1. Categories of Personal Data and Processing Purposes - What personal data do we process about you and why?
You may use the Website without providing any personal data about you. In this case, we will collect only the following metadata that result from your usage of the Website browser type and version, operating system and interface, website from which you are visiting us (referrer URL), webpage(s) you are visiting on our Website date and time of accessing our Website, and internet protocol (IP) address.
Your IP address will be used to enable your access to our Website. The metadata, including the shortened IP address, will be used to improve the quality and services of our services by analyzing the behavior of our users.
1.2 Contact form
On our website, we offer you the opportunity to contact us via a contact form. For this we need the following personal data from you: salutation, full name, email, phone number, and message. The personal data that you provide us in the context of this contact request will only be used to answer your inquiry / contact request and for the associated technical administration. The transfer to third parties does not take place. Your personal data will be deleted as soon as we have processed your request or you revoke your according consent.
1.3 Salon Finder
Via our website you have the opportunity to find the nearest salons to your location that offer our products. You have the option of having your location determined by geolocation based on your IP address or by manually entering a postal code or address. There is no storage or linking of your location data with other personal data.
1.4 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.
You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser: tools.google.com/dlpage/gaoptout.
As an alternative to the browser plug-in and especially for mobile browsers, please click on the following link to set an opt-out cookie. This opt-out cookie prevents detection by Google Analytics within this website. www.goldwell.se/privacy-policy/?google-analytics-opt-out=true
2. Processing Basis and Consequences - What is the legal justification for processing your personal data and what happens if you choose not to provide it?
• We rely on your consent for the collection, processing, and use of your personal data your consent to the processing of your data for example in order to provide you with a newsletter or answer to your online inquiries or questions
The provision of your personal data is not required by a statutory or contractual obligation. The provision of your personal data is not necessary to enter into a contract with us or to receive our services/products as requested by you. The provision of your personal data is voluntary for you.
Not providing your personal data may result in disadvantages for you, for example, we may not be able to answer your request or you may not be able to fully experience the website. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.
3. Categories of Recipients and International Transfers - Who do we transfer your personal data to and where are they located?
We may transfer your personal data to third parties for the processing purposes described above as follows:
• Within the Kao Company: Our parent entity, the Kao Corporation, in Japan and each of its affiliates and subsidiaries (each affiliate or subsidiary including us referred to as "Kao Company"; collectively, the "Kao Group") within the global Kao Group www.kao.com/global/en/about/outline/group-companies may receive your personal data as necessary for the processing purposes described above. Depending on the categories of personal data and the purposes for which the personal data has been collected, different internal departments within the Kao Company may receive your personal data.
• For example, our IT department may have access to your account data, and our eCommerce and sales departments may have access to your account data or data relating to product orders]. Moreover, other departments within the Kao Company may have access to certain personal data about you on a need to know basis, such as [the legal department, the finance department or internal auditing].With data processors: Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data under appropriate instructions ("Processors") as necessary for the processing purposes described above, such as Website service providers, order fulfilment providers, customer care providers, marketing service providers, IT support service providers, and other service providers who support us in maintaining our commercial relationship with you. The Processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data, and to process the personal data only as instructed Our currently engaged processors are: : Synergetic AG (www.synag.de/de) and Amazon Web Services (aws.amazon.com).
• Other recipients: We may transfer - in compliance with applicable data protection law - personal data to law enforcement agencies, governmental authorities, judicial authorities, legal counsel, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition. We will not disclose your personal data to third parties for advertising or marketing purposes or for any other purposes without permission.
Any access to your personal data is restricted to those individuals that have a need-to-know in order to fulfill their job responsibilities.
4. Retention Period - How long do we keep your personal data?
Your personal data will be retained as long as necessary to provide you with the services requested. Once you have ended your relationship with us or once your request has been answered, we will remove your personal data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which the Kao Company is subject, e.g., taxation purposes).
We may retain your contact details and interests in our products or services for a longer period of time if the Kao Company is allowed to send you marketing materials. Also, we may be required by applicable law to retain certain of your personal data for a period of 10 years after the relevant taxation year. We may also retain your personal data after the termination of the contractual relationship if your personal data are necessary to comply with other applicable laws or if we need your personal data to establish, exercise or defend a legal claim, on a need to know basis only. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.
5. Your Rights - What rights do you have and how can you assert your rights?
Right to withdraw your consent: If you have declared your consent regarding certain collecting, processing and use of your personal data (in particular, regarding the receipt of direct marketing communication via email you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. Please contact us as stated in Section 7 below to withdraw your consent. Further, you can object to the use of your personal data for the purposes of marketing without incurring any costs other than the transmission costs in accordance with the basic tariffs.
Additional data privacy rights: Pursuant to applicable data protection law, you may have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data; (iv) request restriction of processing of your personal data; (v) request data portability; and/or (vi) object to the processing of your personal data (including objection to profiling).
Please note that these aforementioned rights might be limited under the applicable local data protection law. Below please find further information on your rights to the extent that the GDPR applies:
• Right to request access to your personal data: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. This access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
You may have the right to obtain a copy of the personal data undergoing processing free of charge. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
• Right to request rectification: You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• Right to request erasure (right to be forgotten): Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
• Right to request restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In such case, the respective data will be marked and may only be processed by us for certain purposes.
• Right to request data portability: Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
• Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Such right to object may especially apply if we collect and process your personal data for profiling purposes in order to better understand your interests in our products and services or for direct marketing.
If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You may exercise this right by contacting us as stated in Section 7 below.
Such a right to object may, in particular, not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
To exercise your rights, please contact us as stated under Section 7 below. You also have the right to lodge a complaint with the competent data protection supervisory authority.
6. Cookies and other tracking technologies
7. Questions and Contact Information
For further information and statutory rights, please go to www.kao.com/global/en/EU-Data-Subject-Request.