, administer the website, track a user's steps on our website, collect demographic information about our user base as a whole, let you navigate efficiently between pages, remember your preferences and settings on our websites, and basically improve your browsing experience in the process. We process the data collected through tracking technologies to (i) remember information so that you do not have to re-enter it during your visit or revisit, (ii) recognize you across multiple devices, (iii) monitor the functionality and performance of our websites, (iv) collect aggregate metrics regarding total number of visitors, total traffic, usage and demographic patterns on our websites; (v) diagnose and correct technical problems; and (vi) otherwise plan and improve our website.

The most common Internet browsers offer the setting option to not allow certain cookies. If you make these settings, it may not be possible to use all the functions of our website without making settings.

12.3 What types of cookies are used on our websites?

The cookies used on our websites can generally be classified into one of the following categories: Mandatory Cookies, Analysis Cookies, Functional Cookies and Marketing Cookies.

12.3.1 Mandatory cookies

These cookies are essential for the functioning of our internet pages and enable you to navigate our internet pages and use their functions. Without these cookies, certain services that are necessary for the full use of our website cannot be provided.

We process mandatory cookies in accordance with Art. 6 (1) lit. b DSGVO.

12.3.2 Analysis cookies

With the help of these cookies, we collect information about how users use our websites, e.g. which pages are accessed and read most frequently, or how users get from one link to the next. All information collected by these types of cookies does not relate to an individual user, but is aggregated and processed with the information of other users. The cookies provide us with analytical data on how our websites work and how we can improve them. We use these cookies only after you have given your consent to do so.

We process analysis cookies in accordance with Art. 6 Para. 1 lit. a DSGVO on the basis of your consent.

12.3.3 Function-related cookies (convenience functions)

These cookies allow us to store a specific selection you make and to customize our websites to provide you with enhanced features and content. These cookies can be used, for example, to save your language selection or country selection.

We process function-related cookies in accordance with Art. 6 para. 1 lit. a DSGVO.

12.3.4 Marketing cookies

These cookies allow us to analyze which products you are interested in in order to display interest-based advertising on our and other websites accordingly.

We process marketing cookies in accordance with Art. 6 para. 1 lit. a DSGVO.

12.4 How long are cookies stored on my devices?

The storage period depends largely on whether the cookie is "persistent" or "session-related". Session-related cookies are deleted after you leave the web pages that set the cookie. Persistent cookies remain on your device even after you stop browsing until they are deleted or until they expire.

12.5 Further information about cookies

To provide our website, we use the services of the third-party providers listed below. These third-party tools belong to the categories of cookies described above and help us provide our services on our website or promote our products and services over the Internet.

Below you will find additional information about the data processing related to these cookies:

Category/ purpose 

Designation

Provider/ Recipient

Third country transfer/Adequacy Decision

Cookie validity/ retention period

Exercise of the revocation or opposition

Performance

Used to evaluate user behaviour on the website

Shopify 

Shopify International Limited

c/o Intertrust Ireland

2nd Floor 1-2 Victoria Buildings, Haddington Road

Dublin 4, D04 XN32, Ireland

no, EU

2 years

link

Performance

Used to evaluate user behaviour on the website

Shopify

Shopify International Limited

c/o Intertrust Ireland

2nd Floor 1-2 Victoria Buildings, Haddington Road

Dublin 4, D04 XN32, Ireland

no, EU

30 minutes

link

Performance

Used to evaluate user behaviour on the website

Hotjar

Hotjar Ltd, Level 2

St Julians Business Centre,

3, Elia Zammit Street

St Julians STJ 3155, Malta

no, EU

Session

link

Performance

Used to distinguish users

Google Analytics

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

EU standard contractual clauses

1 day

link

Performance

Used to identify a unique user

Google Analytics

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

EU standard contractual clauses

2 years

link

Performance

Used to reduce the request rate

Google Analytics

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

EU standard contractual clauses

1 minute

link

Performance

Used to evaluate user behaviour on the website

Shopify

Shopify International Limited

c/o Intertrust Ireland

2nd Floor 1-2 Victoria Buildings, Haddington Road

Dublin 4, D04 XN32, Ireland

no, EU

30 minutes

link

Performance

Used to evaluate user behaviour on the website

Shopify

Shopify International Limited

c/o Intertrust Ireland

2nd Floor 1-2 Victoria Buildings, Haddington Road

Dublin 4, D04 XN32, Ireland

no, EU

30 minutes

link

Performance

Used to evaluate user behaviour on the website

Shopify

Shopify International Limited

c/o Intertrust Ireland

2nd Floor 1-2 Victoria Buildings, Haddington Road

Dublin 4, D04 XN32, Ireland

no, EU

2 years

link

Performance
Nutzung zur Auswertung des Nutzerverhaltens 

Shopify 

Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland 

no, EU

30 Minuten 

link 

Performance
Nutzung zur Auswertung des Nutzerverhaltens 

Shopify 

Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland 

no, EU

2 Wochen 

link 

Performance
Nutzung zum Analysieren der Landing pages 

Shopify 

Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland 

no, EU

2 Wochen 

link 

Marketing
Nutzung zur eindeutige Nutzeridentifizierung 

Hotjar 

Hotjar Ltd, Level 2
St Julians Business Centre,
3, Elia Zammit Street
St Julians STJ 3155, Malta 

no, EU 

1 Jahr 

link 

Performance
Nutzung zur Auswertung des Nutzerverhaltens für Marketing 

Facebook 

Facebook Inc., 1 Hacker Way in Menlo Park, CA 94025, USA 

EU standard contractual clauses

3 Monate 

link 

Marketing
Nutzung für gezieltes Marketing. 

Facebook 

Facebook Inc., 1 Hacker Way in Menlo Park, CA 94025, USA 

EU standard contractual clauses

3 Monate 

link 

Marketing
Nutzung zur Identifizierung des Browers 

Google 

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA 

EU standard contractual clauses

15 Minuten 

link 

Funktionalität
Nutzung zur Sicherheit der Kaufabwicklung 

Shopify 

MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany 

no, EU 

2 Wochen 

link 

Funktionalität
Nutzung zur Sicherheit der Kaufabwicklung 

Shopify 

MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany 

no, EU 

2 Wochen 

link 

Funktionalität
Nutzung zur Sicherheit der Kaufabwicklung 

Shopify 

MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany 

no, EU 

1 Stunde 

link 

Funktionalität
Nutzung zur Sicherheit der Kaufabwicklung 

Shopify 

Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland 

no, EU 

Session 

link 

Funktionalität
Tracking zum tracken von Landing pages 

Shopify 

MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany 

no, EU 

1 Jahr 

link 

Zwingend erforderlich
Nutzung zur sicheren Speicherung von Kundendaten 

Shopify 

Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland 

no, EU 

18 Jahre 

link 

Zwingend erforderlich
Nutzung für die sichere Kaufabwicklung und eine sichere Zahlungsfunktion 

Shopify 

Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland 

no, EU 

2 Wochen 

link 

Zwingend erforderlich
Nutzung für die Funktion des Warenkorbes 

Shopify 

Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland 

no, EU 

2 Wochen 

link 

Zwingend erforderlich
Nutzung zur Erfassung von Informationen eines Besuchers 

Shopify 

Shopify International Limited
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings, Haddington Road
Dublin 4, D04 XN32, Ireland 

no, EU 

2 Wochen 

link 

Zwingend erforderlich
Nutzung für die Beschleunigung der Seitenladezeiten 

CloudFlare 

Cloudflare, Inc.
101 Townsend St,
San Francisco, CA 94107
USA 

EU standard contractual clauses

1 Monat 

link 

13. Technical protection meausres?

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, we use SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.