Erstberatung
Cart
Subtotal
0,00 €
Shipping, taxes, and discount codes calculated at checkout.
Your cart is currently empty.
Google Rating
5.0 104 reviews since February 2023

Data protection

Below you will find information about what types of personal data we process, to what extent and for what purposes.

Personal data is information that can be used to identify you as a data subject, such as your name, address, email address, or user behavior.

Data subjects are those with whom we have a relationship in the course of providing our services, visitors to our website and users of our entire online offering.

Name and address of the data controller:

LVATE GmbH
Müllerstr. 27
80469 Munich

Represented by:
Dr. Lukas H. Kohler

Email: hello@lvate.de

The data protection officer of the controller is:

Datavise GmbH & Co. KG

Luegallee 114
40545 Düsseldorf

Telephone: 0211 5800 26 96 0

Email: datenschutz@datavise.de

We collect and store the following types of data:

  • Inventory data (e.g. names and addresses)
  • Contact details (e.g. telephone numbers and email addresses)
  • Contract details (e.g. terms and conditions)
  • Payment details (e.g., account details)
  • Usage data (e.g., access times, pages visited)
  • Metadata (e.g. browser type, IP address, operating system)
  • Content data (e.g., your text entries in contact forms, etc.)

The categories of persons affected:

  • Employees
  • applicants
  • Customers
  • Clients
  • patients
  • suppliers
  • Contract partner
  • Interested parties
  • Users (website/online services)

The data is collected for the following purposes:

  • information
  • communication
  • Customer service
  • Services for the fulfillment of the contract
  • Direct marketing / Marketing
  • (Technical) provision of the online service
  • Security measures to protect the (online) offer
  • Audience measurement to improve the service

Your personal data will be processed exclusively on the basis of the following legal grounds:

  • Consent pursuant to Art. 6 para. 1 lit. a GDPR
     "The data subject has given consent to the processing of their personal data for one or more specific purposes."
  • Contract fulfillment and pre-contractual inquiries pursuant to Art. 6 para. 1 lit. b GDPR
    "The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract."
  • Legal obligations pursuant to Art. 6 para. 1 lit. c GDPR
     "Processing is necessary for compliance with a legal obligation to which the controller is subject"
  • Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR
     "Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."
  • Article 88 GDPR, Section 26 BDSG-new
    Data processing in the employment context or data processing for the purposes of the employment relationship

Transfer to third parties

Your data will generally remain within our company. The transfer or disclosure of your personal data to a third party will only occur if...

  • based on a legal basis for permission,
  • by your consent,
  • if we are legally obligated to do so or
  • based on a legitimate interest pursuant to Art. 6 lit. f GDPR.

In this context, our data processors are obligated by means of a data processing agreement in accordance with Art. 28 GDPR to comply with the necessary technical and organizational measures in order to guarantee the protection of the rights of the data subjects.

Transfer to third countries

Your personal data will only be transferred to third countries (outside the European Union (EU) / the European Economic Area) if

  • based on a legal basis for permission,
  • to fulfill (pre-)contractual obligations,
  • by their consent or
  • if we are legally obligated to do so.

The processing only takes place in such countries.

  • for which an adequacy decision by the EU Commission or
  • suitable safeguards within the meaning of Article 46 GDPR exist,
  • which offer an adequate level of protection in accordance with Art. 45 et seq. GDPR,
  • are subject to officially recognized contractual obligations such as the so-called "standard contractual clauses", or
  • for which one of the exceptions under Article 49 GDPR applies.

Storage duration

Your personal data will be routinely deleted or its processing restricted or blocked no later than after the expiry of the respective statutory retention periods (e.g. commercial and tax law retention periods), provided that this data is no longer necessary for the performance of the contract and/or we have no legitimate interest in further storage.

Website usage and creation of log files

When you visit our website, the following information is automatically transmitted from your browser to our provider's server:

– IP address of your device

– Date and time of access

– Name and URL of retrieved files

– Website from which access is made or from which you were redirected to our site (referrer URL)

– browser used and, if applicable, the operating system of your device

– Name of the access provider.

This data will not be combined with other data sources. The IP address will be anonymized.

This data is collected to ensure the proper functioning of the website, to optimize the website, and to guarantee the security of our IT systems. These aforementioned purposes also constitute our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR.

This data will be automatically deleted after a maximum of 7 days. In cases of website misuse, the relevant data, the further storage of which is necessary for evidentiary purposes, will be retained until the matter is resolved.

Hosting by Shopify

We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop, based on data processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned services provided by Shopify, data may also be transferred to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. for further processing on our behalf. In the event of data transfer to Shopify Inc. in Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

Further information on Shopify's data protection policy can be found on the following website: https://www.shopify.de/legal/datenschutz

Further processing on servers other than those mentioned above by Shopify will only take place within the scope outlined below.

Cookies

This website uses cookies. These are small text files that are stored in or by the web browser on the user's device. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a unique string of characters that allows the browser to be uniquely identified when the website is visited again.

The following types of cookies are distinguished:

Session cookies

Session cookies are functionally necessary cookies that do not require consent, as they are automatically deleted when you leave the homepage.

The legal basis for this processing is Article 6(1)(f) GDPR.

Persistent cookies

Persistent cookies remain permanently on the user's device. This allows, for example, the login status to be checked or preferred content to be displayed. In addition, the data processed here can be used for audience measurement.

The legal basis for this processing is Article 6(1)(a) GDPR, which therefore requires the user's consent.

We use cookies that allow us to analyze the user's browsing behavior.

The following data is stored and transmitted in the cookies:

– Frequency of page views

– Use of website functions

When you visit our website, you will be informed about the use of cookies for analytical purposes and asked to consent to the processing of the personal data used in this context. You will also be referred to this privacy policy.

The user can withdraw their consent and object to the processing of their personal data at any time via the following cookie settings.

Furthermore, the user can also object via the corresponding settings of their browser.

The transmission of cookies can be deactivated or restricted by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This deletion can also be automated. Each browser manages these cookie settings differently. This setting is described in the help menu of each browser, which explains how to change your cookie settings. Deactivating cookies may limit the functionality of this website.

We may work with advertising partners who help us make our website more interesting for you. For this purpose, when you visit our website, cookies from partner companies (third-party cookies) may also be stored on your hard drive. This includes providers from countries with insecure third-party data protection. The data may be shared with partner companies in the USA, for example.

contact

The use of our website is generally possible without providing personal data.

Should you contact us via other means, such as a contact form, email or telephone, the data collected here will be treated confidentially and will not be passed on to third parties without your consent.

The respective purpose of the data processing is derived from

  • the voluntary disclosure by the data subject pursuant to Art. 6 para. 1 lit. a GDPR
  • for the performance of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR
  • through the legitimate interest of effectively processing inquiries addressed to the company pursuant to Art. 6 para. 1 lit. f GDPR.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

For personal data transmitted via email, this is the case when the respective conversation with the user has ended. A conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

For electronic contact, a contact form is available on our website. If you use this option, the data entered in the input fields will be transmitted to us and stored. Providing this personal data is optional.

- First name

- Last name

- Email

In addition, the following data is stored at the time the message is sent:

- The user's IP address

- Date and time of registration

- Browser and device

The user has the right to object to the processing of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored during the contact process will be deleted.

Contractual and business partners

We primarily process the data of our contractual and business partners to fulfill our contractual obligations and for communication purposes. Furthermore, processing occurs for proper and efficient business management and to protect our rights. The processing is therefore carried out accordingly.

  • for the performance of the contract and pre-contractual inquiries pursuant to Art. 6 para. 1 lit. b GDPR,
  • due to legal obligation pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR or
  • based on legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

Data will only be passed on to third parties if this is necessary to fulfill legal obligations or if this is stated in the contract or this privacy policy.

applicants

By submitting their application to us, applicants agree to the processing of their data for the purposes of the application process in the manner and scope set out in this privacy policy.

The legal basis for the processing of applicant data is Art. 88 GDPR, § 26 BDSG-neu and, where applicable, Art. 6 para. 1 lit. b GDPR for the initiation or execution of contractual relationships.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily disclosed during the application process, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. b) GDPR (e.g. health data, such as severe disability or ethnic origin).

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants during the application process, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. a) GDPR (e.g. health data if this is necessary for the exercise of the profession).

The data provided by applicants may be further processed by us for the purposes of the employment relationship if the application is successful. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Deletion takes place after a period of six months so that we can answer any follow-up questions regarding the application and comply with our obligations under the General Equal Treatment Act. Invoices for any travel expense reimbursements will be archived in accordance with tax regulations.

Prevention of abuse and spam using Google's reCAPTCHA tool

This website also uses the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function primarily serves to distinguish whether an entry is made by a natural person or is being misused through automated processing. The service involves sending the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google, and is carried out in accordance with Art. 6 Para. 1 lit. a GDPR on the basis of consent, which is transmitted to us via the consent banner.

When using Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC in the USA.

Further information about Google reCAPTCHA and Google's privacy policy can be found at:

https://www.google.com/intl/de/policies/privacy

Social Media Plug-ins

We use social media plugins from the following social networks on our website.

  • YouTube
  • Instagram
  • TikTok

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the network operator's servers. The plugin's content is transmitted directly from the operator to your browser and integrated into the page. Through this integration, the operator receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the operator or are not currently logged in.

This information (including your IP address) is transmitted directly from your browser to a server of the operator and stored there. If you are logged in to the operator's service, they can directly associate your visit to our website with your account. If you interact with the plugins, for example by clicking a button, this information is also transmitted directly to a server of the operator and stored there.

Furthermore, the information may be published on your account and displayed to your contacts there.

The operator may use this information for advertising, market research, and to tailor its pages to user needs. For this purpose, the operator creates usage, interest, and relationship profiles, for example, to evaluate your use of our website in relation to the advertisements displayed to you, to inform other users about your activities on our website, and to provide other services related to the use of the network.

If you do not want the operator to associate the data collected via our website with your account, you must log out of the operator's service before visiting our website.

For information on the purpose and scope of data collection and the further processing and use of data by the operators, as well as your related rights and settings options to protect your privacy, please refer to the privacy policies of the respective operators.

We use social media plugins based on Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR. This means only after obtaining the consent of the data subject via our consent banner. The purpose is to enhance communication with users, for example, through customer feedback.

Social media presence

For communication and information purposes with users, as well as for advertising purposes, we are represented on the following social networks:

  • YouTube
  • Instagram
  • TikTok

We process data obtained through our social media presence only for the aforementioned purposes and on the legal basis of [relevant legal basis].

  • the voluntary disclosure by the data subject pursuant to Art. 6 para. 1 lit. a GDPR
  • for the performance of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR or
  • through the legitimate interest of effectively processing inquiries addressed to the company pursuant to Art. 6 para. 1 lit. f GDPR.

Social network operators typically process user data for market research and advertising purposes. Using user interests and browsing behavior, user profiles can be created to display advertising to the user both within and outside the network that matches their profile/interests.

For further information on data processing, options for objection and assertion of data subject rights, please refer to the privacy policies of the respective provider.

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

( https://policies.google.com/privacy )

Data processing agreement: https://www.youtube.com/t/terms_dataprocessing

Instagram

Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

( https://de-de.facebook.com/privacy/policy/?entry_point=facebook_page_footer )

TikTok

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

( https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE )

Your rights

As a data subject, you have the right to assert your rights under the General Data Protection Regulation (GDPR) against us. These rights include the following:

Right of access pursuant to Article 15 GDPR

You have the right to request information about your data stored with us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from you, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved. An informal request via email or post is sufficient for this purpose. You will receive your requested information within one month of receipt of your request.

Right to rectification pursuant to Article 16 GDPR

If we have recorded/stored incorrect data about you, you can request its correction or completion by submitting an informal request. You will receive information about the changes to your data within one month of receiving your request.

Right to erasure under Article 17 GDPR

You have the right to request the deletion of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims. However, this requires that the purposes for processing no longer apply, or that you have objected to the processing pursuant to Article 21 GDPR, you have withdrawn your consent pursuant to Article 7 GDPR, or the processing is unlawful.

Right to restriction of processing pursuant to Article 18 GDPR

You have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you object to its erasure, we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or you have objected to the processing pursuant to Article 21 GDPR. You can notify us of this informally.

Right to data portability according to Article 20 GDPR

You have the option to receive the data we hold about you in a structured, commonly used and machine-readable format, or to request its transfer to another controller.

Right of withdrawal for consents pursuant to Art. 7 para. 3 GDPR

You have the right to withdraw your consent at any time. This means that we will no longer be permitted to process your data based on this consent in the future.

Right to object pursuant to Article 21 GDPR

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data, provided that there are grounds relating to your particular situation or the objection is directed against direct marketing.

In the latter case, you have a general right to object, which we will implement without requiring you to specify a particular situation.

If you wish to exercise your right of withdrawal or objection, simply send an email to hello@lvate.de .

Right to lodge a complaint pursuant to Article 77 GDPR

You have the right to lodge a complaint with a supervisory authority. You can contact the supervisory authority in your place of habitual residence, your place of work, or our registered office.

Definitions according to Article 4 GDPR

“personal data”

all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"Processing"

any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Restriction of processing”

the marking of stored personal data with the aim of restricting its future processing;

“Profiling”

any type of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

“Person in charge”

the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;

“Data processor”

a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

"Recipient"

A natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

“Third”

a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

"Consent"

any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

“genetic data”

personal data relating to the inherited or acquired genetic characteristics of a natural person, which provide unique information about the physiology or health of that natural person and which are obtained in particular from the analysis of a biological sample of the natural person concerned;

"Health data"

personal data relating to the physical or mental health of a natural person, including the provision of health services, and revealing information about their state of health;

"Company"

a natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships or associations that regularly engage in an economic activity;

“Supervisory authority”

an independent public authority established by a Member State in accordance with Article 51;

Updates and changes to this privacy policy

This privacy policy is currently valid and was last updated on December 23, 2022.

Created and reviewed by Datavise – Data security experts

contact

Schreiben Sie uns

Kontaktdaten

address

LVATE Face Aesthetics
Ottostrasse 1/Lenbachplatz 1
80333 Munich

phone

+49 89 38038749

E-mail

munich@lvate.de

Data protection