Erstberatung
Cart
Subtotal
0,00 €
Shipping, taxes, and discount codes calculated at checkout.
Your cart is currently empty.

Data protection

Below you will find information about which types of personal data we process, to what extent and for what purposes.

Personal data is information that can be used to identify you as the data subject, such as your name, address, email address or user behavior.

Data subjects are those with whom we have a relationship in the context of providing our services, visitors to our website and users of our entire online offering.

Name and address of the person responsible for data processing:

LVATE GmbH
Rolandstrasse 44
40476 Düsseldorf

Represented by:
Dr. Lukas H. Kohler

Email: hello@lvate.de

The data protection officer of the controller is:

Datavise GmbH & Co. KG

Luegallee 114
40545 Düsseldorf

Phone: 0211 5800 26 96 0

Email: datenschutz@datavise.de

We collect and store the following types of data:

  • Inventory data (e.g. names and addresses)
  • Contact details (e.g. telephone numbers and email addresses)
  • Contract data (e.g. terms and conditions)
  • Payment details (e.g. account details)
  • Usage data (e.g. access times, pages viewed)
  • Metadata (e.g. browser type, IP address, operating system)
  • Content data (e.g. your text entries in contact forms or similar)

The categories of persons affected:

  • Employees
  • applicants
  • Customers
  • Clients
  • patients
  • suppliers
  • Contractual partner
  • Interested parties
  • Users (website/online offerings)

The data is collected for the following purposes:

  • information
  • communication
  • Customer service
  • Services for contract fulfillment
  • Direct marketing / Marketing
  • (technical) provision of the online offer
  • Security measures to protect the (online) offer
  • Reach measurement to improve the offer

Your personal data is processed exclusively on the basis of the following legal bases:

  • Consent according to Art. 6 (1) (a) GDPR
     "The data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes"
  • Contractual performance and pre-contractual inquiries according to Art. 6 (1) (b) GDPR
    "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract"
  • Legal obligations according to Art. 6 (1) (c) GDPR
     "processing is necessary to fulfill a legal obligation to which the controller is subject"
  • Legitimate interest according to Art. 6 (1) (f) GDPR
     "processing is necessary to safeguard the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child"
  • Art. 88 GDPR, § 26 BDSG-new
    Data processing in the employment context or data processing for the purposes of the employment relationship

Transmission to third parties

Your data will remain within our company. Your personal data will only be transferred or disclosed to third parties

  • on the basis of a legal authorization,
  • with your consent,
  • if we are legally obliged to do so or
  • based on a legitimate interest pursuant to Art. 6 lit. f GDPR.

In this case, our processors are obliged by means of a data processing agreement pursuant to Art. 28 GDPR to comply with the necessary technical and organizational measures in order to ensure the protection of the rights of the data subjects.

Transfer to third countries

The transfer of your personal data to third countries (outside the European Union (EU) / European Economic Area)) will only take place

  • on the basis of a legal authorization,
  • to fulfil (pre-)contractual obligations,
  • by their consent or
  • if we are legally obliged to do so.

Processing will only take place in countries

  • for which an adequacy decision has been taken by the EU Commission or
  • appropriate safeguards within the meaning of Art. 46 GDPR exist,
  • which offer an adequate level of protection in accordance with Art. 45 et seq. GDPR,
  • are subject to officially recognized contractual obligations such as the so-called "standard contractual clauses", or
  • for which one of the exceptions under Art. 49 GDPR applies.

Duration of storage

Your personal data will be routinely deleted, restricted in processing, or blocked at the latest after expiry of the respective statutory retention periods (e.g. retention periods under commercial and tax law), provided that this data is no longer necessary for the performance of the contract and/or we have no legitimate interest in further storage.

Use of the website and creation of log files

When you visit our website, the following information is automatically transmitted from your browser to our provider’s server:

– IP address of your device

– Date and time of access

– Name and URL of retrieved files

– Website from which you accessed our site or from where you were directed to our site (referrer URL)

– browser used and, if applicable, the operating system of your device

– Name of the access provider.

This data will not be merged with other data sources. The IP address is anonymized.

This data is collected to ensure the proper use of the website, to optimize the website, and to ensure the security of our IT systems. These aforementioned purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR.

This data is automatically deleted after a maximum of seven days. In the event of misuse of the website, the data in question, which is necessary for evidentiary purposes, will be retained until the matter is resolved.

Hosting by Shopify

We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned services from Shopify, data may also be transmitted to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc. for further processing on our behalf. In the event that data is transmitted to Shopify Inc. in Canada, an appropriate level of data protection is guaranteed by an adequacy decision of the European Commission.

Further information on Shopify’s data protection can be found on the following website: https://www.shopify.de/legal/datenschutz

Further processing on Shopify servers other than those mentioned above will only take place within the framework communicated below.

Cookies

This website uses cookies. These are small text files that are stored in the internet browser or by the internet browser on the user's device. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is visited again.

A distinction is made between the following types of cookies:

Session cookies

Session cookies are functionally necessary cookies that do not require consent, as they are automatically deleted when you leave the website.

The legal basis for this processing is Art. 6 (1) (f) GDPR.

Persistent cookies

Persistent cookies remain permanently on the device. They can be used, for example, to check the login status or display preferred content. Furthermore, the data processed here can be used for reach measurements.

The legal basis for this processing is Art. 6 (1) (a) GDPR, which means that the user’s consent is required.

We use cookies that enable analysis of user surfing behavior.

The following data is stored and transmitted in the cookies:

– Frequency of page views

– Use of website functions

When visiting our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of personal data used in this context is obtained. In this context, a reference to this privacy policy is also provided.

Using the following cookie settings, the user can revoke his consent at any time and object to the processing of his personal data.

In addition, the user can also object via the corresponding settings in his browser.

The transmission of cookies can be deactivated or restricted by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This deletion can also be done automatically. Each browser manages these cookie settings differently. This setting is described in the help menu of each browser, which explains how to change your cookie settings. If cookies are deactivated, the functionality of this website may be limited.

We may work with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies are stored on your hard drive when you visit our website (third-party cookies). This includes providers from unsafe third countries. The data is shared, for example, with partner companies in the USA.

contact

You can generally use our website without providing any personal data.

If you contact us via other means, such as a contact form, email or telephone, the data collected here will be treated confidentially and will not be passed on to third parties without your consent.

The respective purpose of data processing arises from

  • the voluntary information of the data subject in accordance with Art. 6 (1) (a) GDPR
  • the performance of a contract or to carry out pre-contractual measures pursuant to Art. 6 (1) (b) GDPR
  • through the legitimate interest of effectively processing the enquiries addressed to the company in accordance with Art. 6 (1) (f) GDPR.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

For personal data sent via email, this is the case when the respective conversation with the user has ended. The conversation is concluded when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

A contact form is available on our website for electronic contact. If you use this option, the data entered in the input form will be transmitted to us and stored. This personal data is optional:

- First name

- Last name

- Email

In addition, the following data is stored at the time the message is sent:

- The user's IP address

- Date and time of registration

- Browser and device

The user has the right to object to the processing of personal data at any time. In such a case, the conversation cannot be continued. All personal data stored during the contact process will be deleted.

Contract and business partners

We process the data of our contractual and business partners primarily to fulfill our contractual obligations and for communication purposes. Furthermore, we process the data for proper and efficient business management and to protect our rights. The processing is therefore carried out

  • for the performance of the contract and pre-contractual inquiries according to Art. 6 (1) (b) GDPR,
  • due to a legal obligation pursuant to Art. 6 (1), sentence 1 (c) GDPR or
  • based on legitimate interests pursuant to Art. 6 (1), sentence 1 (f) GDPR.

Data will only be passed on to third parties if this is necessary to fulfill legal obligations or if this is stated in the contract or this data protection declaration.

applicants

By submitting their application to us, applicants agree to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy.

The legal basis for the processing of applicant data is Art. 88 GDPR, Section 26 BDSG-new and, if applicable, Art. 6 (1) (b) GDPR for the initiation or execution of contractual relationships.

If special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily provided as part of the application process, they will also be processed in accordance with Art. 9 (2) (b) GDPR (e.g. health data, such as severely disabled status or ethnic origin).

If special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants as part of the application process, these will also be processed in accordance with Art. 9 (2) (a) GDPR (e.g. health data if these are necessary for the exercise of the profession).

In the event of a successful application, the data provided by applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Deletion occurs after a period of six months so that we can answer any follow-up questions regarding the application and fulfill our documentation obligations under the General Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

Avoiding abuse and spam using Google's reCAPTCHA tool

On this website, we also use the reCAPTCHA function provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is primarily used to distinguish whether an input has been made by a natural person or has been misused through machine and automated processing. This service includes sending the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 (1) (a) GDPR on the basis of consent, which is transmitted to us via the consent banner.

When using Google reCAPTCHA, personal data may also be transferred to Google LLC's servers in the USA.

Further information about Google reCAPTCHA and Google’s privacy policy can be found at:

https://www.google.com/intl/de/policies/privacy

Social media plug-ins

We use social media plug-ins from the following social networks on our website.

  • YouTube
  • Instagram
  • TikTok

When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the servers of the network operator. The plugin content is transmitted directly to your browser by the operator and integrated into the page. Through this integration, the operator receives the information that your browser has accessed the corresponding page on our website, even if you do not have a profile with the operator or are not currently logged in.

This information (including your IP address) is transmitted directly from your browser to a server of the operator and stored there. If you are logged in to the operator, the operator can directly associate your visit to our website with your account. If you interact with the plugins, for example, by clicking a button, this information is also transmitted directly to a server of the operator and stored there.

In addition, the information may be published on your account and displayed to your contacts there.

The operator may use this information for the purposes of advertising, market research, and tailoring its pages to meet your needs. For this purpose, the operator creates user, interest, and relationship profiles, e.g., to evaluate your use of our website with regard to the advertisements displayed to you by the operator, to inform other users about your activities on our website, and to provide other services related to the use of the network.

If you do not want the operator to assign the data collected via our website to your account, you must log out of the operator before visiting our website.

The purpose and scope of data collection and the further processing and use of the data by the operators, as well as your rights and setting options for protecting your privacy, can be found in the data protection information of the respective operators.

We use social media plug-ins based on Art. 6 (1) (a) GDPR. This means that we only use them with the consent of the data subject via our consent banner. The purpose of these plug-ins is to enhance communication with users, for example, through customer feedback.

Social media presences

For communication and information of users as well as for advertising purposes, we are present on the following social networks:

  • YouTube
  • Instagram
  • TikTok

We process the data obtained via social media presences only for the purposes stated on the legal basis

  • the voluntary information of the data subject in accordance with Art. 6 (1) (a) GDPR
  • the performance of a contract or to carry out pre-contractual measures pursuant to Art. 6 (1) (b) GDPR or
  • through the legitimate interest of effectively processing the enquiries addressed to the company in accordance with Art. 6 (1) (f) GDPR.

Social network operators generally process user data for market research and advertising purposes. Based on user interests and usage behavior, user profiles can be created to display advertisements, both within and outside the network, that match the user's profile and interests.

For further information on processing, options for objection and assertion of data subject rights, please refer to the privacy policies of the respective provider.

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

( https://policies.google.com/privacy )

Data processing agreement: https://www.youtube.com/t/terms_dataprocessing

Instagram

Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

( https://de-de.facebook.com/privacy/policy/?entry_point=facebook_page_footer )

TikTok

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

( https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE )

Your rights

As a data subject, you have the opportunity to assert your rights under the General Data Protection Regulation. These include the following rights:

Right to information under Article 15 GDPR

You have the right to request information about the data we store about you. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details. An informal request via email or post is sufficient. You will receive the requested information within one month of receipt of your letter.

Right to rectification under Article 16 GDPR

If we have collected or stored inaccurate personal data about you, you can request that this data be corrected or completed via an informal request. You will receive information about the change to your data within one month of receiving your request.

Right to erasure under Article 17 GDPR

You have the right to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims. However, this requires that the purposes for which the data was collected no longer apply, or that you have objected to the processing pursuant to Article 21 GDPR, you have withdrawn your consent pursuant to Article 7 GDPR, or the processing is unlawful.

Right to restriction of processing under Article 18 GDPR

You have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful but you refuse to delete it, and if we no longer need the data, but you require it to assert, exercise, or defend legal claims, or if you have objected to the processing pursuant to Art. 21 GDPR. You can also notify us of this informally.

Right to data portability under Article 20 GDPR

You have the option of receiving the data we have stored about you in a structured, common and machine-readable format or of requesting that it be transmitted to another responsible party.

Right of withdrawal for consents according to Art. 7 para. 3 GDPR

You have the right to revoke your consent at any time. This means that we may no longer continue the data processing based on this consent in the future and

Right of objection under Article 21 GDPR

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data if there are reasons for doing so that arise from your particular situation or if the objection is directed against direct advertising.

In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

If you would like to exercise your right of withdrawal or objection, simply send an email to hello@lvate.de .

Right to lodge a complaint under Article 77 GDPR

You have the right to lodge a complaint with a supervisory authority. You can do so by contacting the supervisory authority at your usual place of residence or work, or at our headquarters.

Definitions according to Art. 4 GDPR

“personal data”

any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"Processing"

any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Restriction of processing”

the marking of stored personal data with the aim of restricting its future processing;

“Profiling”

any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

“person responsible”

the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Processor”

a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

"Recipient"

a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be considered recipients; the processing of those data by those authorities shall be in compliance with the applicable data protection rules and in accordance with the purposes of the processing;

“Third”

a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons authorised to process personal data under the direct authority of the controller or processor;

"Consent"

any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

“genetic data”

personal data relating to the inherited or acquired genetic characteristics of a natural person which provide unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from that natural person;

“Health data”

personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about that person’s health status;

"Company"

a natural or legal person carrying out an economic activity, regardless of its legal form, including partnerships or associations regularly carrying out an economic activity;

“supervisory authority”

an independent public authority established by a Member State pursuant to Article 51;

Currentness and changes to this privacy policy

This privacy policy is currently valid and is dated 23.12.2022

Created and verified by Datavise – Data security from experts

contact

Schreiben Sie uns

Kontaktdaten

address

LVATE Face Aesthetics
Ottostrasse 1/Lenbachplatz 1
80333 Munich

phone

+49 89 38038749

E-mail

munich@lvate.de

Data protection