top of page

Privacy Policy | Incase Handelsgesellschaft mbH

Status: 28 May 2024

Who we are

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

Incase Handelsgesellschaft mbH
Nordsternstraße 25
45329 Essen
Germany

+49 201 835 27 212
service@incase-gmbh.de
https://www.incaseofbeauty.com/

Contacting the Data Protection Officer

The Data Protection Officer of the controller is:

DataCo GmbH
Nymphenburger Str. 86
80636 Munich
Germany

+49 89 7400 45840
www.dataguard.de

On this page, we inform you about the processing of your personal data on our website.

How we collect and use your personal data depends on how you interact with us or which services you use. We only collect, use, or share your personal data when we have a legitimate purpose and a legal basis for doing so.

What do we mean by legal basis?

Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – You have given us your consent to process your personal data for the specific purpose explained to you. You have the right to withdraw your consent at any time. Further information on how to withdraw your consent can be found in the subsection “Exercising Your Rights” below.

Contract (Art. 6 para. 1 sentence 1 lit. b GDPR) – We must use your data to fulfill a contract you have with us. Alternatively, processing may be necessary because you requested us to take certain steps or you took steps yourself prior to entering into a contract.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) – We must use your data to comply with the law.

Vital interests (Art. 6 para. 1 sentence 1 lit. d GDPR) – Processing is necessary to protect your vital interests or those of another person, for example to protect you from serious physical harm.

Public task (Art. 6 para. 1 sentence 1 lit. e GDPR) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary to pursue a legitimate interest of ours or a third party, provided that your interests do not override those interests.

Please note that we may not be able to provide you with our website services if your data is processed to fulfill a contract or legal obligation and you do not provide the requested data.

Data sharing and international transfers

As explained in this privacy policy, we use various service providers to help us deliver our services and ensure data security. When we use such service providers, it is necessary to share your personal data with them.

All service providers receiving your data are contractually obligated to protect your data.

If personal data is transferred outside the EU, we ensure an equivalent level of protection either because the receiving country has an adequacy decision by the European Commission or through appropriate safeguards such as the EU Standard Contractual Clauses (SCCs).

When using US service providers, we rely either on SCCs or the EU–US Data Privacy Framework, depending on the provider. You may request a copy of the SCCs by emailing the address provided in this privacy policy.

Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights:

1. Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed. If so, you have the right to access such data and the following information:

  • purposes of processing

  • categories of personal data

  • recipients or categories of recipients

  • planned storage period or criteria used to determine that period

  • existence of rights to rectification, erasure, restriction, or objection

  • right to lodge a complaint with a supervisory authority

  • source of the data (if collected from a third party)

  • existence of automated decision-making, including profiling

  • transfer of personal data to third countries or international organizations

 

2. Right to rectification (Art. 16 GDPR)
You have the right to request immediate correction or completion of inaccurate or incomplete personal data.

 

3. Right to restriction of processing (Art. 18 GDPR)
You may request restriction of processing if one of the following applies:

  • you contest the accuracy of your data

  • processing is unlawful and you oppose erasure

  • we no longer need the data, but you require it for legal claims

  • you have objected to processing pending verification of overriding interests

 

4. Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
You have the right to request deletion of your personal data if, among other reasons:

  • the data is no longer necessary

  • consent is withdrawn and no other legal basis exists

  • you object to processing and no overriding legitimate grounds exist

  • data has been unlawfully processed

  • deletion is required by law

  • data was collected in relation to information society services

The above does not apply where processing is necessary for freedom of expression, legal obligations, public interest, research, or legal claims.

 

5. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, machine-readable format or request transfer to another controller.

 

6. Right to object (Art. 21 GDPR)
You have the right to object at any time to processing based on Art. 6(1)(e) or (f) GDPR, including profiling.
If data is processed for direct marketing purposes, you may object at any time.

 

7. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint if you believe processing violates GDPR.

A list of German supervisory authorities can be found here:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

bottom of page