Privacy Policy
Thank you very much for your interest in our company. Data protection is very important to the management of REGIS GmbH. The webpages of REGIS GmbH can generally be used without having to provide any personal data. However, if a person wishes to make use of special services offered by our company via our website, it may be necessary to process personal data. Should the processing of personal data be necessary and there is no legal basis for the processing, we will generally obtain the consent of the data subject.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you wish to use (eg shopping cart function) are processed on the basis of Art. 6(1)(f) GDPR saved. The website operator has a legitimate interest in the storage of cookies for the technically correct and optimized provision of its services. Insofar as other cookies (such as cookies for analyzing your surfing behavior) are stored, they will be treated separately in this privacy policy.
5. Security measures, SSL encryption
We take the latest technical and organisational security measures to protect your personal data against accidental or unlawful deletion, alteration and loss, as well as unauthorised disclosure or access.
Your data will only be shared with the shipping company responsible for the delivery, provided that this is necessary for delivering the goods. Under no circumstances will your data be shared with third parties.
Our website uses SSL encryption when transmitting confidential or personal content relating to our users.
To ensure that your data is secure during transmission, we use state-of-the-art encryption procedures (SSL) via HTTPS. This encryption is activated, for instance, when processing the shopping cart or when you send us enquiries via our website. SSL-encrypted data cannot be read by third parties.
6. Contacting us via contact forms, email, telephone or fax
As required by the legal provisions, the website of REGIS GmbH contains information (including an email address) that enables people to establish contact with our company quickly by electronic means or to communicate directly with us.
Contact Form
When the data subject contacts the data controller via one of the contact forms, the personal data transmitted by the data subject is automatically stored. Such personal data that is transmitted voluntarily by the data subject to the data controller is stored for processing purposes or for contacting the data subject. It is not shared with third parties.
The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time by sending us a simple message by email. This will not affect the lawfulness of the data processing carried out up until the withdrawal of consent.
The data that you send us as part of your enquiries will be stored by us until you request that we delete it, until you withdraw your consent to us storing it, or until the purpose for which it was stored no longer applies (e.g. after your request has been processed). The mandatory legal provisions – particularly statutory retention periods – apply in addition.
Email, telephone or fax
If you contact us by email, telephone or fax, your enquiry including all associated personal data (name, message) will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent. The data is processed on the basis of Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for taking pre-contractual steps. In all other cases, the processing is based on your consent (Art. 6(1)(a) GDPR) and/or on our legitimate interests (Art. 6(1)(f) GDPR), as we have a legitimate interest in effectively processing the enquiries sent to us.
The data that you send us as part of your enquiries will be stored by us until you request that we delete it, until you withdraw your consent to us storing it, or until the purpose for which it was stored no longer applies (e.g. after your request has been processed). The mandatory legal provisions – particularly statutory retention periods – apply in addition.
7. Registering on our website
The data subject can register on the website of the data controller by providing personal data. Which personal data is transmitted to the data controller during this process can be seen in the input fields that are used for the registration. The personal data entered by the data subject is collected and stored solely for internal use by the data controller and for its own purposes. The data controller may arrange for the data to be shared with one or more processors, such as a parcel service, which will likewise use the personal data solely for internal purposes on behalf of the data controller.
When registering on the website of the data controller, the date and time of the registration is also stored. We store this data because we believe this is the only way to prevent abuse of our services, and so that the data can be used to support criminal investigations in the event of an offence. It is therefore also necessary to store the data to protect the data controller. This data is not generally shared with third parties unless there is a legal obligation to do so or unless the data needs to be shared to support criminal proceedings.
Registration of the data subject through voluntarily provision of personal data enables the data controller to offer the data subject content or services which, due to their nature, can only be offered to registered users. Registered persons are free at any time to change the personal data that they provided during registration, or to have it completely erased from the database of the data controller.
At any time upon request, the data controller will provide the data subject with information about which of their personal data is held. Furthermore, the data controller will rectify or erase personal data if requested to do so by the data subject, provided that this does not contravene any statutory retention obligations. To contact us in relation to this, please use the contact details provided at the end of this Privacy Policy.
8. Subscribing to our newsletter
On the website of REGIS GmbH, users have the option of subscribing to our company’s newsletter. Which personal data is transferred to the data controller when subscribing to the newsletter can be seen in the input fields that are used for this purpose. We only require the email address to set up the newsletter subscription. No other data is collected, or only on a voluntary basis.
REGIS GmbH sends its customers and business partners a regular newsletter, containing information about company offers. Our company newsletter can only be received by the data subject if (1) they have a valid email address and (2) they have subscribed to the newsletter. For legal reasons, a confirmation email is sent to the email address that the data subject provides when subscribing to the newsletter for the first time (double opt-in process). This confirmation email is used to check whether the owner of the email address has agreed to receive the newsletter as the data subject.
When the data subject subscribes to the newsletter, we also store in anonymous form the IP address assigned by their Internet service provider (ISP) for the computer system used by the data subject at the time of subscribing, as well as the date and time of subscribing. This data is collected in order to be able to trace (possible) misuse of the data subject’s email address at a later point in time; it therefore serves to safeguard the data controller in a legal sense.
The personal data that is collected during the newsletter subscription process is only used to send our newsletter and is not shared with any third parties. Furthermore, subscribers to the newsletter can be informed by email should this be necessary in relation to operating or subscribing to the newsletter service (e.g. changes to the newsletter service itself or to the technical conditions). The personal data collected in connection with the newsletter service is not shared with third parties. The data subject can cancel their subscription to our newsletter at any time. Furthermore, the data subject can at any time withdraw the consent they have given us to store their personal data for the purpose of sending the newsletter. A link is provided in each newsletter for the purpose of withdrawing the consent and/or unsubscribing from the newsletter. The data subject can also unsubscribe from the newsletter at any time directly on the website of the data controller or by informing the data controller in another way. To contact us in relation to this, please use the contact details provided at the end of this Privacy Policy.
The personal data of the data subject (e.g. their name, postal address, email address or telephone number) is always processed in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations that apply to REGIS GmbH. With this Privacy Policy, our company wishes to inform the public about how, why and to what extent we collect, use and process personal data. This Privacy Policy also informs data subjects of their corresponding rights.
As the data controller, REGIS GmbH has taken numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. However, because transferring data over the Internet can generally be prone to security vulnerabilities, complete protection cannot be guaranteed. For this reason, every data subject is free to provide us with personal data by alternative means (e.g. telephone).
1. Definitions
The Privacy Policy of REGIS GmbH is based on the terminology used by the European regulators and legislators when issuing the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understood by both the public and our customers and business partners. In order to ensure that it is, we would like to first of all explain the terminology.
The Privacy Policy of REGIS GmbH is based on the terminology used by the European regulators and legislators when issuing the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understood by both the public and our customers and business partners. In order to ensure that it is, we would like to first of all explain the terminology.
In this Privacy Policy, we use the following terms, among others:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(b) Data subject
Data subject means all identified or identifiable natural persons whose personal data is processed by the data controller.
c) Processing
Processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller, data controller
Controller or data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient means a natural or legal person, public authority, agency or another body to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(b) Data subject
Data subject means all identified or identifiable natural persons whose personal data is processed by the data controller.
c) Processing
Processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller, data controller
Controller or data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient means a natural or legal person, public authority, agency or another body to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the data controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws that apply in the Member States of the European Union, as well as other data protection-related provisions, is:
The controller within the meaning of the General Data Protection Regulation, other data protection laws that apply in the Member States of the European Union, as well as other data protection-related provisions, is:
REGIS GmbH
Albert-Einstein-Strasse 11
53501 Grafschaft
Germany
Tel.: +49 2225 / 91 54 - 0
Fax: +49 2225 / 91 54 - 23
Email: info@regis.de
Albert-Einstein-Strasse 11
53501 Grafschaft
Germany
Tel.: +49 2225 / 91 54 - 0
Fax: +49 2225 / 91 54 - 23
Email: info@regis.de
Website: www.regis.de
3. Collection of general data and information (server log files)
The website of REGIS GmbH collects a range of general data and information each time it is accessed by the data subject or an automated system. This general data and information is stored in server log files and may include the following: (1) the browser type and version, (2) the operating system of the requesting system, (3) the webpage from which a requesting system accesses our website (‘referrer’), (4) the subpages on our website that are accessed via a requesting system, (5) the date and time that the website is accessed, (6) the Internet Protocol address (IP address), (7) the Internet service provider of the requesting system and (8) other similar data and information that serves to avert danger in the event of attacks on our IT systems.
The website of REGIS GmbH collects a range of general data and information each time it is accessed by the data subject or an automated system. This general data and information is stored in server log files and may include the following: (1) the browser type and version, (2) the operating system of the requesting system, (3) the webpage from which a requesting system accesses our website (‘referrer’), (4) the subpages on our website that are accessed via a requesting system, (5) the date and time that the website is accessed, (6) the Internet Protocol address (IP address), (7) the Internet service provider of the requesting system and (8) other similar data and information that serves to avert danger in the event of attacks on our IT systems.
REGIS GmbH cannot use this general data and information to personally identify the data subject. Rather, this information is needed (1) to deliver the content of our website correctly, (2) to optimise the content of our website and the advertising of it, (3) to ensure that our IT systems and website technology remain permanently functional and (4) to provide law enforcement authorities with the information needed for prosecution purposes in the event of a cyberattack. This anonymously collected data and information is therefore analysed by REGIS GmbH statistically as well as with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimum level of protection of the personal data that we process.
The anonymous data of the server log files is stored separately from all personal data provided by the data subject in Germany.
4. Cookies
On the webpages of REGIS GmbH, we use ‘session cookies’ to make it easier for you to use our website. These are small text files that are stored on your hard drive only for the duration of your visit to our website and, depending on your browser settings, are deleted again at the end of the browser session. These cookies do not retrieve any information about you that is stored on your hard drive and they do not harm your PC or its files. Most browsers are configured to accept cookies automatically. However, you can block cookies or configure your browser to inform you when cookies are placed.
The anonymous data of the server log files is stored separately from all personal data provided by the data subject in Germany.
4. Cookies
On the webpages of REGIS GmbH, we use ‘session cookies’ to make it easier for you to use our website. These are small text files that are stored on your hard drive only for the duration of your visit to our website and, depending on your browser settings, are deleted again at the end of the browser session. These cookies do not retrieve any information about you that is stored on your hard drive and they do not harm your PC or its files. Most browsers are configured to accept cookies automatically. However, you can block cookies or configure your browser to inform you when cookies are placed.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you wish to use (eg shopping cart function) are processed on the basis of Art. 6(1)(f) GDPR saved. The website operator has a legitimate interest in the storage of cookies for the technically correct and optimized provision of its services. Insofar as other cookies (such as cookies for analyzing your surfing behavior) are stored, they will be treated separately in this privacy policy.
5. Security measures, SSL encryption
We take the latest technical and organisational security measures to protect your personal data against accidental or unlawful deletion, alteration and loss, as well as unauthorised disclosure or access.
Your data will only be shared with the shipping company responsible for the delivery, provided that this is necessary for delivering the goods. Under no circumstances will your data be shared with third parties.
Our website uses SSL encryption when transmitting confidential or personal content relating to our users.
To ensure that your data is secure during transmission, we use state-of-the-art encryption procedures (SSL) via HTTPS. This encryption is activated, for instance, when processing the shopping cart or when you send us enquiries via our website. SSL-encrypted data cannot be read by third parties.
6. Contacting us via contact forms, email, telephone or fax
As required by the legal provisions, the website of REGIS GmbH contains information (including an email address) that enables people to establish contact with our company quickly by electronic means or to communicate directly with us.
Contact Form
When the data subject contacts the data controller via one of the contact forms, the personal data transmitted by the data subject is automatically stored. Such personal data that is transmitted voluntarily by the data subject to the data controller is stored for processing purposes or for contacting the data subject. It is not shared with third parties.
The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time by sending us a simple message by email. This will not affect the lawfulness of the data processing carried out up until the withdrawal of consent.
The data that you send us as part of your enquiries will be stored by us until you request that we delete it, until you withdraw your consent to us storing it, or until the purpose for which it was stored no longer applies (e.g. after your request has been processed). The mandatory legal provisions – particularly statutory retention periods – apply in addition.
Email, telephone or fax
If you contact us by email, telephone or fax, your enquiry including all associated personal data (name, message) will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent. The data is processed on the basis of Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for taking pre-contractual steps. In all other cases, the processing is based on your consent (Art. 6(1)(a) GDPR) and/or on our legitimate interests (Art. 6(1)(f) GDPR), as we have a legitimate interest in effectively processing the enquiries sent to us.
The data that you send us as part of your enquiries will be stored by us until you request that we delete it, until you withdraw your consent to us storing it, or until the purpose for which it was stored no longer applies (e.g. after your request has been processed). The mandatory legal provisions – particularly statutory retention periods – apply in addition.
7. Registering on our website
The data subject can register on the website of the data controller by providing personal data. Which personal data is transmitted to the data controller during this process can be seen in the input fields that are used for the registration. The personal data entered by the data subject is collected and stored solely for internal use by the data controller and for its own purposes. The data controller may arrange for the data to be shared with one or more processors, such as a parcel service, which will likewise use the personal data solely for internal purposes on behalf of the data controller.
When registering on the website of the data controller, the date and time of the registration is also stored. We store this data because we believe this is the only way to prevent abuse of our services, and so that the data can be used to support criminal investigations in the event of an offence. It is therefore also necessary to store the data to protect the data controller. This data is not generally shared with third parties unless there is a legal obligation to do so or unless the data needs to be shared to support criminal proceedings.
Registration of the data subject through voluntarily provision of personal data enables the data controller to offer the data subject content or services which, due to their nature, can only be offered to registered users. Registered persons are free at any time to change the personal data that they provided during registration, or to have it completely erased from the database of the data controller.
At any time upon request, the data controller will provide the data subject with information about which of their personal data is held. Furthermore, the data controller will rectify or erase personal data if requested to do so by the data subject, provided that this does not contravene any statutory retention obligations. To contact us in relation to this, please use the contact details provided at the end of this Privacy Policy.
8. Subscribing to our newsletter
On the website of REGIS GmbH, users have the option of subscribing to our company’s newsletter. Which personal data is transferred to the data controller when subscribing to the newsletter can be seen in the input fields that are used for this purpose. We only require the email address to set up the newsletter subscription. No other data is collected, or only on a voluntary basis.
REGIS GmbH sends its customers and business partners a regular newsletter, containing information about company offers. Our company newsletter can only be received by the data subject if (1) they have a valid email address and (2) they have subscribed to the newsletter. For legal reasons, a confirmation email is sent to the email address that the data subject provides when subscribing to the newsletter for the first time (double opt-in process). This confirmation email is used to check whether the owner of the email address has agreed to receive the newsletter as the data subject.
When the data subject subscribes to the newsletter, we also store in anonymous form the IP address assigned by their Internet service provider (ISP) for the computer system used by the data subject at the time of subscribing, as well as the date and time of subscribing. This data is collected in order to be able to trace (possible) misuse of the data subject’s email address at a later point in time; it therefore serves to safeguard the data controller in a legal sense.
The personal data that is collected during the newsletter subscription process is only used to send our newsletter and is not shared with any third parties. Furthermore, subscribers to the newsletter can be informed by email should this be necessary in relation to operating or subscribing to the newsletter service (e.g. changes to the newsletter service itself or to the technical conditions). The personal data collected in connection with the newsletter service is not shared with third parties. The data subject can cancel their subscription to our newsletter at any time. Furthermore, the data subject can at any time withdraw the consent they have given us to store their personal data for the purpose of sending the newsletter. A link is provided in each newsletter for the purpose of withdrawing the consent and/or unsubscribing from the newsletter. The data subject can also unsubscribe from the newsletter at any time directly on the website of the data controller or by informing the data controller in another way. To contact us in relation to this, please use the contact details provided at the end of this Privacy Policy.
9. Newsletter tracking
REGIS GmbH uses CleverReach to send its newsletters. The service is provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is used to organise and analyse the distribution of newsletters. The data that you enter when subscribing to the newsletter (e.g. email address) is stored on CleverReach’s servers in Germany and Ireland. The newsletters contain ‘tracking pixels’. A tracking pixel is a thumbnail image embedded in emails that are sent in HTML format, in order to enable log file recording and log file analysis. This then makes it possible to analyse the success or failure of online marketing campaigns. From the embedded pixel code, REGIS GmbH can see whether and when an email was opened by the data subject, and which links in the email were clicked on by the data subject.
Such personal data that is collected via the tracking pixels contained in the newsletters is stored and analysed by the data controller in order to optimise the newsletter distribution and to tailor the content of future newsletters even more closely to the interests of the data subject. This personal data is not shared with third parties. Data subjects are entitled at any time to withdraw the corresponding consent that they have provided separately via the double opt-in process. After the consent has been withdrawn, the personal data will be erased by the data controller. Unsubscribing from the newsletter will automatically be interpreted by REGIS GmbH as a withdrawal of consent.
For more information, see the CleverReach privacy policy at https://www.cleverreach.com/en/privacy-policy/.
10. Routine deletion and blocking of personal data
The data controller will process and store the data subject’s personal data only for the amount of time needed to fulfil the purpose of the storage, or for the period prescribed by the European regulators and legislators or another legislator in laws or regulations that apply to the data controller.
If the purpose of the storage no longer applies or if a storage period prescribed by the European regulators and legislators or another relevant legislator expires, the personal data will be blocked routinely and in accordance with the statutory provisions or deleted at the end of the following year.
11. Rights of the data subject
a) Right of access
The European regulators and legislators have granted all data subjects the right to request confirmation from the data controller as to whether personal data relating to them is being processed. If the data subject wishes to exercise this right of access, they can do so at any time using the contact data provided at the end of this Privacy Policy.
b) Right to be informed
REGIS GmbH uses CleverReach to send its newsletters. The service is provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is used to organise and analyse the distribution of newsletters. The data that you enter when subscribing to the newsletter (e.g. email address) is stored on CleverReach’s servers in Germany and Ireland. The newsletters contain ‘tracking pixels’. A tracking pixel is a thumbnail image embedded in emails that are sent in HTML format, in order to enable log file recording and log file analysis. This then makes it possible to analyse the success or failure of online marketing campaigns. From the embedded pixel code, REGIS GmbH can see whether and when an email was opened by the data subject, and which links in the email were clicked on by the data subject.
Such personal data that is collected via the tracking pixels contained in the newsletters is stored and analysed by the data controller in order to optimise the newsletter distribution and to tailor the content of future newsletters even more closely to the interests of the data subject. This personal data is not shared with third parties. Data subjects are entitled at any time to withdraw the corresponding consent that they have provided separately via the double opt-in process. After the consent has been withdrawn, the personal data will be erased by the data controller. Unsubscribing from the newsletter will automatically be interpreted by REGIS GmbH as a withdrawal of consent.
For more information, see the CleverReach privacy policy at https://www.cleverreach.com/en/privacy-policy/.
10. Routine deletion and blocking of personal data
The data controller will process and store the data subject’s personal data only for the amount of time needed to fulfil the purpose of the storage, or for the period prescribed by the European regulators and legislators or another legislator in laws or regulations that apply to the data controller.
If the purpose of the storage no longer applies or if a storage period prescribed by the European regulators and legislators or another relevant legislator expires, the personal data will be blocked routinely and in accordance with the statutory provisions or deleted at the end of the following year.
11. Rights of the data subject
a) Right of access
The European regulators and legislators have granted all data subjects the right to request confirmation from the data controller as to whether personal data relating to them is being processed. If the data subject wishes to exercise this right of access, they can do so at any time using the contact data provided at the end of this Privacy Policy.
b) Right to be informed
The European regulators and legislators have granted all data subjects the right to request at any time (free of charge) that the data controller provides them with information about which of their personal data is being held, as well as the right to receive a copy of that information. In addition, the European regulators and legislators have granted the data subject the right to request the following information:
If the data subject wishes to exercise this right to be informed, they can do so at any time using the contact details provided at the end of this Privacy Policy.
- the processing purposes
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, especially recipients in third countries and international organisations
- if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
- the existence of the right to rectification or erasure of personal data, the right to restriction of processing by the data controller, or the right to object to processing
- the existence of the right to lodge a complaint with a supervisory authority
- if the personal data is not collected from the data subject: all available information concerning the origin of the data
- the existence of an automated decision-making process including profiling pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as
well as the scope and intended effects of this processing on the data subject
If the data subject wishes to exercise this right to be informed, they can do so at any time using the contact details provided at the end of this Privacy Policy.
c) Right to rectification
The European regulators and legislators have granted all data subjects the right to request that their personal data is rectified immediately if it is inaccurate. Depending on the processing purpose, the data subject also has the right to request the completion of incomplete personal data; this may involve providing a supplementary statement to the incomplete data.
If the data subject wishes to exercise this right to rectification, they can do so at any time using the contact details provided at the end of this Privacy Policy.
d) Right to erasure (right to be forgotten)
The European regulators and legislators have granted all data subjects the right to demand that the data controller immediately erases their personal data if one of the following reasons applies and if the processing is not necessary:
If the personal data has been made public by REGIS GmbH, and if our company is obliged to delete the personal data in accordance with Art. 17(1) GDPR, then REGIS GmbH, taking into account the available technology and the implementation costs, will take appropriate measures (including technical ones) to inform other data controllers who process the published personal data that the data subject has requested that they delete all links to this personal data or copies or replications of the data if processing is not necessary. The employees of REGIS GmbH will initiate the necessary steps in individual cases.
e) Right to restrict processing
The European regulators and legislators have granted all data subjects the right to request that their personal data is rectified immediately if it is inaccurate. Depending on the processing purpose, the data subject also has the right to request the completion of incomplete personal data; this may involve providing a supplementary statement to the incomplete data.
If the data subject wishes to exercise this right to rectification, they can do so at any time using the contact details provided at the end of this Privacy Policy.
d) Right to erasure (right to be forgotten)
The European regulators and legislators have granted all data subjects the right to demand that the data controller immediately erases their personal data if one of the following reasons applies and if the processing is not necessary:
- The personal data has been collected or otherwise processed for purposes for which it is no longer needed.
- The data subject withdraws their consent on which the processing was based pursuant to Art. 6(1)(a) GDPR or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
- The data subject objects to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing in accordance with Art. 21(2) GDPR.
- The personal data has been processed unlawfully.
- The deletion of personal data is necessary to fulfil a legal obligation under Union law or the Member State law that applies to the controller.
- The personal data was collected in relation to information society services offered pursuant to Art. 8(1) GDPR.
If the personal data has been made public by REGIS GmbH, and if our company is obliged to delete the personal data in accordance with Art. 17(1) GDPR, then REGIS GmbH, taking into account the available technology and the implementation costs, will take appropriate measures (including technical ones) to inform other data controllers who process the published personal data that the data subject has requested that they delete all links to this personal data or copies or replications of the data if processing is not necessary. The employees of REGIS GmbH will initiate the necessary steps in individual cases.
e) Right to restrict processing
The European regulators and legislators have granted all data subjects the right to request that the data controller restricts the processing of their personal data if one of the following reasons applies:
- The accuracy of the personal data is contested by the data subject; in such case, processing can be restricted while the accuracy is being verified by the controller.
- The personal data has been unlawfully processed and, instead of erasure, the data subject requests restriction of use.
- The controller no longer needs the personal data for the processing purposes, but the data subject needs it to establish, exercise or defend legal rights.
- The data subject has objected to the processing in accordance with Art. 21(1) GDPR and it is not yet clear whether the legitimate reasons of the controller override those of the data subject.
f) Right to data portability
The European regulators and legislators have granted all data subjects the right to request that the personal data that they have provided to the controller is made available to them in a structured, commonly used and machine-readable format. The data subject also has the right to send this data to another controller without interference from the data controller to whom the personal data has been made available, provided that the processing is based on the consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the controller to carry out a task that is related to exercising official authority or in the public interest.
When exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject also has the right to have the personal data transferred directly from one controller to another, insofar as this is technically feasible and does not infringe the rights and freedoms of other persons.
If the data subject wishes to exercise their right to data transferability, they can do so at any time using the contact details provided at the end of this Privacy Policy.
g) Right to object
The European regulators and legislators have granted all data subjects the right to object at any time, on grounds relating to their particular situation, to their personal data being processed on the basis of Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
If the data subject exercises their right to object, REGIS GmbH will no longer process their personal data, unless we can provide compelling legitimate grounds for doing so that outweigh their interests, rights and freedoms, or if the processing is necessary for establishing, exercising or defending legal rights.
If REGIS GmbH processes personal data for the purpose of conducting direct marketing, the data subject has the right to object at any time to their personal data being processed for this purpose. This also applies to profiling if it is related to such direct marketing. If the data subject objects to REGIS GmbH processing the data for direct marketing purposes, then REGIS GmbH will no longer process the personal data for these purposes.
Furthermore, the data subject has the right, on grounds relating to their particular situation, to object to their personal data being processed by REGIS GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for carrying out a task in the public interest.
If the data subject wishes to exercise their right to object, they can do so at any time using the contact details provided at the end of this Privacy Policy.
Furthermore, in connection with the use of information society services, the data subject is also free to exercise their right to object by automated means using technical specifications, notwithstanding Directive 2002/58/EC.
h) Automated decision-making in individual cases, including profiling
The European regulators and legislators have granted all data subjects the right to not be subjected to solely automated decision-making (including profiling) that has legal or similarly significant effects on them, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is permitted under Union or Member State law that applies to the controller, and these legal provisions contain adequate measures to protect the rights, freedoms and legitimate interests of the data subject, or (3) is made with the explicit consent of the data subject.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller or (2) is made with the explicit consent of the data subject, REGIS GmbH will take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right to human intervention on the part of the controller, the right to put forward one’s own position and the right to contest the decision.
If the data subject wishes to exercise rights relating to automated decision-making, they can do so at any time using the contact details provided at the end of this Privacy Policy.
i) Right to withdraw consent
The European regulators and legislators have granted all data subjects the right to withdraw at any time their consent to the processing of personal data.
If the data subject wishes to exercise their right to withdraw consent, they can do so at any time using the contact details provided at the end of this Privacy Policy.
The European regulators and legislators have granted all data subjects the right to request that the personal data that they have provided to the controller is made available to them in a structured, commonly used and machine-readable format. The data subject also has the right to send this data to another controller without interference from the data controller to whom the personal data has been made available, provided that the processing is based on the consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the controller to carry out a task that is related to exercising official authority or in the public interest.
When exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject also has the right to have the personal data transferred directly from one controller to another, insofar as this is technically feasible and does not infringe the rights and freedoms of other persons.
If the data subject wishes to exercise their right to data transferability, they can do so at any time using the contact details provided at the end of this Privacy Policy.
g) Right to object
The European regulators and legislators have granted all data subjects the right to object at any time, on grounds relating to their particular situation, to their personal data being processed on the basis of Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
If the data subject exercises their right to object, REGIS GmbH will no longer process their personal data, unless we can provide compelling legitimate grounds for doing so that outweigh their interests, rights and freedoms, or if the processing is necessary for establishing, exercising or defending legal rights.
If REGIS GmbH processes personal data for the purpose of conducting direct marketing, the data subject has the right to object at any time to their personal data being processed for this purpose. This also applies to profiling if it is related to such direct marketing. If the data subject objects to REGIS GmbH processing the data for direct marketing purposes, then REGIS GmbH will no longer process the personal data for these purposes.
Furthermore, the data subject has the right, on grounds relating to their particular situation, to object to their personal data being processed by REGIS GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for carrying out a task in the public interest.
If the data subject wishes to exercise their right to object, they can do so at any time using the contact details provided at the end of this Privacy Policy.
Furthermore, in connection with the use of information society services, the data subject is also free to exercise their right to object by automated means using technical specifications, notwithstanding Directive 2002/58/EC.
h) Automated decision-making in individual cases, including profiling
The European regulators and legislators have granted all data subjects the right to not be subjected to solely automated decision-making (including profiling) that has legal or similarly significant effects on them, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is permitted under Union or Member State law that applies to the controller, and these legal provisions contain adequate measures to protect the rights, freedoms and legitimate interests of the data subject, or (3) is made with the explicit consent of the data subject.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller or (2) is made with the explicit consent of the data subject, REGIS GmbH will take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right to human intervention on the part of the controller, the right to put forward one’s own position and the right to contest the decision.
If the data subject wishes to exercise rights relating to automated decision-making, they can do so at any time using the contact details provided at the end of this Privacy Policy.
i) Right to withdraw consent
The European regulators and legislators have granted all data subjects the right to withdraw at any time their consent to the processing of personal data.
If the data subject wishes to exercise their right to withdraw consent, they can do so at any time using the contact details provided at the end of this Privacy Policy.
12. Data protection in the context of applications and the application process
The data controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends their application documents to the data controller by electronic means, such as by email or via an online form on the website. If the data controller concludes an employment contract with an applicant, the transferred data is stored for the purpose of executing the employment relationship in accordance with the legal provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after the applicant has been notified that their application has been unsuccessful, provided that the deletion would not be in conflict with other legitimate interests of the data controller. Other legitimate interests in this sense include the duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
13. Legal grounds for data processing
Art. 6(1)(a) GDPR serves as the legal basis for our company with regard to processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6(1)(b) GDPR; this may be the case, for instance, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration. The same applies to processing operations that are necessary for taking pre-contractual steps, such as in the case of enquiries about our products or services. If our company is subject to a legal obligation that requires personal data to be processed, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for instance, if someone visiting our company suffered an injury, making it necessary to share their name, age, health insurance details or other vital information with a doctor, hospital or other third party. In such instance, the processing would be based on Art. 6(1)(d) GDPR. Lastly, processing operations may be based on Art. 6(1)(f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that these are not overridden by the interests, fundamental rights and basic freedoms of the data subject. We are especially permitted to carry out such processing operations because they have been specifically mentioned by the European legislators, who took the view that a legitimate interest can be assumed if the data subject is a customer of the controller (recital 47(2) GDPR).
14. Legitimate interests in processing that are respected by the controller or by a third party
If personal data is processed on the basis of Art. 6(1)(f) GDPR, our legitimate interest is conducting our business for the benefit of all our employees and shareholders.
15. Duration for which personal data is stored
The criterion for the storage duration of personal data is the legal retention period that applies in each case. After expiry of this period, the corresponding data is routinely deleted at the end of the following year, unless it is no longer required to perform or initiate a contract.
16. Legal or contractual provisions concerning the provision of personal data; requirement for concluding a contract; obligation of the data subject to provide personal data; possible consequences of not providing personal data
We make you aware that the provision of personal data is partly required by law (e.g. tax regulations) or may be required due to contractual provisions (e.g. details of the contracting partner). To conclude a contract, it may sometimes be necessary for the data subject to provide us with personal data that subsequently needs to be processed by us. For example, the data subject is obliged to provide us with personal data when they conclude a contract with our company. If the necessary personal data is not provided, it would not be possible to conclude the contract with the data subject. Before the data subject provides personal data, they can contact one of our employees. Our employee will inform the data subject in each case whether the provision of personal data is required by law or contract or is necessary in order to conclude a contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
17. Existence of an automated decision-making process
As a responsible company, we choose not to engage in automated decision-making or profiling.
The data controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends their application documents to the data controller by electronic means, such as by email or via an online form on the website. If the data controller concludes an employment contract with an applicant, the transferred data is stored for the purpose of executing the employment relationship in accordance with the legal provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after the applicant has been notified that their application has been unsuccessful, provided that the deletion would not be in conflict with other legitimate interests of the data controller. Other legitimate interests in this sense include the duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
13. Legal grounds for data processing
Art. 6(1)(a) GDPR serves as the legal basis for our company with regard to processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6(1)(b) GDPR; this may be the case, for instance, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration. The same applies to processing operations that are necessary for taking pre-contractual steps, such as in the case of enquiries about our products or services. If our company is subject to a legal obligation that requires personal data to be processed, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for instance, if someone visiting our company suffered an injury, making it necessary to share their name, age, health insurance details or other vital information with a doctor, hospital or other third party. In such instance, the processing would be based on Art. 6(1)(d) GDPR. Lastly, processing operations may be based on Art. 6(1)(f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that these are not overridden by the interests, fundamental rights and basic freedoms of the data subject. We are especially permitted to carry out such processing operations because they have been specifically mentioned by the European legislators, who took the view that a legitimate interest can be assumed if the data subject is a customer of the controller (recital 47(2) GDPR).
14. Legitimate interests in processing that are respected by the controller or by a third party
If personal data is processed on the basis of Art. 6(1)(f) GDPR, our legitimate interest is conducting our business for the benefit of all our employees and shareholders.
15. Duration for which personal data is stored
The criterion for the storage duration of personal data is the legal retention period that applies in each case. After expiry of this period, the corresponding data is routinely deleted at the end of the following year, unless it is no longer required to perform or initiate a contract.
16. Legal or contractual provisions concerning the provision of personal data; requirement for concluding a contract; obligation of the data subject to provide personal data; possible consequences of not providing personal data
We make you aware that the provision of personal data is partly required by law (e.g. tax regulations) or may be required due to contractual provisions (e.g. details of the contracting partner). To conclude a contract, it may sometimes be necessary for the data subject to provide us with personal data that subsequently needs to be processed by us. For example, the data subject is obliged to provide us with personal data when they conclude a contract with our company. If the necessary personal data is not provided, it would not be possible to conclude the contract with the data subject. Before the data subject provides personal data, they can contact one of our employees. Our employee will inform the data subject in each case whether the provision of personal data is required by law or contract or is necessary in order to conclude a contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
17. Existence of an automated decision-making process
As a responsible company, we choose not to engage in automated decision-making or profiling.
18. Privacy policy for the use of Google AdWords
The data controller has integrated Google AdWords on this website. Google AdWords is an online advertising service that allows advertisers to publish ads both in Google search engine results and within the Google advertising network. Google AdWords enables an advertiser to pre-define certain keywords that will be used to display an ad in Google’s search engine results only when a user performs a search-engine search containing those keywords. In the Google advertising network, the ads are distributed to content-relevant websites by means of an automatic algorithm on the basis of the pre-defined keywords.
The Google AdWords service is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
We use Google AdWords for the purpose of promoting our website by displaying interest-based ads on the websites of third parties and in the search results of the Google search engine.
If the data subject lands on our website via a Google ad, Google places a ‘conversion cookie’ on the data subject’s computer system. What cookies are has already been explained above. A conversion cookie expires after thirty days and cannot be used to identify the data subject. If the conversion cookie has not yet expired, it can be used to track whether certain subpages, such as the shopping cart of an online shop system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a person who landed on our website via an AdWords ad generated a conversion, i.e. completed or aborted the purchase process.
The data and information collected through using the conversion cookie is used by Google to compile visitor statistics for our website. These visitor statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimise our AdWords ads for the future. Neither our company nor other Google AdWords customers receive any information from Google that could be used to personally identify them.
The conversion cookie is used to store personal information, such as the webpages visited by the data subject. Each time the data subject visits our website, personal data, including the IP address of their Internet connection, is transmitted to Google in the USA, where it is then stored by Google. The information that Google collects through the technical process may be forwarded to third parties under certain circumstances.
By changing the corresponding setting in their web browser, the data subject can at any time disable and permanently reject cookies from our website. Configuring the web browser in such a way would also prevent Google from placing a conversion cookie on the computer system of the data subject. In addition, a cookie that has already been placed by Google AdWords can be deleted at any time via the web browser or other software programs.
The data subject can also object to interest-based advertising by Google. To do so, the data subject must click on the link https://adssettings.google.com/authenticated from any web browser that they are using and configure the desired settings there.
More information and Google’s current privacy policy can be found at https://policies.google.com/privacy.
19. Privacy policy for the use of Matomo (formerly Piwik)
The data controller has integrated the component Matomo on this website. Matomo is an open-source software tool used for web analytics. Web analytics is the process of collecting and analysing data about the behaviour of website visitors. Among other things, a web analytics tool collects the following data: the website from which the data subject accesses a certain webpage (‘referrer’); which subpages of the website are accessed; how often and for how long a subpage was viewed. It may also include the access time, the location from which the visit originated, and the frequency of visits to our website. A web analytics tool is used mainly for the purpose of optimising a website and measuring the ROI of digital advertising.
The software is operated on the server of the data controller; the log files containing sensitive data are stored exclusively on this server in Germany.
The purpose of the Matomo component is to analyse visitor traffic on our website. Among other things, the data controller uses the acquired data and information to analyse the use of this website and to compile online reports about the activity on our website.
Matomo places a cookie on the computer system of the data subject. What cookies are has already been explained above. The cookie that is placed enables us to analyse the use of our website. Each time an individual page of this website is accessed, the web browser on the data subject’s computer system is automatically prompted by the Matomo component to transmit data to our server for web analytics purposes.
The IP address is anonymised immediately after processing and before being stored. We cannot associate this information with individuals and will never share it with third parties.
The data subject can disable and permanently reject cookies in Matomo by placing the following deactivation cookie in their browser.
The data controller has integrated Google AdWords on this website. Google AdWords is an online advertising service that allows advertisers to publish ads both in Google search engine results and within the Google advertising network. Google AdWords enables an advertiser to pre-define certain keywords that will be used to display an ad in Google’s search engine results only when a user performs a search-engine search containing those keywords. In the Google advertising network, the ads are distributed to content-relevant websites by means of an automatic algorithm on the basis of the pre-defined keywords.
The Google AdWords service is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
We use Google AdWords for the purpose of promoting our website by displaying interest-based ads on the websites of third parties and in the search results of the Google search engine.
If the data subject lands on our website via a Google ad, Google places a ‘conversion cookie’ on the data subject’s computer system. What cookies are has already been explained above. A conversion cookie expires after thirty days and cannot be used to identify the data subject. If the conversion cookie has not yet expired, it can be used to track whether certain subpages, such as the shopping cart of an online shop system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a person who landed on our website via an AdWords ad generated a conversion, i.e. completed or aborted the purchase process.
The data and information collected through using the conversion cookie is used by Google to compile visitor statistics for our website. These visitor statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimise our AdWords ads for the future. Neither our company nor other Google AdWords customers receive any information from Google that could be used to personally identify them.
The conversion cookie is used to store personal information, such as the webpages visited by the data subject. Each time the data subject visits our website, personal data, including the IP address of their Internet connection, is transmitted to Google in the USA, where it is then stored by Google. The information that Google collects through the technical process may be forwarded to third parties under certain circumstances.
By changing the corresponding setting in their web browser, the data subject can at any time disable and permanently reject cookies from our website. Configuring the web browser in such a way would also prevent Google from placing a conversion cookie on the computer system of the data subject. In addition, a cookie that has already been placed by Google AdWords can be deleted at any time via the web browser or other software programs.
The data subject can also object to interest-based advertising by Google. To do so, the data subject must click on the link https://adssettings.google.com/authenticated from any web browser that they are using and configure the desired settings there.
More information and Google’s current privacy policy can be found at https://policies.google.com/privacy.
19. Privacy policy for the use of Matomo (formerly Piwik)
The data controller has integrated the component Matomo on this website. Matomo is an open-source software tool used for web analytics. Web analytics is the process of collecting and analysing data about the behaviour of website visitors. Among other things, a web analytics tool collects the following data: the website from which the data subject accesses a certain webpage (‘referrer’); which subpages of the website are accessed; how often and for how long a subpage was viewed. It may also include the access time, the location from which the visit originated, and the frequency of visits to our website. A web analytics tool is used mainly for the purpose of optimising a website and measuring the ROI of digital advertising.
The software is operated on the server of the data controller; the log files containing sensitive data are stored exclusively on this server in Germany.
The purpose of the Matomo component is to analyse visitor traffic on our website. Among other things, the data controller uses the acquired data and information to analyse the use of this website and to compile online reports about the activity on our website.
Matomo places a cookie on the computer system of the data subject. What cookies are has already been explained above. The cookie that is placed enables us to analyse the use of our website. Each time an individual page of this website is accessed, the web browser on the data subject’s computer system is automatically prompted by the Matomo component to transmit data to our server for web analytics purposes.
The IP address is anonymised immediately after processing and before being stored. We cannot associate this information with individuals and will never share it with third parties.
The data subject can disable and permanently reject cookies in Matomo by placing the following deactivation cookie in their browser.
By changing the corresponding setting in their web browser, the data subject can at any time disable and permanently reject cookies from our website. Configuring the web browser this way would also prevent Matomo from placing a cookie on the data subject’s computer system. In addition, a cookie that has already been placed by Matomo can be deleted at any time via the web browser or other software programs.
The data subject can also object to and prevent the collection of data generated by Matomo in relation to the use of this website. To do so, the data subject must configure the option “Do Not Track” in their browser.
However, if the opt-out cookie is placed, the data subject may no longer be able to use all the functions of the data controller’s website.
Further information and Matomo’s current privacy policy can be found at https://matomo.org/privacy/.
20. Links to other websites
If our website contains links to other websites, REGIS GmbH is not responsible for the content of these other websites, nor does it assume any liability for data protection on such websites.
21. Links to social media providers or technical online service
Our website includes links (no plug-ins!) to the social media providers specified below. You can recognise the links by the fact that they are marked with a corresponding image.
No data or information is sent to the service providers via these links.
We do not collect any personal data ourselves through these links or through their use.
Note: If you are logged into Facebook or Google+ at the same time and you click on one of the links, Facebook or Google+ can identify you as a visitor to our site. Please refer to the privacy policies of the respective service provider for details of the specific data that is collected and how it is used.
To prevent data from being collected, simply log out of the respective account beforehand.
Our website contains links to the following companies:
Facebook Inc. (1601 S. California Ave - Palo Alto - CA 94304 - USA)
Google Plus/Google Inc. (1600 Amphitheatre Parkway - Mountain View - CA 94043 - USA)
YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
Youblisher, Latour & Zuberbühler GmbH, P.O. Box 1544, 9102 Herisau, Switzerland
22. Right to lodge a complaint with the relevant supervisory authority
In Rhineland-Palatinate, the State Commissioner for Data Protection and Freedom of Information can be contacted for this purpose:
Der Landesbeauftragte für Datenschutz und Informationsfreiheit
Rheinland-Pfalz
Postfach 30 40
55020 Mainz
Germany
Tel.: (+49 61 31) 208-2449
Fax: (+49 61 31) 208-2497
We reserve the right to amend this Privacy Policy from time to time in order to ensure that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy (e.g. when introducing new services). The new Privacy Policy will then apply on your next visit.
24. Objecting to marketing emails
Contact details published in the Legal Notice or elsewhere on this website may not be used by third parties to send advertising or other information that has not been expressly requested. The operators of the webpages expressly reserve the right to take legal action if unsolicited promotional information is sent, e.g. in the form of spam emails.
25. Contact details for enquiries, information, change requests, etc.
If you have any questions about data protection or would like to request any information or changes, please write to us by email or call us:
Email: datenschutz@regis.de
Tel.: +49 2225 / 91 54 - 12