Privacy policy of MetricsCosmetics GmbH (AVE & YOU)
as amended in September 2021
1. Scope of application
MetricsCosmetics GmbH ("AVE & YOU" or "we") is committed to protecting your privacy and personal data. With this privacy policy, we would like to inform you comprehensively about how we handle your personal data.
This privacy policy applies to the handling of your personal data when you visit our website at www.aveandyou.com, when you contact us by e-mail, mail or telephone and when we subsequently provide services to you.
2. Who is responsible and to whom can I turn?
MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin is responsible for the processing of personal data described in this Privacy Policy.
You can contact the following office regarding all inquiries on data protection issues:
MetricsCosmetics GmbH
Fasanenstrasse 47
10719 Berlin
email: hello@aveandyou.com
We are not legally obligated to appoint a data protection officer. As a contact person for data protection issues, please feel free to contact Dr. Franziska Leonhardt.
3. Which data we process from you?
We collect and process various personal data from you depending on the specific processing situations. Below you will find a list of the data related to the respective processing situation:
3.1 Which data do we process when you visit our website?
When you visit our Internet pages, we process from you, among other things:
Data about the use of the Internet pages provided (e.g. browser used, operating system used, referrer url, time of server request, content retrieved, duration of use, type of use);
IP address; and
Other technical data comparable to the preceding.
We process this data in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interests of ensuring the technical functionality of the website and system security.
3.2 Which data do we process when you contact us?
Depending on your request, you can contact us via our Internet pages by e-mail or in writing. When contacting us by e-mail or mail, we regularly store and process only your e-mail address, telephone number, address and the information that you have provided to us in the course of contacting us.
In this case, we process your data pursuant to Art. 6 (1) lit. b DSGVO on the basis of contractual or quasi-contractual obligations or to establish a contract with you.
3.3 What data do we process when you register on our website?
You can register voluntarily on our website. In this case, we will only process the data provided during the registration process.
In this case, we process your data pursuant to Art. 6 para. 1 lit. b DSGVO on the basis of contractual or quasi-contractual obligations or to establish a contract with you.
3.4 What data do we collect when you sign up for our newsletter?
You can receive our newsletter. For this purpose, it is necessary to provide your e-mail address. In this case, we use the data specified in the declaration of consent for sending our newsletter. To verify your ownership of the specified e-mail address, we perform the so-called "double-opt-in procedure". After registering for the newsletter, we first send you a confirmation email. Only after you have clicked on the link contained therein do we include your e-mail address in the newsletter distribution list.
In this case, we process your data in accordance with Art. 6 para.1 lit. a DSGVO based on your consent.
If you purchase products via our online store and provide your email address, we may use this data to inform you about similar products via a newsletter. The legal basis for this data processing is Art. 6 para. 1 lit. f DSGVO in conjunction with. § Section 7 (3) of the Unfair Competition Act (UWG). Our legitimate interest is to provide you with up-to-date information about our products and services.
You can opt out of receiving the newsletter at any time by sending an email to info@aveandyou.com or by clicking on the link contained in the newsletter.
3.5 What data do we process when we personalize your cosmetics?
If you decide to create cosmetics on our website with the help of our special algorithm and simply take our skin test, you can do this by providing various information, for example, about your skin type and your diet and work habits. The more data you share with us, the better we can adapt our products to your needs or assess your skin.
We also use your data in this case to improve our algorithm. This enables us to offer you as well as other customers even better products in the future. For this purpose, it is not necessary to process your name. Nevertheless, it cannot be ruled out that this data can be assigned to you.
In this case, we process your data in accordance with Art. 6 para. 1 lit. a DSGVO in conjunction with. Art. 9 para. 2 lit. a DSGVO on the basis of your express consent. You can revoke this consent at any time with effect for the future without giving reasons.
4. From whom do we collect your personal data?
Personal data is predominantly collected from you directly, for example when you visit our websites or use the services we offer, such as the option to contact us by email.
When you interact with us through a social media site or third-party service, for example, when you "like," follow, or share our content on Facebook or other sites, we may receive information from the social network, including your profile information, your picture, your user ID associated with your social media account, and any other information you allow the social network to share with third parties.
5. For what purposes do we process your data and on what legal basis?
We process your personal data exclusively in accordance with the requirements of the relevant data protection laws. In certain situations, we also process your personal data to fulfill other legal obligations or based on your explicit consent.
5.1 To fulfill contractual obligations
We process your personal data for the fulfillment of contractual or quasi-contractual obligations or for the establishment of a contract, for example for the provision of our services or the sale of the products we offer. The legal basis for the processing in this case is Art. 6 para. 1 lit. b DSGVO.
5.2 To fulfill legal obligations
Insofar as we are subject to legal obligations for compliance with which the processing of your personal data is necessary, we process your personal data on the basis of these legal obligations. The legal basis for the processing in this case is Art. 6 (1) lit. c DSGVO.
5.3 Due to legitimate interests
We also process your personal data to protect our legitimate interests, unless these are overridden by your interests or fundamental rights and freedoms that require the protection of your personal data. Subject to a balancing decision to be made in individual cases, we regularly assume that our legitimate interests are overridden in the context of the following processing situations, which are not listed exhaustively:
Optimization of our offers and services;
Analysis of the use of our Internet pages;
Ensuring the confidentiality and integrity of our IT systems; and
Cooperation with government authorities.
The legal basis for the processing in this case is Art. 6 para. 1 lit. f DSGVO.
5.4 Based on your consent
If you have given us separate consent for the processing of your personal data, we will process your personal data within the scope of and on the basis of this consent. Consent is required, for example, for the personalization of your cosmetics. However, consent may also relate, for example, to the disclosure of data for targeted advertising measures or the sending of newsletters.
Consent is always voluntary and can be revoked at any time and without giving reasons with effect for the future.
The legal basis for the processing in this case is Art. 6 para. 1 lit. a DSGVO or Art. 6 para. 1 lit. a DSGVO in conjunction with. Art. 9 (2) lit. a DSGVO.
6. With whom do we share your data?
Within the company, your data will be disclosed to those persons who absolutely need it to fulfill our contractual and legal obligations.
We only pass on your personal data to external recipients if there is a legal justification for this or you have consented to it. External recipients may be:
Order processors: service providers we use to provide services or who are entrusted with the maintenance of our IT systems.
Public bodies: Authorities and government institutions, such as public prosecutors, courts or tax authorities, to which we may need to transfer personal data in individual cases.
Private bodies: Private bodies to which we transmit your personal data, for example lawyers (disputes, debt collection, etc.), tax consultants, auditors.
7. Do we transfer your data to third countries?
As part of the processes described in this data protection declaration, your personal data may be transferred to bodies whose registered office or place of data processing is not located in a member state of the European Union or in another state party to the Agreement on the European Economic Area. In this case, we ensure before the transfer that, outside of exceptional cases permitted by law, either an adequate level of data protection exists at the recipient (e.g., through an adequacy decision of the European Commission or through suitable guarantees such as the agreement of so-called EU standard contractual clauses of the European Commission with the recipient) or your express consent has been obtained. You can obtain a copy of these guarantees from us. Please use the contact details under point 2 for this purpose.
In the case of consent, compliance with the data protection principles of Union law is not guaranteed in the respective third country concerned. In this respect, there may be a violation of fundamental rights and freedoms and resulting damage. This may make it more difficult for a data subject to assert his or her rights under the General Data Protection Regulation (e.g., information, rectification, erasure, damages) and, if necessary, to enforce them with the help of authorities or in court.
8. How long do we store your personal data?
We process and store your personal data only as long as necessary for our processing purposes.
If we use your e-mail address for our e-mail newsletter, we usually store the data until you unsubscribe from our newsletter. This does not affect our legal ability to store this data for other purposes, such as maintaining a blacklist to ensure that email addresses are not used for marketing purposes after unsubscribing.
We store purely technical information for a maximum of 400 days.
We will delete the data collected and stored as part of the use and provision of our Internet pages upon request at any time and independently on a regular basis within a few days, unless we have a special interest in continued storage in individual cases, such as cyber attacks.
Insofar as a longer storage period is required due to legal storage and documentation obligations or to protect our legitimate interests, such as in the case of possible legal disputes, your personal data will also be stored and processed after the expiry of the above-mentioned period. With complete settlement of a contract or contract-like relationship, we will, as far as possible, immediately block your personal data for further processing.
In the context of a contact request, we generally only store your data for the period of time required to answer your contact request. We generally store data that we process on the basis of your consent until you revoke your consent.
Final deletion takes place after expiry of the periods resulting from the statutory storage and documentation obligations, which are between two and ten years and result, among other things, from the German Fiscal Code or the German Commercial Code.
9. Your rights
Below is a summary of your rights regarding the processing of your personal data by us:
9.1 Rights of access, erasure, recitification, restriction of processing, data portability and revocation
According to Art. 15 of the GDPR, you have a right of access, according to which you can request confirmation as to whether we are processing your personal data. If this is the case, you have the right to request comprehensive information about this personal data from us.
In accordance with Art. 16 DSGVO, you can demand that incorrect data relating to you be corrected without delay.
Pursuant to Art. 17 DSGVO, you have the right to request that your personal data be deleted if it is either (i) no longer necessary for the purposes for which it was collected, (ii) you have withdrawn your consent to processing, (iii) you object to processing pursuant to Art. 21 para. 1 DSGVO and there are no overriding legitimate grounds for continued processing, (iv) your Personal Data have been processed unlawfully, (v) erasure of the Personal Data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which AVE & YOU is subject, or (vi) the Personal Data have been collected in relation to information society services offered pursuant to Art. 8(1) DSGVO.
You have the right under Article 18 DSGVO to request the restriction of processing under the following conditions. Such a right exists if (i) you have contested the accuracy of your personal data, (ii) the processing is unlawful and you object to the erasure of the personal data and request the restriction of its use instead, (iii) the data is no longer needed for the purposes of processing but you need it for the establishment, exercise or defense of legal claims, or (iv) you have objected to the processing pursuant to Art. 21(1) DSGVO as long as it has not yet been determined whether we have legitimate grounds for the processing that override yours.
According to Art. 19 DSGVO, you have the right to request information about the recipients of data who have been notified of a correction, erasure of your personal data or a restriction of processing.
According to Art. 20 DSGVO, you have the right to receive the personal data concerning you from us in a structured, common and machine-readable format and to transfer this data to another controller.
Insofar as the processing or transmission of your personal data is based on consent declared by you, you may revoke such consent at any time with effect for the future.
Against the processing of your data or a decision taken by AVE & YOU in relation to one of the rights exercised by you, you also have the right to lodge a complaint with the competent supervisory authority.
9.2 Contract
For the assertion of your rights listed in section 9.1, you can contact us informally by mail or e-mail to the contact options listed in section 2.
9.3 RIGHT OF OBJECTION ACCORDING TO ART. 21 DSGVO
9.3.1 OBJECTION ON THE GROUNDS OF YOUR PARTICULAR SITUATION
ACCORDING TO ART. 21 ABS. 1 DSGVO, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA WHERE SUCH PROCESSING IS CARRIED OUT FOR THE PURPOSES OF OUR LEGITIMATE INTERESTS, INCLUDING PROFILING BASED THEREON (E.G. FOR CREDIT ASSESSMENT). NO FURTHER PROCESSING OF YOUR PERSONAL DATA WILL THEN TAKE PLACE UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
9.3.2 OBJECTION TO DIRECT ADVERTISING
ACCORDING TO ART. 21 PARA. 2 DSGVO YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE USE OF YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING. THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT TO THE PROCESSING FOR THE PURPOSES OF DIRECT MARKETING, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR THESE PURPOSES.
9.3.3 CONTACT POSSIBILITY
YOU CAN DECLARE YOUR OBJECTION INFORMALLY BY MAIL OR E-MAIL, ADDRESSED TO:
METRICSCOSMETICS GMBH
FASANENSTRASSE 47
10719 BERLIN
GERMANY
E-MAIL: hello@aveandyou.com
10. Is there an obligation on your part to provide personal data?
There is neither a contractual nor a legal obligation to provide us with your personal data for the use of our internet pages. However, if you wish to contact us or purchase our cosmetic products, certain information may be required so that we can process your request.
11. Does the processing rely on automated decision making of profiling?
You have the right not to be subject to a decision based solely on automated processing, including profiling, where the decision is not necessary for the conclusion or performance of a contract, is not required by mandatory legal provisions or is not based on your explicit consent.
AVE & YOU does not use any automated decision-making procedures, including profiling, unless we have explicitly informed you about them.
12. What kind of cookies and tracking technology do we use?
In order to provide, maintain and analyze our websites and their usage, we use various software tools from third parties and us that regularly rely on the use of cookies, Flash cookies (also called Flash Local Shared Objects), web beacons or similar technologies (collectively, " Tracking Technologies"). Tracking Technologies help us learn how you use our Services (e.g., the pages you view or the links you click and other actions you take with the Services), give us information about your browser and online usage patterns (e.g., IP address, log data, browser type, browser language, referring/exit pages and URLs, pages viewed, whether you opened an email, links clicked, etc.), and information about the devices you use to access our Services. Tracking technologies allow us to link the devices you use to access our Services in such a way that we can recognize and, if necessary, contact you on the various devices you use.
You can limit the use of tracking technology by changing your browser settings. You can determine what access you give us to your devices, as well as whether cookies can be stored on your device and for how long. Furthermore, you can delete cookies that have already been stored at any time. Please note that the functionality of our websites may be impaired after deactivating all cookies. You can disable or delete similar functions (such as Flash cookies) used by so-called browser add-ons by changing the settings of the browser add-on or also via the website of the manufacturer of the browser add-on.
12.1 What are cookies?
A cookie is a small file that is transferred from the host server of the website during the use of a website and stored on the user's device (desktop computer, laptop, tablet, smartphone, other internet-enabled devices) by the browser used. Cookies are used to store information about the user and to retrieve it when the website is accessed again.
12.2 What are cookies used for?
Cookies help us understand how our websites are used, analyze trends, administer the website, track a user's steps on our website, collect demographic information about our user base as a whole, let you navigate efficiently between pages, remember your preferences and settings on our websites, and basically improve your browsing experience in the process. We process the data collected through tracking technologies to (i) remember information so that you do not have to re-enter it during your visit or revisit, (ii) recognize you across multiple devices, (iii) monitor the functionality and performance of our websites, (iv) collect aggregate metrics regarding total number of visitors, total traffic, usage and demographic patterns on our websites; (v) diagnose and correct technical problems; and (vi) otherwise plan and improve our website.
The most common Internet browsers offer the setting option to not allow certain cookies. If you make these settings, it may not be possible to use all the functions of our website without making settings.
12.3 What types of cookies are used on our websites?
The cookies used on our websites can generally be classified into one of the following categories: Mandatory Cookies, Analysis Cookies, Functional Cookies and Marketing Cookies.
12.3.1 Mandatory cookies
These cookies are essential for the functioning of our internet pages and enable you to navigate our internet pages and use their functions. Without these cookies, certain services that are necessary for the full use of our website cannot be provided.
We process mandatory cookies in accordance with Art. 6 (1) lit. b DSGVO.
12.3.2 Analysis cookies
With the help of these cookies, we collect information about how users use our websites, e.g. which pages are accessed and read most frequently, or how users get from one link to the next. All information collected by these types of cookies does not relate to an individual user, but is aggregated and processed with the information of other users. The cookies provide us with analytical data on how our websites work and how we can improve them. We use these cookies only after you have given your consent to do so.
We process analysis cookies in accordance with Art. 6 Para. 1 lit. a DSGVO on the basis of your consent.
12.3.3 Function-related cookies (convenience functions)
These cookies allow us to store a specific selection you make and to customize our websites to provide you with enhanced features and content. These cookies can be used, for example, to save your language selection or country selection.
We process function-related cookies in accordance with Art. 6 para. 1 lit. a DSGVO.
12.3.4 Marketing cookies
These cookies allow us to analyze which products you are interested in in order to display interest-based advertising on our and other websites accordingly.
We process marketing cookies in accordance with Art. 6 para. 1 lit. a DSGVO.
12.4 How long are cookies stored on my devices?
The storage period depends largely on whether the cookie is "persistent" or "session-related". Session-related cookies are deleted after you leave the web pages that set the cookie. Persistent cookies remain on your device even after you stop browsing until they are deleted or until they expire.
12.5 Further information about cookies
To provide our website, we use the services of the third-party providers listed below. These third-party tools belong to the categories of cookies described above and help us provide our services on our website or promote our products and services over the Internet.
Below you will find additional information about the data processing related to these cookies:
Category/ purpose |
Designation |
Provider/ Recipient |
Third country transfer/Adequacy Decision |
Cookie validity/ retention period |
Exercise of the revocation or opposition |
Performance Used to evaluate user behaviour on the website |
Shopify |
Shopify International Limited c/o Intertrust Ireland 2nd Floor 1-2 Victoria Buildings, Haddington Road Dublin 4, D04 XN32, Ireland |
no, EU |
2 years |
|
Performance Used to evaluate user behaviour on the website |
Shopify |
Shopify International Limited c/o Intertrust Ireland 2nd Floor 1-2 Victoria Buildings, Haddington Road Dublin 4, D04 XN32, Ireland |
no, EU |
30 minutes |
|
Performance Used to evaluate user behaviour on the website |
Hotjar |
Hotjar Ltd, Level 2 St Julians Business Centre, 3, Elia Zammit Street St Julians STJ 3155, Malta |
no, EU |
Session |
|
Performance Used to distinguish users |
Google Analytics |
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA |
EU standard contractual clauses |
1 day |
|
Performance Used to identify a unique user |
Google Analytics |
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA |
EU standard contractual clauses |
2 years |
|
Performance Used to reduce the request rate |
Google Analytics |
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA |
EU standard contractual clauses |
1 minute |
|
Performance Used to evaluate user behaviour on the website |
Shopify |
Shopify International Limited c/o Intertrust Ireland 2nd Floor 1-2 Victoria Buildings, Haddington Road Dublin 4, D04 XN32, Ireland |
no, EU |
30 minutes |
|
Performance Used to evaluate user behaviour on the website |
Shopify |
Shopify International Limited c/o Intertrust Ireland 2nd Floor 1-2 Victoria Buildings, Haddington Road Dublin 4, D04 XN32, Ireland |
no, EU |
30 minutes |
|
Performance Used to evaluate user behaviour on the website |
Shopify |
Shopify International Limited c/o Intertrust Ireland 2nd Floor 1-2 Victoria Buildings, Haddington Road Dublin 4, D04 XN32, Ireland |
no, EU |
2 years |
|
Performance |
Shopify |
Shopify International Limited |
no, EU |
30 Minuten |
|
Performance |
Shopify |
Shopify International Limited |
no, EU |
2 Wochen |
|
Performance |
Shopify |
Shopify International Limited |
no, EU |
2 Wochen |
|
Marketing |
Hotjar |
Hotjar Ltd, Level 2 |
no, EU |
1 Jahr |
|
Performance |
|
Facebook Inc., 1 Hacker Way in Menlo Park, CA 94025, USA |
EU standard contractual clauses |
3 Monate |
|
Marketing |
|
Facebook Inc., 1 Hacker Way in Menlo Park, CA 94025, USA |
EU standard contractual clauses |
3 Monate |
|
Marketing |
|
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA |
EU standard contractual clauses |
15 Minuten |
|
Funktionalität |
Shopify |
MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany |
no, EU |
2 Wochen |
|
Funktionalität |
Shopify |
MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany |
no, EU |
2 Wochen |
|
Funktionalität |
Shopify |
MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany |
no, EU |
1 Stunde |
|
Funktionalität |
Shopify |
Shopify International Limited |
no, EU |
Session |
|
Funktionalität |
Shopify |
MetricsCosmetics GmbH, Fasanenstrasse 47, 10719 Berlin, Germany |
no, EU |
1 Jahr |
|
Zwingend erforderlich |
Shopify |
Shopify International Limited |
no, EU |
18 Jahre |
|
Zwingend erforderlich |
Shopify |
Shopify International Limited |
no, EU |
2 Wochen |
|
Zwingend erforderlich |
Shopify |
Shopify International Limited |
no, EU |
2 Wochen |
|
Zwingend erforderlich |
Shopify |
Shopify International Limited |
no, EU |
2 Wochen |
|
Zwingend erforderlich |
CloudFlare |
Cloudflare, Inc. |
EU standard contractual clauses |
1 Monat |
13. Technical protection meausres?
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, we use SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.