Smile Secret GmbH & Co. KG, Domänenweg 1c, 31171 Nordstemmen (hereinafter referred to as "provider" or "we") is the developer and operator of "Smile- Secret". We take the protection of your personal data very seriously and observe the requirements of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG) when collecting, processing and using your data. The following explanation shows you an overview about the way we guarantee this protection and which types of data are collected for which purposes.
1. Collection, processing and use of personal data
"Personal data" are all individual details about your personal or factual circumstances. This includes all information which allows one to draw conclusions about your identity (e.g. name, address, e-mail address, bank details, etc.).
The collection, storage and processing of personal data is governed exclusively by the applicable law. We commit ourselves to dealing with the data provided by you responsibly and with the greatest care.
The "SmileSecret" website and our systems are protected by technical and organizational measures against the loss, destruction, access, modification or dissemination of your data by unauthorized persons. However, despite regular checks, complete protection against all risks is not possible.
2. Purposes of the processing of your personal information
We process personal information in order to operate, provide and improve our offerings which we offer our customers. We use the data we receive from you to:
- provide You with our services, including to give You access to your profile and our website,
- to identify You as a registered user when You log in to our website and revisit it,
- to process payments,
- to provide logistics services including tracking,
- to improve the website and our services,
- to answer Your questions and provide the appropriate customer service,
- to send You our newsletter,
- to recommend personalized offers on the website,
- to enable our social sharing features; this includes providing You with the option to connect with members of Your network who are also SmileSecret customers and one or more social networks,
- to carry out various internal business activities, g. data analysis, controls, monitoring and preventive measures to protect against fraud attempts, development of new products and services, improvement or revision of the website or our services, determination of usage trends, determination of the effectiveness of our advertising campaigns and implementation and expansion of our business activities,
- to ensure compliance with legal regulations and procedures, as well as compliance with public and governmental agency requirements, applicable industry standards and our internal policies,
- to enforce our terms and conditions,
- to protect our business or that of our affiliates,
- our rights, our privacy, our security or our property and/or those of our affiliates to protect You or others,
- to allow us to avail ourselves of any remedies and limit any damages which we may
We will also use this information in other ways, for which we provide separate information at the time of collection.
3. Data collection when visiting our website
In the case of merely informative use of our website, i.e. if the user does not register or otherwise inform us, we only collect data which the browser transmits to our server (so-called "server log files"). When You visit our website, we collect the following data which are technically necessary for us to display the website to You:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which You accessed the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
Processing is carried out in accordance with art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. We reserve the right, however, to check the server log files subsequently, in the event that concrete evidence should point to illegal use.
4. Newsletter / Revocation of consent for Newsletter
On the SmileSecret website, users are given the opportunity to subscribe to our company newsletter. Which personal data are transmitted to the controller upon ordering the newsletter is determined by the input form used for this purpose.
SmileSecret informs its customers about offers of the company at regular intervals by way of a newsletter. Our company's newsletter can only be received by the data subject if
a) the data subject has a valid e-mail address and
b) the data subject registers for the newsletter
For legal reasons, a confirmation e-mail will be sent to the email address entered by a data subject for the first time for newsletter mailing using the double-opt-in procedure. This confirmation e-mail serves to check whether the owner of the e-mail address has authorized the receipt of the newsletter as the data subject.
When registering for the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration assigned by the Internet Service Provider (ISP) as well as the date and time of registration. The collection of these data is necessary in order to trace the (possible) misuse of a data subject's e-mail address at a later point in time and therefore serves for the legal protection of the data subject.
The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. In addition, subscribers to the newsletter may be notified by email if this is necessary for operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes. The personal data collected in the context of the newsletter service will not be passed on to third parties. Subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given us for the newsletter dispatch, can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to inform the controller of this in another way.
You can revoke your consent to the receipt of the newsletter at any time with effect for the future by declaring the request to the provider under the following contact details:
Smile Secret GmbH & Co. KG
D – 31171 Nordstemmen
For the revocation of your consent to receiving the newsletter you will incur no costs, except the costs of transmission according to the respective base tariff of your telephone/Internet provider.
5. Data processing when opening a customer account and for contracting
According to Art. 6 para. 1 b GDPR, personal data will continue to be collected and processed if you inform us of this for the execution of a contract or when opening a customer account. The type of data collected is indicated in the respective input forms. A deletion of your customer account is possible at any time and can be carried out by sending a message to email@example.com. We store and use the data communicated by you for the fulfillment of contractual obligations. After complete processing of the contract or deletion of your customer account, your data will be blocked in consideration of tax and commercial retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by our site, about which we will inform you accordingly below.
To process your order, we work together with service providers who support us wholly or partially in the execution of closed contracts. Certain personal data are transferred to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of the contract, insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution within the framework of processing payment, if this is necessary for processing payment. The legal basis for the transmission of the data is art. 6 1 lit. b GDPR.
6. Facebook connection
We offer you the opportunity to recommend offers, products, promotions and messages via Facebook. For this we use social plugins from Facebook. These are operated exclusively by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook).
If you are logged into Facebook during your visit to smilesecret.de, Facebook can assign the pages you have visited to your account on Facebook. By interacting with the social plugins (clicking etc.), the information generated by the interaction is transmitted to Facebook and stored there. You can prevent this by logging out of Facebook before you visit our website
It is also possible to block social plugins from Facebook in general. There are extensions for the respective browser (e.g. the Facebook Blocker), which you have to install and activate for your browser.
7. Youtube Plugin
This website uses plugins from Youtube. These services are provided by Youtube, LLC, Cherry Ave., United States (Youtube), represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (Google).
When setting up the website in your browser, the code of the "Youtube" button is requested directly from a Youtube/Google server through your browser and integrated into the "SmileSecret" website which appears in your browser. We therefore have no influence on the extent of the data retrieved from Youtube/Google.
If you are logged in to Youtube with your account, the collected information will be assigned to your account/Google account. By interacting with the Youtube plugins (clicking etc.), the information generated by the interaction is transmitted to Youtube/Google and stored there. You can prevent this by logging out of Facebook before you visit our website.
Google does not record your visits to the internet and your browsing history permanently and does not evaluate your visit to a page with a Youtube button in any other way. However, at short notice, typically for about two weeks, Google will collect some information about your visit for system maintenance and troubleshooting purposes. However, these data are not structured according to individual profiles, usernames or URLs.
For more information on the purpose and scope of the collection, storage and processing of your data from Youtube/Google and on settings, please visit: https://policies.google.com/privacy?hl=en&gl=en.
Please also inform yourself there, as the privacy policies of the Google products are regularly updated and adjusted due to advanced functionality.
8. Instagram Plugin
This website uses plugins from Instagram. These services are provided by Instagram, LLC, 1601 Willow Rd. Menlo Park, CA 94025, United States.
When setting up the website in your browser, the code of the Instagram plugin is requested directly from an Instagram server through your browser and integrated into the Internet page of "SmileSecret" which appears in your browser. We therefore have no influence on the scope of the data retrieved from Instagram.
For more information on the purpose and scope of collecting, storing and processing your Instagram data and settings, please visit: https://help.instagram.com/519522125107875?helpref=page_content.
Please also inform yourself there, as the privacy policies of the Instagram products are regularly updated and adjusted due to extended functionality.
9. Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files which are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to a Google server in the USA and stored there. The IP address is anonymized by us (anonymi- zeIp()so-called IP-Masking), therefore your IP address will be shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and truncated there. On behalf of the provider, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage against the provider. The IP address which your browser transmits within the scope of Google Analytics is not merged with any other data held by Google.
More information about Google Analytics can be found here: https://support.google.com/analytics/answer/6004245?hl=en.
10. Use of Google AdWords
The 'SmileSecret' website uses the Google AdWords online advertising program and the Google LLC conversion tracking as part of Google AdWords, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. We are interested in showing you advertisements which are of interest to you, in making our website more interesting for you and in achieving a fair calculation of advertising costs.
The cookie for conversion tracking is set when a user clicks on an ad placed by Google. Cookies are small text files which are saved on your computer system. These cookies expire after 30 days and are not used for personal identification. If you visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that you clicked on the ad and proceeded to that page. Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of Adwords customers. The information obtained using the conversion cookie information is used to create conversion statistics for the Adwords customers who have opted in to conversion tracking.
Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information which personally identifies users. If you do not wish to participate in tracking, you can refuse by simply deactivating the Google conversion tracking cookie via your internet browser settings. By doing so, you will not be included in the conversion tracking statistics.
Cookies are small pieces of information which the website stores on the hard disk of your computer, tablet or smartphone. Please note that HTML5 has introduced the feature Web Storage, which is similar to cookies and which we therefore consider to be a cookie in the following.
Cookies contain information which the website uses to improve the efficiency of communication between you and your web browser. Cookies identify your computer or device, not you as a specific user.
We set session cookies, persistent cookies, session cookies for HTML5 sessionStorage and HTML5 localStorage as well as HTML5 sessionStorage objects, which are temporary and will be deleted after closing your internet browser. Persistent cookies are stored for a longer duration and remain on your computer until they are deleted. Persistent cookies expire or clear themselves after a certain amount of time, depending on the cookie, but are refreshed each time you visit the website. HTML5 localStorage objects are permanent and remain on your computer until they are deleted.
You can prevent the setting of a cookie by setting your Internet browser so that all cookies are deleted when closing the browser window. You can also delete the cookies stored on your computer at any time. For more information about cookies, including the question of the danger of cookies, you can find the following link on the page of the Federal Office for Information Security.
Generating statistics: for measuring website traffic, such as the number of website visitors, what domain visitors come from, what pages they visit on the website, and what geographic areas they are in.
Monitoring website performance and your use of our website: for monitoring website performance, our applications and infrastructure and how you use our website.
How to register and improve the functionality of our website: to optimize the user experience on the website, which includes a reminder function for your username and password when you revisit the website, a reminder function for your browser and the preferred settings (e.g. Your preferred language).
12. Legal basis for the processing
Art. 6 para. 1 lit. a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processingof personal data is necessary for the performance of a contract to which the data subject is a party, as is the case for example with processing operations necessary for the delivery of goods or the provision of other services or considerations, the processing is based on Art. 6 para. 1 (b) GDPR. The same applies to such processing processes which are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfill tax obligations, the processing is based on Art. 6 para. 1 c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. Then the processing would be based on Art. 6 para. 1 d) GDPR. Ultimately, processing operations could be based on art. 6 para. 1 (f) GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not take priority. We are allowed to carry out such processing procedures because they have been specifically mentioned by the European legislator. In this respect, a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, clause 2, GDPR).
13. Legal obligation to distributiv personal data to third parties
We point out that we are obliged to transfer your personal data to third parties in certain cases by law (e.g. in law enforcement actions).
14. Your rights
We would like to inform you briefly about the data protection rights which you can exercise towards us:
Information and access law
You have the right at any time to obtain information about any personal data related to you which is stored on our servers. Please send an e-mail to firstname.lastname@example.org.
Right of correction
SmileSecret may only process applicable data about you. If you find out - for example by exercising your right to information - that a date about you is incorrect or has become inaccurate, we are in principle obliged to correct it immediately.
Right of deletion
Right to object
You are entitled to a right of objection to (further) data processing in the case of processing on the basis of the legal basis "legitimate interest" as well as processing on the basis of consent.
Right to lodge a complaint with the supervisory authorities
You have the right to file a complaint with a data protection authority. For this you can, for example, contact the data protection authority, which is responsible for your place of residence or your state, or the data protection authority responsible for us. This is the Berlin Commissioner for Data Protection and Freedom of Information.
You also have the right to receive data which you have provided to us in a structured, common and machine-readable format and - as far as technically feasible - to require the data to be transmitted to a third party.
15. Further information on data protection at "SmileSecret"
As of 15/06/2020