Privacy

We take your privacy seriously! As you may know, the General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

On our website, we are fully committed to complying with the GDPR and protecting your personal data. We know how important your privacy is to you and we take all possible steps to ensure that your personal data is safe and secure.

Squarespace Privacy Policy

Cookie Policy: https://www.squarespace.com/cookie-policy

Cookie Naming Convention: https://support.squarespace.com/hc/en-us/articles/360001264507-The-cookies-Squarespace-uses

The following tabs contain more information about Squarespace functionality and privacy policies.

  • This website collects personal data that serves as the basis for our website analytics. This includes:

    • Information about your browser, network and device

    • Web pages that you have accessed before visiting this website

    • Your IP address

    This information may also include details about your use of this website, including:

    • Clicks

    • Internal links

    • Visited pages

    • Scroll

    • Searches

    • Timestamp

    We share this information with Squarespace, our website analytics provider, to learn more about traffic and activity on this website.

  • This website uses cookies and similar technologies, which are small files or short texts that are downloaded to a device when a visitor accesses a website or app. For information about viewing the cookies placed on your device, see About the cookies Squarespace uses.

    • These functional and necessary cookies are always used because they allow Squarespace, our hosting platform, to provide this website to you securely.

    • These analytics and performance cookies are used on this website, as described below, only if you accept our cookie banner. This website uses analytics and performance cookies to gain insight into website traffic, website activity and other data.

  • When you submit information to this website via web form, we collect the information requested in the web form to track and respond to your submissions. We share this information with Squarespace, our online store hosting provider, so that they can provide website services to us. We also share this information for storage purposes with storage method(s) and for data transfer purposes with Zapier.

    This website is hosted by Squarespace. Squarespace collects personally identifiable information when you visit this website. This includes:

    • Information about your browser, network and device

    • Web pages that you have accessed before visiting this website

    • Web pages that you access on this website

    • Your IP address

    Squarespace needs the data to operate this website and to protect and improve its platform and services. Squarespace analyzes the data in a depersonalized form.

  • This website provides and displays font files from Google Fonts and Adobe Fonts. In order to properly display this website to you, these third parties may receive personal information about you, including:

    • Information about your browser, network or device

    • Information about this website and the page you are visiting on the website

    • Your IP address

  • Use of Google Analytics

    We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website and advertising measures.

    Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the website usage data on our behalf and is contractually committed to measures to ensure the security and confidentiality of the processed data.

    During your visit to the website, the following data, among others, is recorded:

    Pages called

    Orders incl. the turnover and the ordered products

    The achievement of "website goals" (e.g., contact inquiries and newsletter sign-ups).

    Your behavior on the pages (for example, dwell time, clicks, scrolling behavior)

    Your approximate location (country and city)

    Your IP address (in shortened form, so that no clear assignment is possible)

    Technical information such as browser, Internet provider, terminal device and screen resolution

    Source of origin of your visit (i.e. via which website or via which advertising medium you came to us)

    No personal data such as name, address or contact details are ever transferred to Google Analytics.

    This data is transferred to Google servers in the USA. We would like to point out that the same level of data protection cannot be guaranteed in the USA as within the EU.

    Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognize you during future website visits.

    The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. Other data remains stored in aggregated form indefinitely.

    If you do not agree with the collection, you can prevent it with the one-time installation of the browser add-on to disable Google Analytics or by rejecting cookies via our cookie settings dialog.

    Source: traffic3.net

In accordance with the legal requirements of data protection law (in particular in accordance with BDSG n.F. and the European Data Protection Regulation 'GDPR'), we inform you below about the nature, scope and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. Regarding the definition of terms such as "personal data" or "processing", we refer to Art. 4 GDPR.

Name and contact details of the responsible person
Our responsible person (hereinafter "responsible person") within the meaning of Art. 4 fig. 7 GDPR is:

Inner Aesthetics 

Maria Vanessa Esposito
Postfachnummer 580415
10414 Berlin

E-mail address: maria@inneraesthetics.de
VAT-Id: 31/280/02047

Types of data, purposes of processing and categories of data subjects

In the following, we inform you about the type, scope and purpose of the collection, processing and use of personal data.

 1. Types of data we process
Usage data (access times, websites visited, etc.), inventory data (name, address, etc.), communication data (IP address, etc.), 

2. purposes of processing according to Art. 13 (1) (c) GDPR
Optimize website technically and economically, Provide easy access to the website, Support commercial use of the website, Improve user experience, Make website user-friendly, Customer service and customer care, Handle contact requests, Provide websites with features and content.

Categories of Data Subjects according to Article 13(1)(e) of the GDPR

Visitors/Users of the Website, Interested Parties,

The data subjects are collectively referred to as "users."

Legal Bases for the Processing of Personal Data Below, we inform you about the legal bases for processing personal data:

  1. If we have obtained your consent for the processing of personal data, Article 6(1)(a) GDPR is the legal basis.

  2. If processing is necessary for the performance of a contract or the implementation of pre-contractual measures carried out at your request, Article 6(1)(b) GDPR is the legal basis.

  3. If processing is necessary to fulfill a legal obligation to which we are subject (e.g., statutory retention obligations), Article 6(1)(c) GDPR is the legal basis.

  4. If processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR is the legal basis.

  5. If processing is necessary for the protection of our legitimate interests or the legitimate interests of a third party, and your interests or fundamental rights and freedoms do not override those interests, Article 6(1)(f) GDPR is the legal basis.

Disclosure of Personal Data to Third Parties and Data Processors

Without your consent, we generally do not disclose data to third parties. Should this occur, the disclosure is made based on the aforementioned legal bases, such as when data is disclosed to online payment providers for contract fulfillment, due to a court order, or for compliance with a legal obligation for the purpose of law enforcement, hazard prevention, or the protection of intellectual property rights. Additionally, we use data processors (external service providers, e.g., for web hosting of our websites and databases) for the processing of your data. When data is disclosed to data processors as part of a data processing agreement, it is done in accordance with Article 28 of the GDPR. We carefully select our data processors, regularly monitor them, and retain the right to issue instructions regarding the data. Data processors must have implemented suitable technical and organizational measures and comply with data protection regulations in accordance with the BDSG n.F. and GDPR.

Data Transfer to Third Countries

The adoption of the European General Data Protection Regulation (GDPR) established a unified foundation for data protection in Europe. As a result, your data is primarily processed by companies subject to the GDPR. However, if processing is carried out by third-party services outside the European Union or the European Economic Area, they must meet the specific requirements outlined in Articles 44 ff. GDPR. This means that processing is done based on special guarantees, such as the official recognition by the EU Commission of a level of data protection equivalent to that of the EU or compliance with officially recognized special contractual obligations, known as "standard contractual clauses."

In cases where we are required to obtain your explicit consent for data transfer to the United States due to the ineffectiveness of the so-called "Privacy Shield," as per Article 49(1) sentence 1, lit. a) GDPR, we will inform you of the potential risk of unauthorized access by U.S. authorities and the use of data for surveillance purposes, possibly without legal recourse for EU citizens.

Deletion of Data and Storage Duration

Unless explicitly stated otherwise in this privacy policy, your personal data will be deleted or blocked as soon as the consent granted for processing is revoked by you or when the purpose of storage no longer applies, or the data is no longer necessary for the intended purpose. However, further retention may be required for evidentiary purposes or due to legal retention obligations. This includes, for example, commercial retention obligations for business correspondence as per § 257(1) HGB (6 years), and tax-related retention obligations for documents as per § 147(1) AO (10 years). When the prescribed retention period expires, your data will be blocked or deleted unless storage is still necessary for concluding a contract or fulfilling a contract.

Existence of Automated Decision-Making

We do not employ automated decision-making or profiling.

Provision of Our Website and Generation of Log Files

  • When you use our website for informational purposes only (i.e., without registration or any other form of information transmission), we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data:

    • IP Address

    • User's Internet Service Provider

    • Date and time of access • Browser type

    • Language and browser version

    • Content of the request

    • Timezone

    • Access status/HTTP status code

    • Amount of data

    • Websites from which the request originates

    • Operating system

    These data are collected for the purpose of delivering our website to you in a user-friendly, functional, and secure manner, providing features and content, optimizing the website, and conducting statistical analysis.

    The legal basis for this data processing is our legitimate interest in the purposes mentioned above, as per Article 6(1) sentence 1, lit. f) GDPR.

    For security reasons, we store this data in server log files for a duration of days. After this period, they are automatically deleted, unless we need to retain them for evidence purposes in the event of attacks on the server infrastructure or other legal infringements.

    Cookies

  • We use so-called "cookies" when you visit our website. Cookies are small text files that your internet browser stores on your computer. When you revisit our website, these cookies provide information to automatically recognize you. Cookies also include "user IDs" where user information is stored using pseudonymized profiles. We inform you about the use of cookies for the aforementioned purposes and how to opt-out or prevent their storage by displaying a notice in our privacy policy when you visit our website.


    Different types of cookies are distinguished:

    • Necessary, essential cookies: Essential cookies are cookies that are absolutely necessary for the operation of the website to store certain website functions such as logins, shopping carts, or user inputs, such as website language.

    • Session cookies: Session cookies are required to recognize repeated use of an offering by the same user (e.g., when you have logged in to determine your login status). When you revisit our site, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimize our offerings and provide you with easier access to our site. Session cookies are deleted when you close your browser or log out.

    • Persistent cookies: These cookies remain stored even after you close your browser. They are used to store logins, measure reach, and for marketing purposes. They are automatically deleted after a specified duration, which can vary depending on the cookie. You can delete cookies at any time in your browser's security settings.

    • Third-party cookies (especially from advertisers): According to your preferences, you can configure your browser settings, for example, to accept or reject third-party cookies or all cookies. However, we would like to point out that in this case, you may not be able to use all the functions of this website. You can find more information about these cookies in the respective privacy policies of third-party providers.

    Data Categories: User data, cookies, user ID (including visited pages, device information, access times, and IP addresses).

    Purposes of Processing: The information obtained in this way serves the purpose of technically and economically optimizing our web offerings and providing you with easier and secure access to our website.

    Legal Bases: If we process your personal data with the help of cookies based on your consent ("Opt-in"), then Article 6(1) sentence 1, lit. a) GDPR is the legal basis. Otherwise, we have a legitimate interest in the effective functionality, improvement, and economic operation of the website, in which case the legal basis is Article 6(1) sentence 1, lit. f) GDPR. The legal basis is also Article 6(1) sentence 1, lit. b) when cookies are set for the initiation of contracts, such as in the case of orders.

    Storage Duration/Deletion: Data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collected for providing the website, this happens when the respective session is ended. Cookies, on the other hand, are stored on your computer and transmitted from there to our site. Therefore, as a user, you have full control over the use of cookies. By adjusting the settings in your web browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time, and this can also be done automatically. If cookies are disabled for our website, it may affect the full functionality of the website.


    Cookies are otherwise stored on your computer and transmitted from it to our site. As a result, you, as a user, have full control over the use of cookies. By adjusting the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time, and this can also be done automatically. If cookies are disabled for our website, it may affect the full functionality of the website.

    Here you can find information on how to delete cookies for different browsers:

    Chrome: Link to Chrome Cookie Deletion Instructions

    Safari: Link to Safari Cookie Deletion Instructions

    Firefox: Link to Firefox Cookie and Website Data Deletion Instructions

    Internet Explorer: Link to Internet Explorer Cookie Management Instructions

    Microsoft Edge: Link to Microsoft Edge Cookie Deletion Instructions

    Objection and "Opt-Out": You can prevent the storage of cookies on your hard drive, regardless of consent or legal permission, by choosing "do not accept cookies" in your browser settings. However, this may result in a limitation of the functionality of our offerings. You can object to the use of third-party cookies for advertising purposes through an "Opt-out" on this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).

    Consent Manager Provider:

    1. We use the Consent Management Platform (CMP) from Squarespace on our website. Website: https://www.squarespace.com

    2. Data Categories and Description of Data Processing: Cookies, date and time of the visit, device information, browser information, anonymized IP address, Opt-in, and Opt-out data. Through this service, we can obtain your consent for cookie storage and document it. Additionally, a cookie is stored in your browser to associate your given consent or its revocation. Further information can be found in the data processor CMP's privacy policy: https://www.squarespace.com/privacy

    3. Purposes of Data Processing: Compliance with legal obligations, consent storage.

    4. Legal Bases: The legal basis for processing personal data is our legitimate interest as outlined in the above purposes, as per Article 6(1) sentence 1, lit. f) GDPR, as well as the fulfillment of legal obligations under Article 6(1) sentence 1, lit. c) GDPR.

    5. Storage Duration: Data is stored until you delete the CMP cookie in your browser or the purpose for data storage no longer applies. Records of previously granted consent are kept for a duration of three years. This retention is based, in part, on our accountability obligations as per Article 5(2) GDPR.

    6. Data Transmission/Recipient Category: CMP provider in Europe. Therefore, we have entered into a data processing agreement under Article 28 GDPR with the data processor.


    Newsletter:

    You can subscribe to our newsletter with your voluntary consent by providing your email address. Only this information is mandatory. The provision of additional data is optional and serves the purpose of personalizing our communication. We use the "Double-Opt-In" process for registration. After entering your email address, you will receive a confirmation email from us with a link to confirm your subscription. By clicking on this confirmation link, your email will be added to the newsletter distribution list and stored for the purpose of sending emails. If you do not click the confirmation link within hours, your registration data will be blocked and automatically deleted after days.

    Additionally, we log your IP address used during the registration, as well as the date and time of the Double-Opt-In (registration and confirmation). The purpose of this storage is to fulfill legal requirements for verifying your registration and preventing misuse of your email.

    Within your consent declaration, the content (e.g., advertised products/services, offers, promotions, and topics) of the newsletter is specifically described.

    We analyze your user behavior when sending the newsletter. The newsletters contain "web beacons" or "tracking pixels" that are accessed when you open the newsletter. For analysis purposes, we link these web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID. The data is collected exclusively in a pseudonymized form, meaning the IDs are not linked to your other personal data, ensuring direct personal identification is excluded. With this data, we can determine whether and when you opened the newsletter and which links in the newsletter were clicked. This serves the purpose of optimizing and statistically evaluating our newsletter.

    The legal basis for newsletter distribution, performance measurement, and email storage is your consent according to Article 6(1) sentence 1, lit. a) GDPR in conjunction with § 7(2) no. 3 UWG, and for consent documentation, it is Article 6(1) sentence 1, lit. f) GDPR, as it serves our legitimate interest in the legal provability.

    You can object to tracking at any time by clicking the unsubscribe link at the end of the newsletter. In this case, however, you will also stop receiving the newsletter. If you disable the display of images in your email software, tracking is not possible. This may affect the functionality of the newsletter, and contained images will not be displayed.

    You can withdraw your consent to receive the newsletter at any time. You can exercise your withdrawal by clicking the unsubscribe link at the end of the newsletter, sending an email, or contacting us using the above contact details. We will store your data as long as you have subscribed to the newsletter. After unsubscribing, your data will only be stored anonymously for statistical purposes.


    Social Media Presence:

    We maintain profiles or fan pages on social media. When you use and access our profile on the respective network, the respective network's privacy policies and terms of use apply.

    Data Categories and Description of Data Processing: Usage data, contact details, content data, inventory data. Furthermore, user data within social networks is typically processed for market research and advertising purposes. For example, user behavior and resulting user interests can be used to create user profiles. These user profiles can, in turn, be used to display advertisements within and outside the networks that presumably correspond to the user's interests. For these purposes, cookies are usually stored on users' computers, in which user behavior and interests are stored. In addition, data can also be stored in user profiles independently of the devices used by users (especially if users are members of the respective platforms and are logged in). For a detailed description of the respective processing methods and opt-out options, we refer to the data protection policies and information provided by the operators of the respective networks. In the case of information requests and the exercise of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the providers have access to users' data and can directly take appropriate measures and provide information. If you still need assistance, you can contact us.

    Purpose of Processing: Communication with users connected to and registered on social networks; information and advertising for our products, offers, and services; external representation and image maintenance; evaluation and analysis of users and content of our social media presence.

    Legal Bases: The legal basis for the processing of personal data is our legitimate interest as outlined in the above purposes according to Article 6(1) sentence 1, lit. f) GDPR. If you have given us or the responsible party of the social network your consent to process your personal data, the legal basis is Article 6(1) sentence 1, lit. a) in conjunction with Article 7 GDPR.

    Data Transfer/Recipient Category: Social network.

    You can find the data protection policies, information, and opt-out options of the respective networks/service providers here:

    Facebook – Service Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: www.facebook.com; Data Protection Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com; Objection: https://www.facebook.com/help/contact/2061665240770586; Agreement on the Joint Processing of Personal Data on Facebook Pages (Art. 26 GDPR): https://www.facebook.com/legal/terms/page_controller_addendum, Data Protection Information for Facebook Pages: https://www.facebook.com/legal/terms/information_about_page_insights_data. We are jointly responsible with Facebook for our fan page according to Art. 26 GDPR. To this end, an agreement named "Information about Page Insights," available at https://www.facebook.com/legal/terms/page_controller_addendum, has been concluded, which specifies certain security measures Facebook must adhere to and it will also fulfill data subject rights directly. You can, therefore, also contact Facebook directly for information rights and deletion requests. However, this does not affect your data subject rights, especially access, deletion, objection, and complaint to the competent supervisory authority. Further information on the joint responsibility can be found in the "Information on Page Insights Data" at https://www.facebook.com/legal/terms/information_about_page_insights_data.

    Instagram – Service Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Data Protection/ Opt-Out: https://help.instagram.com/519522125107875, Objection: https://help.instagram.com/contact/186020218683230; Agreement on the Joint Processing of Personal Data on Instagram Pages (Art. 26 GDPR): https://www.facebook.com/legal/terms/page_controller_addendum.

    LinkedIn – Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Data Protection Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy and Opt-Out: https://www.linkedin.com/legal/cookie-policy.

    Quantcast – Service Provider: Quantcast International Limited, Beaux Lane House, Lower Mercer Street, 1st Floor, Dublin 2, Ireland. Data Protection Policy: https://www.quantcast.com/privacy/

We partner with Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization and fraud/security purposes. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Rights of the data subject 

1. objection or revocation against the processing of your data Insofar as the processing is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a), Art. 7 DS-GVO, you have the right to revoke the consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Insofar as we base the processing of your personal data on the balance of interests pursuant to Art. 6 (1) p. 1 lit. f) DS-GVO, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is presented by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

You may object to the processing of your personal data for purposes of advertising and data analysis at any time. You can exercise the right to object free of charge. You can inform us of your advertising objection at the following contact details:

Inner Aesthetics 

Maria Vanessa Esposito
Postfachnummer 580415
10414 Berlin

E-mail address: maria@inneraesthetics.de
VAT-Id: 31/280/02047

2. Right to information You have a right to information about your personal data stored by us in accordance with Art. 15 DS-GVO. This includes, in particular, information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it has not been collected directly from you.

3. Right to rectification You have a right to rectify incorrect data or to complete correct data in accordance with Art. 16 of the DS-GVO.

4.Right to deletion You have a right to have your data stored by us deleted in accordance with Art. 17 DS-GVO, unless legal or contractual retention periods or other legal obligations or rights to further storage prevent this.

5. Right to restriction You have the right to request a restriction in the processing of your personal data if one of the conditions in Art. 18 (1) a) to d) DS-GVO is met: - if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data; - the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data; - the controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise or defense of legal claims, or - if you object to the processing pursuant to Art. 21 (1) DS-GVO and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

6. right to data portability You have a right to data portability pursuant to Art. 20 DS-GVO, which means that you can receive the personal data we hold about you in a structured, common and machine-readable format or request that it be transferred to another controller.

7. right to complain You have a right to complain to a supervisory authority. As a rule, you can contact the supervisory authority for this purpose, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement.

Data security
 In order to protect all personal data transmitted to us and to ensure that the data protection regulations are complied with by us, but also by our external service providers, we have taken appropriate technical and organizational security measures. Therefore, among other things, all data between your browser and our server is transmitted encrypted via a secure SSL connection.

As of: 05.04.2023

Source