Privacy Policy

When you visit our website, our servers temporarily store each access in a log file. The following technical data is collected without your intervention, as is generally the case with any connection to a web server, and stored by us until automatic deletion after 24 months at the latest:

• the IP address of the requesting computer,
• the name of the owner of the IP address range (usually your Internet access provider),
• the date and time of access,
• the website from which the access was made (referrer URL) with the search term used, if applicable,
• the name and URL of the retrieved file,
• the status code (e.g. error message),
• the operating system of your computer,
• the browser you use (type, version and language),
• the transmission protocol used (e.g. HTTP/1.1)
• your username from a registration/authentication, as appropriate.

This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability on a permanent basis and enabling the optimization of our Internet offering, as well as for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

To place orders in the online shop, you can order as a guest or open a customer account. When you register for a customer account, we collect the following data:

• First and last name
• Company (optional)
• Postal address
• E-mail address
• Password

The data is collected for the purpose of providing the customer with password-protected direct access to his basic data stored with us. The customer can view his completed and open orders or manage or change his personal data.

The legal basis of the processing of the data for this purpose lies in the consent given by you in accordance with Art. 6 para. 1 lit. a EU GDPR.

If you wish to place orders in our online store, we require the following data for the processing of the contract:

• First and last name
• Billing address (and if different delivery address)
• Information within the framework of the payment (depending on the selected payment method)
• Login data, i.e. e-mail address and password (for registered customers)

Unless otherwise stated in this Privacy Policy or you have separately consented to it, we will only use the aforementioned data to process the contract, namely to process your orders, deliver the ordered products and ensure correct payment.

The legal basis of data processing for this purpose is the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b EU GDPR.

Payment

For purchases in our online store paid by credit card, transactions are made through the Stripe payment portal. All information regarding your payment is therefore collected by the Stripe platform in accordance with the data processing agreements in force in Switzerland and Europe. The information transmitted is encrypted in accordance with the data security standard established by the payment card industry (PCI-DSS standard). Information about your purchase transaction is retained for as long as is necessary to complete your order. The requirements of the PCI-DSS standard ensure the secure processing of credit card data.

For users who have a PayPal account, transactions can be made directly through the PayPal platform.

For more information, see the Stripe or PayPal terms of use.

We will only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.

In addition, we share your data with third parties to the extent necessary in the context of the use of the website and the execution of contracts (also outside the website), namely the processing of your order. This includes the respective transport service provider who has been entrusted with the shipment of ordered goods. The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-DSGVO.

For the purpose of data processing described in this Data Protection Declaration, we are also entitled to transfer your data to third enterprises (contracted providers) abroad. They are obligated to protect data to the same extent as we are. When the level of data protection in a country does not correspond to the Swiss or European level, we ensure that the protection of your personal data always corresponds to that of Switzerland or the EU by contract.

In many ways, cookies help to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer’s hard disk when you visit our website.

For example, we use cookies to offer you the shopping cart function over several pages and to temporarily store your inputs when filling out a form on the website so that you do not have to input your data again when calling up another sub-page. If you are registered on our website, cookies are also used to identify you as a registered user so that you do not have to log in again when calling up another subpage.

Most Internet browsers accept cookies automatically. However, you can configure your browser not to store any cookies on your computer or to display a notice when you receive a new cookie. On the following pages, you will find explanations of how to configure the treatment of cookies on the most common browsers:

• Microsofts Windows Internet Explorer
• Microsofts Windows Internet Explorer Mobile
• Mozilla Firefox
• Google Chrome für Desktop
• Google Chrome für Mobile
• Apple Safari für Desktop
• Apple Safari für Mobile

If you deactivate cookies, you may not be able to use all the functions of our website.

In order to adapt our website to demand and continue to optimise it, we use the web analytics service of Google Analytics. In this respect, pseudonymised use profiles are created and small text files that are stored on your computer (cookies) are used. The information produced by the cookie on your use of this website is transferred to the server of the provider of these services, stored there and processed for us. In addition to the data listed in section 1, we also receive the following information in some cases:

• navigation path covered by a visitor to the site,
• duration of the stay on the website or subpage,
• the subpage on which the website is left,
• the country, region or city from which the access takes place,
• end device (type, version, colour depth, resolution, width and height of the browser window), and
• returning or new visitor.

This information is used to evaluate the use of the website, prepare reports on website activities and provide additional services related to website use and Internet use for the purposes of adapting this website to demand. In some cases, these data are also transferred to third parties if required by law or to the extent that such third parties process such data on our behalf.

Google Analytics

The provider of Google Analytics is Google Inc., a company of the Alphabet Inc. holding company headquartered in the USA. Before transfer of the data to the provider, the IP address is abbreviated within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area by the activation of IP anonymisation (“anonymizeIP”) on this website. The anonymised IP address transferred by your browser to Google Analytics is not merged with other data of Google. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there. In such cases, we ensure that Google Inc. maintains a sufficient level of data protection by contractual guarantees. According to Google Inc., in no case is the IP address combined with other data concerning the user.

For further information on the web analytics service used, please see the Google Analytics website. Instructions on how you can prevent the processing of your data by the web analytics service can be found at: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Embedded social media services

We currently use the social media services listed below in providing our website.

Nelsie Cosmetics manages miscellaneous accounts and profiles on social networks (including Twitter, Facebook, Instagram, etc.), its own YouTube channels and various apps. These pages and services are offered and operated by third parties. All of these pages have their own data protection provisions.

In addition, third-party services, such as those provided by YouTube, Twitter, Google Maps, Google Ads, Instagram, bit.ly etc., are directly embedded into individual Nelsie Cosmetics web pages. These providers also use cookies, etc. When they use the relevant Nelsie Cosmetics web pages, the user’s data is automatically transmitted to these companies. In such cases, the data protection provisions of the provider concerned expressly apply. Users must be aware that data is collected via these services and may also be passed on to third parties. If users also have an account with the service concerned, the operator may assign the information transmitted directly to the personal account concerned.

Nelsie Cosmetics has no influence over the collection of data or its further use by these operators. Nelsie Cosmetics has no knowledge of how much data they store, where they store it and how long, the extent to which they comply with duties to erase data, the analyses they make of the data, the links they make to the data and to whom they pass on the data.

The most important third-party services Nelsie Cosmetics uses are:

Facebook

Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irlande
The privacy policy is available here:
https://www.facebook.com/privacy/policy/

A possibility to object to data processing arises via settings for advertisements:
https://www.facebook.com/settings/?tab=your_facebook_information

Instagram

Instagram by Meta, Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland
The privacy policy is available here:
https://privacycenter.instagram.com/policy

Twitter

X Corp., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
The privacy policy is available here:
https://twitter.com/en/privacy
https://help.twitter.com/en/rules-and-policies/x-cookies

One way to object to data processing is via the settings for advertisements:
https://twitter.com/personalization

Bitly

Bitly Europe GmbH, Am Lenkwerk 13, 33609 Bielefeld, Germany
The privacy policy is available here:
https://bitly.com/pages/privacy

Pinterest

Pinterest, Inc., 651 Brannan St. San Francisco, CA 94107, USA
The privacy policy is available here:
https://policy.pinterest.com/en/privacy-policy

One way to object to data processing is via the settings for advertisements: https://help.pinterest.com/de/guide/all-about-pinterest

YouTube

YouTube, by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
The privacy policy is available here:
https://policies.google.com/privacy?hl=en

When users click on the relevant social network icons, they are automatically redirected to the Nelsie Cosmetics profile on the relevant network. In order to use the functions of the network in question, users must log in to their user account with the network in question.

When users retrieve a link to one of Nelsie Cosmetics’s social media profiles, a direct connection is established between the users’ browser and the server of the social network in question. This provides the network with the information that the users have visited the Platform with their IP address and retrieved the link. When users retrieve a link to a network while logged into their account with that network, the content of the Platform can be linked to the users’ profile with the network, which means that the network can directly associate the visit to the Platform with the users’ account. If users wish to prevent this, they should log out before retrieving the corresponding links. In any case, an assignment takes place when the user logs in to the relevant network after activating the link.

Newsletter data

If you would like to receive our newsletter, we require a valid email address as well as information which allows us to verify that you are the owner of the email address provided and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We use newsletter service providers to process the newsletter. They are described in the following section.

The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.

The data you archive with us for the purpose of the newsletter subscription shall be archived by us until you unsubscribe from the newsletter. Once you cancel your subscription to the newsletter, the data shall be deleted. This shall not affect data we have been archiving for other purposes.

MailChimp

This website uses the services of MailChimp to send out its newsletters. The provider is the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Among other things, MailChimp is a service that can be deployed to organise and analyse the sending of newsletters. Whenever you enter data for the purpose of subscribing to a newsletter (e.g. your e-mail address), the information is stored on MailChimp servers in the United States.

MailChimp is in possession of a certification that is in compliance with the “EU-US-Privacy-Shield.” The “Privacy-Shield” is a compact between the European Union (EU) and the United States of America (USA) that aims to warrant the compliance with European data protection standards in the United States.

With the assistance of the MailChimp tool, we can analyse the performance of our newsletter campaigns. If you open an e-mail that has been sent through the MailChimp tool, a file that has been integrated into the e-mail (a so-called web-beacon) connects to MailChimp’s servers in the United States. As a result, it can be determined whether a newsletter message has been opened and which links the recipient possibly clicked on. Technical information is also recorded at that time (e.g. the time of access, the IP address, type of browser and operating system). This information cannot be allocated to the respective newsletter recipient. Their sole purpose is the performance of statistical analyses of newsletter campaigns. The results of such analyses can be used to tailor future newsletters to the interests of their recipients more effectively.

If you do not want your usage of the newsletter to be analysed by MailChimp, you will have to unsubscribe from the newsletter. We provide a link to do this in every newsletter we send.

The data is processed based on your consent (Art. 6 Sect. 1 lit. a GDPR).  You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

The data you archive with us for the purpose of the newsletter subscription shall be archived by us until you unsubscribe from the newsletter. Once you cancel your subscription to the newsletter, the data shall be deleted from our servers as well as those of MailChimp. This shall not affect data we have been archiving for other purposes.

Transfer of data to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://mailchimp.com/about/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

After you have unsubscribed from the newsletter distribution list, your email address may be saved in a blacklist either with us or the newsletter service provider if this is necessary to prevent future mailings. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest in accordance with Art. 6 Para. 1 (f) of the GDPR). The storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interests.

For details, see MailChimp’s privacy policy at:
https://mailchimp.com/legal/terms/

Execution of a contract data processing agreement

We have concluded a data processing agreement (DPA) with the aforementioned provider. This is a contract prescribed by data protection laws, which ensures that they only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

For reasons of completeness, we inform users residing or domiciled in Switzerland that surveillance measures by the US authorities exist in the USA that make it possible to store all personal data of all persons whose data are transmitted from Switzerland to the USA. This takes place without differentiation, restriction or exception related to the purpose and without any objective criterion making it possible to limit the access of the US authorities to the data and their subsequent use for specific, strictly limited purposes that might justify the intervention related to accessing such data and their use. In addition, please note that there is no judicial remedy in the USA for affected persons from Switzerland that could enable them to gain access to the information concerning them and to correct or delete it, nor is there any effective legal redress against general rights of access of the US authorities. We explicitly stress this legal and factual situation to affected persons to enable them to take an informed decision on consenting to the use of their data.

We stress to users residing in a member state of the EU that, in the view of the European Union, the USA does not have a sufficient level of data protection, based on the issues referred to in this section among others. In cases where we have explained in this Data Protection Declaration that recipients of data (e.g. Google) are headquartered in the USA, we will ensure that your data are protected by our partners at a sufficient level, either through contractual arrangements with those companies or by ensuring the certification of those companies under the EU or Swiss-US Privacy Shield.

You have the right to receive information on your personal data stored by us on request. In addition, you have the right to correct incorrect data and the right to deletion of your personal data, unless this is prevented by a legal obligation to preserve data or if permission has been granted for us to process the data.

You also have the right to demand the return from us of data that you have given us (right to data portability). On request, we will also transfer your data to third parties of your choice. You have the right to receive the data in a common file format.

For the aforementioned purpose, you may reach us at the email address: hello@nelsiecosmetics.com. We may at our discretion request proof of identity in order to process your requests.

We use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

You should always keep your access data confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.

We also take internal data protection very seriously. Our employees and the service companies commissioned by us have been obligated by us to maintain confidentiality and to comply with the provisions of data protection law.

We store personal data only as long as it is necessary to use the tracking and analysis services mentioned above as well as the further processing within the scope of our legitimate interest. Contractual data is retained by us for longer periods of time, as this is required by legal retention obligations. Retention obligations, which oblige us to retain data, result from accounting regulations and from tax law regulations. According to these regulations, business communications, concluded contracts and accounting records must be kept for up to 10 years. Insofar as we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.