top of page

Privacy Information for Customers and Interested Parties

Incase Handelsgesellschaft mbH


Status: 28 May 2024

We appreciate your interest in our company, our products, and our services. As the data protection controller, it is important to us that you feel comfortable when communicating with us and our employees with regard to the protection of your personal data. We take the protection of your personal data very seriously. Compliance with German and European data protection regulations is a matter of course for us. Accordingly, the protection of your personal data is our highest priority. With the following information, we would like to inform you in detail about how we handle your personal data.

1. Name and Contact Details of the Controller

The controller responsible for processing your personal data in the context of the existing customer relationship and contract initiation is:

Incase Handelsgesellschaft mbH
Nordsternstr. 25
45329 Essen
Germany

Phone: +49 201 21961118
Email: service@incase-gmbh.de
Website: https://www.incaseofbeauty.com/

2. Contact Details of the Data Protection Officer

The appointed data protection officer is:

DataCo GmbH
Sandstrasse 33
80335 Munich
Germany

Phone: +49 89 452459 900
Email: datenschutz@dataguard.de
Website: www.dataguard.de

3. Processing of Your Personal Data

a. Personal data processed by us

Within the scope of the existing customer relationship and contract initiation, we process the following personal data relating to you:

  • Address

  • Bank details

  • Customer number

  • Last name

  • First name

  • Email address

  • Mobile phone number

  • Landline phone number

  • Fax number

  • Title / salutation

  • Company / corporate affiliation (for business customers)

  • VAT identification number (for business customers)

  • Order history / purchasing behavior

  • Billing and delivery address (if different from the address)

  • Payment information (e.g. credit card number, PayPal address – stored only in pseudonymized/encrypted form)

  • Contract data (e.g. contract start, term, scope of services)

  • Correspondence (e.g. emails, chat histories, support requests)

  • Communication preferences (e.g. newsletter consent, language settings)

  • User account information (e.g. username, password – encrypted)

  • Access logs / IP address (for online portals or platforms)

  • Creditworthiness data (if lawfully obtained, e.g. for purchase on account)

  • Customer feedback, reviews, survey results

  • Any consents given (e.g. for advertising, tracking, cookies)

b. Purposes of data processing

Your personal data are processed for the following purposes within the scope of the existing customer relationship and contract initiation:

  • To process your inquiry as an interested party and respond using your contact details

  • To prepare and carry out pre-contractual measures, such as creating and sending individual offers or negotiating and transmitting contractual terms with the aim of concluding a contract

  • To store your contact details in our customer database

  • To check your creditworthiness

  • To fulfill our contractual obligations arising from the purchase contract, including the transfer of personal data to logistics providers to ensure smooth delivery of goods

  • To provide you with optimal information about our products and services, including sending (direct) advertising by email or post

  • To ensure proper billing of services rendered, including issuing invoices

  • To comply with legal obligations, such as transmitting personal data to tax authorities

  • To provide optimal customer support, including communication via email, mobile phone, landline, or fax

  • For newsletter distribution, provided you have subscribed to our newsletter

  • To fulfill post-contractual obligations

  • To assert, exercise, or defend legal claims

  • To conduct customer surveys or evaluations, e.g. to measure customer satisfaction

  • To manage customer accounts on online platforms or customer portals, including login and access management

  • To conduct prize draws or special promotions in which you have participated

  • To comply with commercial and tax law retention obligations

  • To prevent payment defaults, e.g. through automated dunning processes or transfer to debt collection agencies

  • To personalize content and offers, e.g. through individualized product recommendations or marketing campaigns

  • To fulfill regulatory obligations under industry-specific regulations, such as anti-money laundering laws or product liability requirements

c. Legal bases for data processing

The legal bases for processing are:

Processing based on consent – Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR
If you have given your consent, your personal data will be processed accordingly.

Processing for the performance of a contract – Art. 6(1)(b) GDPR
This also applies to processing operations required to carry out pre-contractual and post-contractual measures.

Processing to comply with a legal obligation – Art. 6(1)(c) GDPR
Legal obligations arise in particular from tax and commercial law retention requirements.

Processing based on legitimate interests – Art. 6(1)(f) GDPR
Our legitimate interests include, in particular:

  • Communication with you, especially to respond to inquiries via email, telephone, and/or fax

  • Assertion, exercise, or defense of legal claims

4. Recipients or Categories of Recipients of Personal Data

Your personal data may be disclosed to the following recipients where legally permitted or based on your consent:

  • External employees / freelancers

  • Processors

  • Third parties

  • Authorities (e.g. tax offices, courts, trade supervisory authorities)

  • Billing partners

  • Debt collection agencies

  • Credit institutions

  • Logistics companies

  • Parcel delivery services

  • Postal service providers

  • (External) quality control bodies

  • Tax advisors

  • IT service providers (e.g. hosting, cloud providers, support services)

  • Providers of CRM, ERP, or shop systems (e.g. Comarch)

  • Telecommunications providers (e.g. SMS delivery or support hotlines)

  • Lawyers / external consultants (e.g. in disputes or compliance matters)

  • Auditors (e.g. for accounting audits)

  • Insurance companies (e.g. for claims handling or product liability cases)

In addition, personal data may be transferred to the following service provider located outside the EU/EEA:

  • Wix.com Limited

For processors and service providers outside the EU/EEA, personal data are processed only on the basis of Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

5. Transfer of Personal Data to Third Countries

In principle, personal data collected and generated in the provision of relevant products and services are stored on servers within the European Union. However, as our software providers operate globally, personal data may be transferred to or accessed from jurisdictions outside the EU/EEA.

In this context, personal data may be transferred to Israel. The European Commission has issued an adequacy decision pursuant to Art. 45(1) GDPR for Israel, confirming an adequate level of data protection. Therefore, no additional contractual safeguards are required. Transfers take place exclusively for the purposes stated in this privacy notice.

6. Duration of Storage of Personal Data

We do not store your personal data longer than necessary for the purposes for which they were collected. Data are deleted or destroyed once they are no longer required. Appropriate measures ensure that personal data are processed only:

  • For the duration necessary to provide services to you

  • As required by law, contract, or legal obligations

  • Only for as long as necessary for the purpose of collection, or longer if required by contract or law, with appropriate safeguards

Interested party inquiries:
If no further business relationship arises, your data will be deleted immediately after final processing of your inquiry.

Contract-related communication and customer data:
Personal data collected in the context of an existing or potential contractual relationship are subject to statutory retention obligations and may be stored for up to 10 years after completion of the communication or contractual relationship.

Retention may also be required to fulfill contractual services, review or defend warranty and guarantee claims, or comply with statutory retention periods (e.g. under the German Commercial Code, Fiscal Code, or Anti-Money Laundering Act). Deletion takes place after expiry of the respective retention periods.

7. Rights of Data Subjects

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure or restriction of processing (Arts. 17, 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object to processing based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR)

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

8. Right to Withdraw Consent

If you have given consent to data processing, you may withdraw this consent at any time with effect for the future. The lawfulness of processing carried out prior to withdrawal remains unaffected.

These data protection notices were prepared with the support of DataGuard.

bottom of page