Privacy policy

General privacy policy

Last state: 26.01.2022

1. Name and contact details of the person responsible

Dr. Blecha-Thalhammer Cosmetics GmbH, FN 547260 w, Billrothstraße 63/8, 1190 Vienna, (“Dr. Blecha-Thalhammer“, “we“, “us“, “Company“) is committed to adequately protecting your personal data. We therefore observe the applicable legal provisions on the protection, lawful handling and confidentiality of personal data, as well as on data security, in particular the Austrian Data Protection Act (“DSG“) and the General Data Protection Regulation (“GDPR“).

This privacy policy informs you about the nature, scope and purposes of the collection and use of your personal data by Dr. Blecha-Thalhammer in connection with your visit to and use of our website www.i-really-care.com. (“Website”).

Dr. Blecha-Thalhammer Cosmetics GmbH is responsible for the data processing.

Dr. Blecha-Thalhammer Cosmetics GmbH
Billrothstraße 63/8
A – 1190 Wien
hello@i-really-care.com

2. Data processing

In the provision of our products, in particular our website and the offers made available on our website, we process personal data of users of our website as well as of users who use our online offer.

2.1. Data processing website use

The following personal data is automatically processed when you visit our website:

  • Log data
  • IP-Address
  • Type and version of your web browser
  • Data about your terminal device (device ID)
  • Date and time of the call of our website or the sub-pages
  • Website from which you reach our website (referrer URL)
  • Cookie consent.

The processing serves to provide you with the offers on our website, to ensure the security for the IT infrastructure used and to enable an informational use of our website. The data is only passed on to our IT service providers (order processors).

The log data is generally stored for 30 days. In the event of a security-relevant event, the data is stored until the event is resolved.

The legal basis for the processing of your personal data is our legitimate interest pursuant to Article 6 para 1 lit f DSGVO. Our legitimate interest is to design and continuously improve our website in a user-friendly manner, to provide you with the content you have accessed, to ensure the security of our IT infrastructure (in particular for the purpose of defending against attacks, detecting, eliminating and documenting malfunctions) and to manage the cookie consents granted.

The provision of your data is not obligatory; however, without the provision it is not possible for us to provide you with the accessed content.

For more details on cookies, please refer to section 3.8.

2.2. Data processing webshop

The following personal data is processed by us when you place orders in our webshop:

  • Name data
  • Address data
  • Contact details
  • Bank details (optional).

The data is shared with our service provider (processor) - Shopify Inc, a Canadian corporation with headquarters at 151 O'Connor Street, Ground floor, Ottawa, ON, K2P 2L8. Customers' personal information is initially processed by Shopify International Limited (Ireland), Shopify Inc. (Canada), or Shopify Commerce Singapore Pte. Ltd. (Singapore), depending on where the data subject is located. Shopify is a Canadian company headquartered in the capital city of Ottawa. The Canadian Data Protection Act (PIPEDA), which has been declared adequate by the European Commission, therefore applies to the processing and protection of data here.

Shopify has made a contractual commitment to its merchants to comply with the General Data Protection Regulation (GDPR) and has designed its infrastructure to ensure that cross-border data transfers are GDPR compliant. This means that personal data of individuals from Europe is first received and processed within Europe (in Ireland, Shopify's European headquarters) before we transfer that data further to Canada to the parent company and other locations.

In addition, we pass on your data (name, address, contact details) to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.

Depending on which payment method you select in the ordering process, we process the bank data collected. If personal data is passed on to the payment service provider, this is done exclusively for the purpose of payment processing with the payment providers. In some cases, the selected payment service providers also collect this data themselves, insofar as you create an account there. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

Privacy PayPal: Further information and the applicable privacy policy of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, can be found at the following link: https://www.paypal.com/at/webapps/mpp/ua/privacy-full.

Shopify Payments Privacy Policy: Further information and the applicable privacy policy of Shopify Payments, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2, can be found at the following link: https://www.shopify.com/legal/privacy

The personal data will generally be processed by us for the duration of the business relationship and in accordance with the legal requirements (retention obligations). The legal basis for the processing of your personal data is the fulfillment of pre-contractual and contractual obligations pursuant to Article 6 para 1 lit b DSGVO and the fulfillment of legal obligations pursuant to Article 6 para 1 lit c DSGVO.

The provision of your data is necessary in order to enter into a contractual relationship with you.

2.3. Data processing customer data

The following personal data of customers are processed by us:

  • Name data
  • Address data
  • Contact details
  • Ordering data
  • Payment data.

The data is processed by our processor, which is based in the EU.

The personal data will generally be processed by us for the duration of the business relationship and in accordance with the legal requirements (retention obligations). The legal basis for the processing of your personal data is the fulfillment of pre-contractual and contractual obligations pursuant to Article 6 para 1 lit b DSGVO and the fulfillment of legal obligations pursuant to Article 6 para 1 lit c DSGVO.

2.4. Data processing newsletter

The following personal data is processed by us for the purpose of sending newsletters electronically:

  • E-Mail-Address

The data is only passed on to our IT service provider (currently MailChimp). Standard contractual clauses (SCC) have been concluded with the IT service provider.

The legal basis for the processing of your personal data is your express consent pursuant to Article 6 para 1 lit a DSGVO. We use a double opt-in procedure for our newsletter registration. You enter your email address on our website and receive a confirmation email to reconfirm the registration. This is to prevent an unauthorized third party from misusing your email address.

You can cancel your newsletter subscription at any time by clicking the following link: by e-mail. The personal data you provide us with will be processed by us until you revoke your consent. After the revocation, this data will be irrevocably deleted by us. However, we point out that all processing carried out until the revocation remains lawful.

The provision of your data is not mandatory, but without the provision it is not possible for us to send you a newsletter.

2.5. Data processing contact request

It is possible to contact us directly by e-mail or via our contact form. In this form of contact, we only process the data that you provide to us in the e-mail and contact form. The data is passed on to our IT service provider, which is based in the EU.

The purpose of the processing is to enable you to contact us directly by e-mail or via our website. We process the data provided by you only for further communication with you. The personal data will not be processed in any other way.

The personal data is generally stored for the duration of the contact.

The legal basis for the processing of your personal data is our legitimate interest pursuant to Article 6 para 1 lit f DSGVO as well as the processing for the performance of a contract or for the implementation of pre-contractual measures pursuant to Article 6 para 1 lit b DSGVO. Our legitimate interest is to make our website user-friendly, to enable you to contact us easily and transparently, and to ensure that we respond to your requests.

2.6. Data processing applicant management

The following personal data is processed by us when you apply to us:

  • Name data
  • Address data
  • Contact details
  • Other applicant data.

We do not share your data with third parties.

The data processing serves the purpose of handling the application procedure and the registration with the competent authorities, if a recruitment takes place.

The personal data will generally be processed by us for a period of 6 months after completion of the application process. Processing beyond this period will only be carried out if you consent to the keeping of records. The legal basis for the processing of your personal data is the fulfillment of pre-contractual measures pursuant to Article 6 para 1 lit b DSGVO and the fulfillment of legal obligations pursuant to Article 6 para 1 lit c DSGVO. In the case of record keeping, the processing is based on your explicit consent pursuant to Article 6 (1) (a) of the GDPR.

You can revoke your consent to keep records at any time by e-mail. The personal data you provide us with will be processed by us until you revoke your consent. After revocation, this data will be irrevocably deleted by us. However, we would like to point out that all processing carried out until the revocation remains lawful.

The provision of your data is necessary to process the application.

2.7. Data processing social media plugins

We have not integrated any social media plugins on our website. The social media buttons to the social networks (e.g. Instagram, Facebook) were only integrated on our website with a link (reference link to the social networks). Should you click on this link (button), you will be redirected directly to the respective website. Please note the privacy statements on the respective websites.

2.8. Data processing cookies

We use cookies on our website to provide our services. Cookies are small text files containing information that are stored on your terminal device when you visit our website.

For better use, it is advantageous if cookies are stored temporarily, which is why you are asked for your consent when you first visit the website. However, you are not obliged to give this consent and can also use the website without consent - albeit restricted under certain circumstances. Cookies that do not require your consent (so-called unconditional cookies), the purpose of which is to enable the transmission of a message via an electronic communications network, as well as cookies that are absolutely necessary to provide our services, are also processed by us without your consent.

A basic distinction must be made between the following types of cookies:

Cookies that do not require consent and cookies that do require consent

Consent-free cookies are those cookies that we need to provide the applications and functions at all (so-called operationally necessary cookies). These cookies are generally only stored until you close your browser. All other cookies are cookies that require consent.

First- und Third-Party-Cookies

First-party cookies are cookies that are set and retrieved by us or our contracted processors. Third-party cookies are cookies that are set and retrieved by other controllers. Consequently, a distinction must be made here as to where a cookie originates.

Session and persistent cookies

Session cookies are cookies that are automatically deleted when you close the browser and persistent cookies are those cookies that remain stored on your computer/end device for a certain period of time after you close the browser.

We only use cookies that require consent if you have previously consented to the processing at our cookie notice (cookie banner). The cookie banner is displayed when you call up our website, you can select the desired cookies there and consent to the processing.

The following cookies are used on our website:

You can revoke the consent given to us for the use of cookies at any time without giving reasons. However, we would like to point out that all processing/transfers carried out until the revocation remain lawful.

2.9. Processing individual providers (Google Analytics, Shopify Analytics, Etc.)

3. Automated decision making / profiling

No automated decision making, including profiling, takes place.

4. State

An update of this privacy policy may be necessary due to technical development and new legal requirements. We will inform you in this regard in advance.