Point of Contact In

Köln

Phone Number

+905412765990

Opening Hours

Mon – Fri, 10 AM – 6 PM

Privacy Policy

We are very pleased about your interest in our company. Data protection has a particularly high priority for the management of Smile Hair Clinic. The use of the Smile Hair Clinic website is generally possible without providing any personal data. However, if a data subject wishes to use special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data—such as the name, address, email address, or telephone number of a data subject—always takes place in accordance with the General Data Protection Regulation (GDPR) and with the country-specific data protection regulations applicable to Smile Hair Clinic. With this privacy policy, our company intends to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy is intended to inform data subjects of their rights.

1. Definitions

The privacy policy of Smile Hair Clinic is based on the terminology used by the European legislator in the enactment of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this privacy policy, we use, among others, the following terms:

a) Personal Data

Personal data includes all information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if they can be identified—directly or indirectly—particularly by assigning an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing

Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of Processing

Restricted processing is the marking of stored personal data with the aim of limiting its future processing.

e) Profiling

Profiling is any form of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects regarding that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data is not assigned to an identified or identifiable natural person.

g) Controller or Person Responsible for Processing

The controller or person responsible for processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for their nomination may be provided for by Union law or Member State law.

h) Processor

A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

i) Recipient

A recipient is a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a particular inquiry under Union law or Member State law are not considered recipients.

j) Third Party

A third party is any natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, through a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them.

2. Name and Address of the Controller Responsible for Processing

The controller within the meaning of the General Data Protection Regulation, other applicable data protection laws in the Member States of the European Union, and other provisions related to data protection is:

Smile Hair Clinic
Tatlısu, Alptekin Cd. No:15, 34774
Ümraniye/İstanbul, Türkiye

Tel.: +90 54 914 924 00
E-mail: [email protected]
Website: Smile Hair Clinic

3. Cookies

The Smile Hair Clinic website uses cookies. Cookies are text files that are stored on a computer system via an internet browser.

Many websites and servers use cookies. A large number of cookies contain what is known as a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that allows websites and servers to associate the cookie with the specific internet browser in which it was stored. This enables visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain different cookies. A specific internet browser can be recognized and identified through its unique cookie ID.

By using cookies, Smile Hair Clinic can provide users of this website with more user-friendly services that would not be possible without cookie placement.

Cookies allow the information and offers on our website to be optimized with the user in mind. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make the use of our website easier for visitors. For example, a user of a website that uses cookies does not have to re-enter their login data every time they visit the website, because this is handled by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop, which allows the shop to remember the items a customer has placed in their virtual cart.

The data subject may at any time prevent the setting of cookies by our website through an appropriate configuration of the internet browser being used, thereby permanently objecting to the placement of cookies. Furthermore, cookies that have already been set may be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the used internet browser, not all functions of our website may be fully usable.

4. Collection of General Data and Information

The Smile Hair Clinic website collects a range of general data and information each time a data subject or an automated system accesses the website. This general data and information is stored in the server’s log files. The following may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (the so-called referrer), (4) the subpages accessed on our website by an accessing system, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that serves to protect against threats in the event of attacks on our IT systems.

When using this general data and information, Smile Hair Clinic does not draw any conclusions about the data subject. Rather, this information is needed to (1) correctly deliver the content of our website, (2) optimize the content and advertising of our website, (3) ensure the long-term functionality of our IT systems and website technology, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. These anonymously collected data and information are evaluated statistically by Smile Hair Clinic and also with the aim of increasing data protection and data security within our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

If you are a customer or have used one of our services, we use your telephone number and email address to send you information via messenger, email, or phone call regarding consultation and advertising for our own similar services. You may object to the use of your data for this purpose at any time—by phone, email, messenger, or mail.
We use your data in connection with the agreement between you and us for information, consultation, support, and advertising for our own similar services.

If you are not yet our customer and do not wish to receive advertising, we will update this immediately for you. You may withdraw your consent at any time. Upon withdrawal, we will no longer contact you in the future, and you will not receive consultation, support, or offers for similar services.

5. Contact Option via the Website

 The Smile Hair Clinic website contains information required by law that enables quick electronic contact with our company as well as direct communication with us, which also includes a general address for electronic mail (email address). If a data subject contacts the controller via email or through a contact form, the personal data transmitted by the data subject is automatically stored. Personal data transmitted in this manner on a voluntary basis is stored for the purpose of processing the inquiry or contacting the data subject. By entering your data into our forms, you grant us permission to store this data and use it for marketing purposes.

6. Comment Function in the Blog on the Website

The Smile Hair Clinic website offers users the opportunity to leave individual comments on specific blog posts. A blog is an online platform—usually publicly accessible—on which one or more individuals, known as bloggers or web bloggers, publish articles or write down their thoughts in so-called blog posts. These blog posts can typically be commented on by third parties.

If a data subject leaves a comment on the blog published on this website, in addition to the comment itself, information regarding the time of the comment and the username (pseudonym) chosen by the data subject is stored and published. Furthermore, the IP address assigned to the data subject by their Internet Service Provider (ISP) is also logged. This IP address is stored for security reasons and in case the data subject violates the rights of third parties or posts unlawful content through a submitted comment. The storage of this personal data is therefore in the legitimate interest of the controller, enabling them to potentially exonerate themselves in the event of a legal violation. The collected personal data will not be disclosed to third parties unless such disclosure is required by law or necessary for the legal defense of the controller.

7. Routine Erasure and Blocking of Personal Data

The controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as required by the European legislator or another competent legislator in laws or regulations to which the controller is subject.

If the storage purpose no longer applies, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with legal requirements.

8. Rights of the Data Subject

Information regarding flights, transfers, and hotel accommodation is based solely on the details provided by the respective service providers. The intermediary is therefore liable only for the careful selection of these service providers and for the proper transmission of the information. Any liability in connection with the provision of medical services at the clinic is excluded. The decision to enter into a contract with the clinic and the choice of medical treatment lies solely within the customer’s responsibility.

If the intermediary is liable for damages under applicable legal provisions and these terms, and the damage was caused by slight negligence, the intermediary is liable only in the event of a breach of essential contractual obligations or cardinal obligations, and such liability is limited to the foreseeable, typical damage at the time the contract was concluded. This limitation does not apply in cases of injury to life, body, or health. If the damage is covered by an insurance policy taken out by the customer for the specific incident, the intermediary is liable only for any disadvantages arising for the customer in connection with such insurance.

Contractual liability for damages that are not bodily injuries is limited to three times the total trip price, provided that the customer’s damage was neither intentional nor caused by gross negligence, or if the intermediary is responsible for the customer’s damage solely due to the fault of a service provider. Liability for service disruptions in connection with services that are merely mediated as third-party services is excluded. This applies particularly to medical treatment errors.

a) Right to Confirmation

Every data subject has the right granted by the European legislator to obtain confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right to confirmation, they may contact any employee of the controller at any time.

b) Right of Access

Every data subject affected by the processing of personal data has the right granted by the European legislator to obtain, at any time and free of charge, information from the controller about the personal data stored concerning them, as well as a copy of this information. Furthermore, the European legislator has granted the data subject the right to obtain information about the following:

  • the purposes of the processing

  • the categories of personal data being processed

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients in third countries or international organizations

  • where possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria used to determine that duration

  • the existence of a right to rectification or erasure of personal data concerning them, or to restriction of processing by the controller, or a right to object to such processing

  • the existence of a right to lodge a complaint with a supervisory authority

  • if the personal data are not collected from the data subject: all available information about the source of the data

  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR, and—at least in such cases—meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

The data subject also has the right to be informed whether personal data has been transferred to a third country or an international organization. If this is the case, the data subject is entitled to obtain information about the appropriate safeguards related to the transfer.

If a data subject wishes to exercise this right of access, they may contact any employee of the controller at any time.

c) Right to Rectification

Every data subject affected by the processing of personal data has the right granted by the European legislator to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right—taking into account the purposes of the processing—to request the completion of incomplete personal data, including by means of a supplementary statement.

If a data subject wishes to exercise this right to rectification, they may contact any employee of the controller at any time.

d) Right to Erasure (Right to Be Forgotten)

Every data subject affected by the processing of personal data has the right, granted by the European legislator, to request from the controller the immediate erasure of personal data concerning them, provided that one of the following reasons applies and processing is not required:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

  • The data subject withdraws their consent on which the processing was based according to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.

  • The data subject objects to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.

  • The personal data have been unlawfully processed.

  • Erasure of the personal data is required to comply with a legal obligation under Union law or Member State law to which the controller is subject.

  • The personal data were collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.

If one of the above reasons applies, and a data subject wishes to request the erasure of personal data stored by Smile Hair Clinic, they may contact any employee of the controller at any time. The employee will ensure that the erasure request is fulfilled immediately.

If Smile Hair Clinic has made the personal data public and is obliged as the controller under Art. 17(1) GDPR to erase the personal data, Smile Hair Clinic—taking into account available technology and implementation costs—shall take reasonable steps, including technical measures, to inform other controllers processing the published personal data that the data subject has requested the erasure of all links to, copies of, or replications of these personal data, insofar as processing is not required. An employee of Smile Hair Clinic will take the necessary steps in each individual case.

e) Right to Restriction of Processing

Every data subject affected by the processing of personal data has the right granted by the European legislator to request the restriction of processing from the controller if one of the following conditions is met:

The accuracy of the personal data is contested by the data subject, for a period that enables the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject opposes the erasure of the personal data, and instead requests the restriction of the use of the personal data.
The controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defense of legal claims.
The data subject has objected to the processing pursuant to Art. 21(1) GDPR, and it has not yet been determined whether the legitimate grounds of the controller outweigh those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by Smile Hair Clinic, they may contact any employee of the controller at any time. The employee of Smile Hair Clinic will arrange for the restriction of processing.

f) Right to Data Portability

Every data subject affected by the processing of personal data has the right granted by the European legislator to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit these data to another controller without hindrance from the controller to whom the personal data were provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject has the right to request that the personal data be transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject may contact any employee of Smile Hair Clinic at any time.

g) Right to Object

Every data subject affected by the processing of personal data has the right, granted by the European legislator, to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them that is carried out on the basis of Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

Smile Hair Clinic will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or if the processing serves the establishment, exercise, or defense of legal claims.

If Smile Hair Clinic processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing. This also applies to profiling insofar as it is related to direct marketing. If the data subject objects to processing for direct marketing purposes, Smile Hair Clinic will no longer process the personal data for these purposes.

The data subject also has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them that is carried out by Smile Hair Clinic for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject may directly contact any employee of Smile Hair Clinic. The data subject is also free to exercise their right to object in connection with the use of information society services, regardless of Directive 2002/58/EC, through automated procedures that use technical specifications.

h) Automated Individual Decision-Making, Including Profiling

Every data subject affected by the processing of personal data has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for entering into or performing a contract between the data subject and the controller, or (2) is permitted by Union or Member State law to which the controller is subject, and such law contains appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, or (3) is based on the explicit consent of the data subject.

If the decision (1) is necessary for entering into or performing a contract between the data subject and the controller, or (2) is based on the explicit consent of the data subject, Smile Hair Clinic will take appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, which include at least the right to obtain human intervention from the controller, to express their point of view, and to contest the decision.

If the data subject wishes to assert rights related to automated decision-making, they may contact any employee of the controller at any time.

i) Right to Withdraw Data Protection Consent

Every data subject affected by the processing of personal data has the right, granted by the European legislator, to withdraw consent for the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they may contact any employee of the controller at any time.

9.Data Protection in Applications and the Application Process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case when an applicant submits corresponding application documents electronically, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant, the application documents will be automatically deleted two months after the rejection decision is communicated, provided that no other legitimate interests of the controller conflict with such deletion. A legitimate interest in this sense may include, for example, the need to provide evidence in a legal proceeding under the General Equal Treatment Act (AGG).

10.Data Protection Provisions on the Use of Facebook

The controller has integrated components of the company Facebook into this website. Facebook is a social network.

A social network is an online meeting place, a virtual community that generally enables users to communicate and interact with one another in the digital space. A social network can serve as a platform for sharing opinions and experiences or allow members of the online community to provide personal or business-related information. Facebook enables users of the social network to create private profiles, upload photos, and connect with others through friend requests.

The operating company of Facebook is Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA. If a data subject lives outside the United States or Canada, the controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time a data subject accesses one of the individual pages of this website—operated by the controller—on which a Facebook component (Facebook plug-in) is integrated, the internet browser on the data subject’s IT system is automatically prompted by the Facebook component to download a display of the corresponding Facebook component from Facebook. A complete list of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook receives information about which specific subpage of our website was visited by the data subject.

If the data subject is simultaneously logged into Facebook, Facebook recognizes with each visit to our website which specific subpage the data subject visits, and this occurs throughout the entire duration of their stay on our website. These data are collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject presses one of the Facebook buttons integrated on our website—such as the “Like” button—or leaves a comment, Facebook assigns this information to the data subject’s personal Facebook account and stores the personal data.

Facebook receives information through the Facebook component whenever the data subject visits our website while logged into Facebook at the same time; this occurs whether or not the data subject clicks on the Facebook component. If the data subject does not wish for this information to be transmitted to Facebook, they may prevent this transmission by logging out of their Facebook account before accessing our website.

Facebook’s published data policy, available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains the privacy settings Facebook offers to protect the data subject’s privacy. Additionally, various applications are available that allow users to block data transmission to Facebook. Such applications can be used by the data subject to prevent data transmission to Facebook.

11.Data Protection Provisions on the Use of Google Analytics (with Anonymization Function)

The controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics involves the collection, gathering, and evaluation of data about the behavior of visitors to websites. A web analytics service collects data, among other things, about the website from which a data subject arrived at a website (the so-called referrer), which subpages were accessed, how often, and for what duration a subpage was viewed. Web analytics is primarily used for optimizing a website and for cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For web analytics via Google Analytics, the controller uses the “_gat._anonymizeIp” extension. This extension ensures that the IP address of the data subject’s internet connection is shortened and anonymized by Google when access to our website originates from a Member State of the European Union or another contracting state of the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor flows on our website. Google uses the collected data and information, among other things, to evaluate the use of our website, compile online reports that show website activity, and provide further services related to the use of our website.

Google Analytics places a cookie on the data subject’s IT system. What cookies are has already been explained above. By placing the cookie, Google is enabled to analyze the usage of our website. Each time a data subject accesses one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component is integrated, the internet browser on the data subject’s IT system is automatically prompted by the Google Analytics component to transmit data to Google for online analysis. Through this technical process, Google gains knowledge of personal data, such as the data subject’s IP address, which Google uses, among other things, to trace the origin of visitors and clicks and to subsequently enable commission settlements.

By means of the cookie, personal information such as access time, location from which access originated, and the frequency of visits to our website by the data subject is stored. With each visit to our website, these personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States. Google may pass these personal data collected via the technical process on to third parties.

The data subject may prevent the setting of cookies by our website at any time, as described earlier, through an appropriate setting of the internet browser used, thereby permanently objecting to the placement of cookies. Such a browser setting would also prevent Google from placing a cookie on the data subject’s IT system. In addition, a cookie already set by Google Analytics may be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the possibility to object to the collection of data generated by Google Analytics relating to the use of this website and to the processing of these data by Google, and to prevent such processing. To do so, the data subject must download and install a browser add-on available at https://tools.google.com/dlpage/gaoptout. This browser add-on communicates to Google Analytics via JavaScript that no data or information concerning visits to websites may be transmitted to Google Analytics. Installing the browser add-on is considered an objection by Google. If the browser add-on is uninstalled or deactivated by the data subject or another person within their control, it is possible to reinstall or reactivate the browser add-on.

Further information and the applicable data protection provisions of Google may be retrieved at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

12.Data Protection Provisions on the Use of Google AdWords

The controller has integrated Google AdWords on this website. Google AdWords is an online advertising service that allows advertisers to display ads in Google’s search engine results as well as within the Google advertising network. Google AdWords enables an advertiser to define certain keywords in advance, and an ad will be shown in Google’s search results only when the user retrieves a keyword-relevant search query. Within the Google advertising network, ads are distributed across relevant websites using an automated algorithm that considers the predefined keywords.

The operating company of Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website by displaying interest-based advertising on third-party websites and in Google search engine results, and to display third-party advertising on our website.

If a data subject reaches our website via a Google ad, Google places a so-called conversion cookie on the data subject’s IT system. What cookies are has already been explained above. A conversion cookie expires after thirty days and is not used to identify the data subject. As long as the cookie is still valid, it allows us and Google to determine whether certain pages — such as a shopping cart page in an online shop system — were accessed on our website. Through the conversion cookie, both Google and we can determine whether a data subject who reached our website via an AdWords ad generated a transaction, such as completing or abandoning a purchase.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. We then use these visit statistics to determine the total number of users referred to us via AdWords ads, that is, to determine the success or failure of individual AdWords ads and to optimize our future AdWords campaigns. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.

Through the conversion cookie, personal information such as the webpages visited by the data subject is stored. Each time our website is visited, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States and may potentially be passed on to third parties by Google through the technical process.

The data subject may prevent the setting of cookies by our website at any time, as described earlier, through appropriate browser settings, thereby permanently objecting to the placement of cookies. Such a browser configuration would also prevent Google from placing a conversion cookie on the data subject’s IT system. Additionally, a cookie already set by Google AdWords may be deleted at any time via the browser or other software programs.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do this, the data subject must access the link www.google.de/settings/ads from each internet browser they use and configure the desired settings there.

Further information and the applicable Google privacy policies can be found at https://www.google.de/intl/de/policies/privacy/.

13.Data Protection Provisions on the Use of YouTube

The controller has integrated components of YouTube on this website. YouTube is an internet video portal that enables video publishers to upload video clips free of charge and allows other users to view, rate, and comment on these videos, also free of charge. YouTube permits the publication of all types of videos, which is why complete films and television programs, as well as music videos, trailers, and user-generated videos, can be accessed via the platform.

Each time one of the individual pages of this website, operated by the controller and containing a YouTube component (YouTube video), is accessed, the internet browser on the data subject’s information technology system is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. As part of this technical process, YouTube and Google receive information about which specific subpage of our website was visited by the data subject.

If the data subject is logged into YouTube at the same time, YouTube recognizes, when a subpage containing a YouTube video is accessed, which specific subpage of our website the data subject visits. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

14.Legal Basis for Processing

Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party — for example, when processing operations are required for the delivery of goods or the provision of another service — the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary for carrying out pre-contractual measures, such as inquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data — for example, to fulfill tax obligations — the processing is based on Article 6(1)(c) GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or another third party. In such a situation, the processing would be based on Article 6(1)(d) GDPR.

Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal bases, if the processing is necessary for the purposes of a legitimate interest pursued by our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override such interests. Such processing operations are particularly permitted because they were explicitly recognized by the European legislator. The legislator considered that a legitimate interest may be assumed when the data subject is a customer of the controller (Recital 47, Sentence 2 GDPR).

15. Legitimate Interests in Processing Pursued by the Controller or a Third Party

If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest lies in carrying out our business activities in a manner that supports the well-being of all our employees and shareholders.

16.Duration for Which the Personal Data Is Stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of this period, the corresponding data will be routinely deleted, unless they are no longer required for the fulfillment of the contract or the initiation of a contract.

17.Statutory or Contractual Requirements for Providing Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Failure to Provide Such Data

We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also result from contractual obligations (e.g., information about the contractual partner).
In some cases, it may be necessary for the conclusion of a contract that a data subject provides us with personal data which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with them. Failure to provide such personal data would result in the contract with the data subject not being concluded.

Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required, necessary for the conclusion of a contract, whether there is an obligation to provide the personal data, and what consequences the failure to provide such data would have.

18. Google Web Fonts

The Smile Hair Clinic website uses so-called web fonts provided by Google Inc. (“Google”) to ensure a consistent presentation of fonts. These web fonts are integrated by a server request—typically to a Google server in the USA. Through this request, the server is informed which of our website pages you have visited. The IP address of the browser on the visitor’s device is also stored by Google. However, Google states that no cookies are set when loading the fonts and that no visitor data (neither IP address, browser version, nor other personal information) is linked with any other data.

When you access a page, your browser loads the required web fonts into its cache to display text and fonts correctly. If your browser does not support web fonts, a standard font from your computer will be used instead.

Further information about Google Web Fonts can be found at
developers.google.com/fonts/faq
and in Google’s privacy policy: www.google.com/policies/privacy/.

19. Content Delivery Network

We use what is known as a CDN, or “Content Delivery Network.” This is a network of regionally distributed servers connected via the Internet that deliver content—particularly large media files. A CDN helps us provide data quickly, especially when there is a high volume of requests. We use Cloudflare, a service provided by Cloudflare, Inc. When you visit our website, the provider receives information that you have accessed the corresponding page of our website. The data mentioned in Section 4 of this privacy policy is also transmitted.

Further information about the purpose and scope of data collection and its processing by the provider can be found in the provider’s privacy policies. There you will also find additional information regarding your rights in this context and configuration options for protecting your privacy.
Information from the third-party provider:
Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, Attention: Data Protection Officer, [email protected].
Privacy overview: https://www.cloudflare.com/de-de/privacypolicy/.

The provider also processes your personal data in the USA and participates in the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

20. Tracking Opt Out

Disable Google Analytics Tracking: Google Analytics Opt-Out
Prevent Facebook Pixel from tracking me: Facebook Pixel Opt-Out

 
aA.212.20