Supports Cloudflare cookies without domains

Privacy and Legal Policy

This guideline applies to the data protection guideline of our website under German law. For more information and non-German jurisdictions, see our global privacy policy in English.

privacy

We have written this data protection declaration (version 12.06.2020-311185601) to explain to you in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 what information we collect, how we use data and what options you have as a visitor to this website .

Unfortunately, it is in the nature of things that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible.

Automatic data storage

When you visit websites these days, certain information is automatically created and stored, including on this website.

If you visit our website as you are now, our web server (computer on which this website is stored) automatically saves data such as

  • the address (URL) of the accessed website
  • Browser and browser version
  • the operating system used
  • the address (URL) of the previously visited page (referrer URL)
  • the host name and the IP address of the device from which access is made
  • Date and Time

in files (web server log files).

As a rule, web server log files are stored for up to ten weeks and then automatically deleted. We do not pass on this data, but we cannot rule out that this data will be viewed in the event of illegal behavior.

Cookies

Our website uses HTTP cookies to save user-specific data.
In the following we explain what cookies are and why they are used so that you can better understand the following data protection declaration.

What exactly are cookies?

Whenever you surf the Internet, you are using a browser. Well-known browsers are, for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites save small text files in your browser. These files are called cookies.

One thing cannot be dismissed out of hand: Cookies are really useful little helpers. Almost all websites use cookies. To be more precise, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, which is the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser sends the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you your usual standard settings. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly from our side, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "pests". Cookies cannot access information on your PC either.

For example, cookie data can look like this:

  • Name: _ga
  • Expiry time: 2 years
  • Use: Differentiation of website visitors
  • Exemplary value: GA1.2.1326744211.152311185601

A browser should support the following minimum sizes:

  • A cookie should be able to contain at least 4096 bytes
  • At least 50 cookies should be able to be stored per domain
  • A total of at least 3000 cookies should be able to be stored

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the data protection declaration. At this point we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

Absolutely necessary cookies
These cookies are necessary to ensure the basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues surfing on other pages and only goes to checkout later. These cookies do not delete the shopping cart, even if the user closes his browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and the behavior of the website in different browsers.

Goal-oriented cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are saved.

How can I delete cookies?

You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option of deleting cookies, only partially allowing them or deactivating them. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies in Chrome

Safari: manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether or not to allow the cookie. The procedure is different depending on the browser. It is best to search for the instructions in Google with the search term “Delete cookies Chrome” or “Deactivate cookies Chrome” in the case of a Chrome browser or replace the word “Chrome” with the name of your browser, e.g. Edge, Firefox, Safari.

What about my data protection?

The so-called “cookie guidelines” have existed since 2009. It states that the storage of cookies requires the consent of the website visitor (i.e. you). Within the EU countries, however, there are still very different reactions to these guidelines. In Germany, the cookie guidelines have not been implemented as national law. Instead, this guideline was largely implemented in Section 15 (3) of the Telemedia Act (TMG).

If you want to know more about cookies and don't shy away from technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Storage of personal data

Personal data that you transmit to us electronically on this website, such as name, e-mail address, address or other personal information in the context of submitting a form or comments in the blog, are stored by us together with the time and the IP address. Address is only used for the specified purpose, stored securely and not passed on to third parties.

We therefore only use your personal data for communication with those visitors who expressly request contact and for processing the services and products offered on this website. We do not pass on your personal data without your consent, but we cannot rule out that this data will be viewed in the event of illegal behavior.

If you send us personal data by e-mail - outside of this website - we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by email.

According to Article 6 Paragraph 1 a GDPR (lawfulness of processing), the legal basis is that you give us your consent to process the data you have entered. You can revoke this consent at any time - an informal e-mail is sufficient, you will find our contact details in the imprint.

Rights according to the General Data Protection Regulation

According to the provisions of the GDPR, you have the following rights:

  • Right to rectification (Article 16 GDPR)
  • Right to deletion ("right to be forgotten") (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to notification - obligation to notify in connection with the correction or deletion of personal data or the restriction of processing (Article 19 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right of objection (Article 21 GDPR)
  • Right not to be subject to a decision based solely on automated processing - including profiling (Article 22 GDPR)

If you believe that the processing of your data violates data protection law or that your data protection claims have been violated in any other way, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

Evaluation of visitor behavior

In the following data protection declaration we inform you whether and how we evaluate data from your visit to this website. The evaluation of the collected data is usually anonymous and we cannot infer your person from your behavior on this website.

You can find out more about how to object to this analysis of the visit data in the following data protection declaration.

TLS encryption with https

We use https to transmit data securely on the Internet (data protection through technology design, Article 25 (1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission protection by the small lock symbol in the top left of the browser and the use of the https (instead of http) scheme as part of our Internet address.

Cloudflare privacy policy

We use Cloudflare from Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) on this website to make our website faster and safer. Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that provides a content delivery network and various security services. These services are located between the user and our hosting provider and act as a reverse proxy for websites. We will try to explain in more detail below what all this means.

What is Cloudflare?

A content delivery network (CDN), as provided by Cloudflare, is nothing more than a network of servers connected via the Internet. Cloudflare has distributed such servers all over the world to bring websites to your screen faster. Simply put, Cloudflare makes copies of our website and places them on their own servers. When you visit our website now, a load balancing system ensures that most of our website is delivered by the server that can display our website to you the fastest. A CDN significantly shortens the data transfer route to your browser. Thus, the content of our website is delivered to you by Cloudflare not only from our hosting server, but from servers from all over the world. The use of Cloudflare is particularly helpful for users from abroad, since here the page can be delivered from a server nearby. In addition to the fast delivery of websites, Cloudflare also offers various security services, such as DDoS protection or the web application firewall.

Why do we use Cloudflare on our website?

Of course we want to offer you the best possible service with our website. Cloudflare helps us to make our website faster and safer. Cloudflare offers us both web optimization and security services such as DDoS protection and web firewall. This also includes a reverse proxy and the content distribution network (CDN). Cloudflare blocks threats and limits abusive bots and crawlers that are wasting our bandwidth and server resources. By storing our website on local data centers and blocking spam software, Cloudflare enables us to reduce our bandwidth usage by around 60%. Serving content through a data center near you, and doing some web optimizations there, reduces the average load time of a website by around half. With the setting “I'm Under Attack Mode” (“I'm under attack” mode), according to Cloudflare, further attacks can be weakened by displaying a JavaScript arithmetic task that must be solved before a user can access a website. Overall, this makes our website much more powerful and less susceptible to spam or other attacks.

What data does Cloudflare save?

Cloudflare generally only forwards data that is controlled by website operators. The content is not determined by Cloudflare, but always by the website operator. In addition, Cloudflare may collect certain information about the use of our website and process data that is sent by us or for which Cloudflare has received instructions. In most cases, Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS log data and performance data for websites that are derived from browser activity. For example, log data helps Cloudflare identify new threats. In this way, Cloudflare can guarantee a high level of security protection for our website. Cloudflare processes this data as part of the services in compliance with the applicable laws. This of course also includes the General Data Protection Regulation (GDPR).

For security reasons, Cloudflare also uses a cookie. The cookie (__cfduid) is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie becomes very useful, for example, if you use our website from a location with a number of infected computers. However, if your computer is trustworthy, we can recognize this by means of the cookie. In this way, you can surf our website unhindered despite infected PCs in the vicinity. It is also important to know that this cookie does not store any personal data. This cookie is essential for the Cloudflare security functions and cannot be deactivated.

Cloudflare cookies

  • __cfduid
    • Expiry time: 1 year
    • Use: Security settings for each individual visitor
    • Exemplary value: d798bf7df9c1ad5b7583eda5cc5e78311185601

Cloudflare also works with third party providers. They may only process personal data under the instruction of Cloudflare and in accordance with the data protection guidelines and other confidentiality and security measures. Without our explicit consent, Cloudflare does not pass on any personal data.

How long and where will the data be stored?

Cloudflare stores your information primarily in the US and the European Economic Area. Cloudflare can transmit and access the information described above from all over the world. In general, Cloudflare stores user-level data for Free, Pro and Business versions of domains for less than 24 hours. For enterprise domains that have activated Cloudflare Logs (formerly Enterprise LogShare or ELS), the data can be stored for up to 7 days. However, if IP addresses trigger security warnings at Cloudflare, there may be exceptions to the storage duration listed above.

How can I delete my data or prevent data storage?

Cloudflare only stores data logs for as long as necessary, and in most cases this data is deleted within 24 hours. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent logs in order to improve the overall performance of Cloudflare Resolver and to identify any security risks. You can find out exactly which permanent logs are saved at https://www.cloudflare.com/application/privacypolicy/.All data that Cloudflare collects (temporarily or permanently) is cleaned of all personal data. All permanent logs are also anonymized by Cloudflare.

In their privacy policy, Cloudflare states that they are not responsible for the content they receive. For example, if you ask Cloudflare whether you can update or delete your content, Cloudflare always refers to us as the website operator. You can also completely prevent the entire collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or by integrating a script blocker in your browser.

Cloudflare is an active participant in the EU-U.S. Privacy Shield Framework which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0.
You can find more information on data protection at Cloudflare at https://www.cloudflare.com/de-de/privacypolicy/

BootstrapCDN Privacy Policy

We use the Content Delivery Network (CDN) BootstrapCDN from the American software company StackPath, LLC 2012 McKinney Ave. Suite 1100, Dallas, TX 75201, USA.

A content delivery network (CDN) is a network of regionally distributed servers that are connected to one another via the Internet. Through this network, content, especially very large files, can be delivered quickly even with large load peaks.

BootstrapCDN works in such a way that so-called JavaScript libraries are delivered to your browser. If your browser downloads a file from the Bootstrap CDN, your IP address will be transmitted to the company StockPath during the connection to the Bootstrap CDN server.

StackPath also mentions in its own data protection declaration that the company uses aggregated and anonymized data from various services (such as BootstrapCDN) for the extension of the backup and for other StackPath services and clients. However, none of these data can identify a person.

If you want to prevent this data transfer, you can install a JavaScript blocker (see, for example, https://noscript.net/) or deactivate the execution of JavaScript codes in your browser. Please note, however, that this means that the website can no longer offer the usual service (such as fast loading speed).

StackPath is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt0000000CbahAAC&status=Active.
You can find more information on data protection at StackPath and BootstrapCDN at https://www.bootstrapcdn.com/privacy-policy/.

YouTube privacy policy

We have installed YouTube videos on our website. So we can present you interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you call up a page on our website that has embedded a YouTube video, your browser automatically connects to the YouTube or Google servers. Different data are transmitted (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe.

In the following we would like to explain to you in more detail which data is processed, why we have integrated YouTube videos and how you can manage or delete your data.

What is youtube

On YouTube, users can watch, rate, comment and upload videos for free. Over the past few years, YouTube has become one of the most important social media channels in the world. So that we can display videos on our website, YouTube provides a code excerpt that we have built into our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course interesting videos shouldn't be missing. With the help of our embedded videos, we provide you with additional helpful content in addition to our texts and images. In addition, our website is easier to find on the Google search engine thanks to the embedded videos. Even if we place advertisements via Google Ads, thanks to the data collected, Google can really only show these advertisements to people who are interested in our offers.

Which data is saved by YouTube?

As soon as you visit one of our pages that has a YouTube video integrated, YouTube sets at least one cookie that saves your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile with the help of cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your Internet provider. Further data can be contact details, any ratings, sharing content via social media or adding it to your favorites on YouTube.

If you are not signed in to a Google account or a YouTube account, Google stores data with a unique identifier that is linked to your device, browser or app. For example, your preferred language setting is retained. But a lot of interaction data cannot be saved because fewer cookies are set.

In the following list we show cookies that were set in a test in the browser. On the one hand, we show cookies that are set without a registered YouTube account. On the other hand, we show cookies that are set with a registered account. The list cannot claim to be complete because the user data always depends on the interactions on YouTube.

Surname: YSC
Value: b9-CV6ojI5Y311185601-1
Usage: This cookie registers a unique ID in order to save statistics of the video seen.
Expiry Date: after the end of the session

Surname: PREF
Value: f1 = 50000000
Usage: This cookie also registers your unique ID. Via PREF, Google receives statistics on how you use YouTube videos on our website.
Expiry Date: after 8 months

Surname: GPS
Value: 1
Usage: This cookie registers your unique ID on mobile devices to track GPS location.
Expiry Date: after 30 minutes

Surname: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Usage: This cookie tries to estimate the bandwidth of the user on our website (with built-in YouTube video).
Expiry Date: after 8 months

Other cookies that are set when you are logged in to your YouTube account:

Surname: APISID
Value: zILlvClZSkqGsSwI / AU1aZI6HY7311185601-
Usage: This cookie is used to create a profile about your interests. The data is used for personalized advertisements.
Expiry Date: after 2 years

Surname: CONSENT
Value: YES + AT.de + 20150628-20-0
Usage: The cookie saves the status of a user's consent to the use of various Google services. CONSENT is also used for security in order to check users and to protect user data from unauthorized attacks.
Expiry Date: after 19 years

Surname: HSID
Value: AcRwpgUik9Dveht0I
Usage: This cookie is used to create a profile about your interests. This data helps to display personalized advertising.
Expiry Date: after 2 years

Surname: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Usage: This cookie stores information about your login data.
Expiry Date: after 2 years

Surname: SAPISID
Value: 7oaPxoG-pZsJuuF5 / AnUdDUIsJ9iJz2vdM
Usage: This cookie works by uniquely identifying your browser and device. It is used to create a profile about your interests.
Expiry Date: after 2 years

Surname: SID
Value: oQfNKjAsI311185601-
Usage: This cookie stores your Google account ID and your last login time in a digitally signed and encrypted form.
Expiry Date: after 2 years

Surname: SIDCC
Value: AN0-TYuqub2JOcDTyL
Usage: This cookie stores information about how you use the website and which advertisements you may have seen before visiting our site.
Expiry Date: after 3 months

How long and where will the data be stored?

The data that YouTube receives and processes from you is stored on Google's servers. Most of these servers are in America. At https://www.google.com/about/datacenters/inside/locations/?hl=de you can see exactly where the Google data centers are located. Your data is distributed on the servers. This means that the data can be accessed more quickly and better protected against manipulation.

Google stores the data collected for different lengths of time. You can delete some data at any time, others are automatically deleted after a limited period of time and others are stored by Google for a longer period of time. Some data (such as items from "My Activity", photos or documents, products) saved in your Google Account will be saved until you delete them. Even if you're not signed in to a Google Account, you can delete some data associated with your device, browser, or app.

How can I delete my data or prevent data storage?

Basically, you can delete data in the Google account manually. With the automatic deletion function of location and activity data introduced in 2019, information is stored depending on your decision - either 3 or 18 months and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser so that Google deletes or deactivates cookies. Depending on which browser you are using, this works in different ways. The following instructions show how to manage cookies in your browser:

Chrome: Delete, activate and manage cookies in Chrome

Safari: manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether or not to allow it. Since YouTube is a subsidiary of Google, there is a common privacy policy. If you want to find out more about the handling of your data, we recommend the data protection declaration at https://policies.google.com/privacy?hl=de.

Source: Created with the data protection generator from AdSimple in cooperation with hashtagbeauty.de