Privacy Policy

1. Controller and Contact Details

DermaPerfect GmbH, Am Sonnenrain 9a, 79539 Lörrach, Germany
Phone (WhatsApp): +49 170 702 96 87
Email: info@derma-perfect.com

Datenschutz: datenschutz@derma-perfect.com

Website: www.derma-perfect.de Supervisory Authority: The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, Germany

Email: poststelle@lfdi.bwl.de

2. Overview of Processing

We process personal data for our business operations, including TikTok Shop sales, partnerships with resellers and influencers, and marketing.

Data categories:

- Inventory data (e.g. name, address, date of birth)
- Contact data (e.g. email, phone number, WhatsApp)
- Payment data (e.g. bank account, credit card info)
- Content data (e.g. text entries, skin photos – voluntary)
- Usage data (e.g. anonymized IP, browser type, access times)
- Interaction data (e.g. likes, comments on social media)
- Health data (e.g. skin type, allergies – voluntary)
- Contract and commission data (e.g. for partners)

Data subjects:

- Customers and prospects
- Users of our website and social media channels
- Authorized resellers, influencers and affiliates
- Subscribers (newsletter, WhatsApp)

Purposes:

- Contract fulfillment and delivery
- Customer service and product advice
- Marketing and reach analysis
- Partner management and commission billing
- Technical provision of website
- Legal obligations (e.g. retention)

3. Legal Basis for Processing

Processing under Art. 6 GDPR:

- Consent (a): e.g. for newsletters or health data (Art. 9(2)(a) for special categories).
- Contract fulfillment (b): e.g. order processing.
- Legal obligation (c): e.g. tax law.
- Legitimate interests (f): e.g. IT security, remarketing (with right to object).

Consent may be withdrawn at any time without affecting prior processing.Legal basis: Art. 6 (1) (f) GDPR (legitimate interest)

4. Security Measures

We implement technical and organizational measures (TOMs) under Art. 32 GDPR:

- SSL/TLS encryption for website and emails
- Access controls (2FA)
- Regular backups and updates
- Firewall, monitoring, logging
- Employee training
- Data Processing Agreements (Art. 28 GDPR) with service providers

Data breaches are reported within 72h to the authority and, if high risk, to affected individuals.

5. Data Recipients

Data may be shared with:

- Payment providers: PayPal, Klarna, Stripe, TikTok Payment
- Shipping providers: DHL, DPD, UPS
- Social media: TikTok (ByteDance), Instagram/Facebook (Meta)
- Marketing tools: Google Analytics, TikTok/Facebook Pixel
- IT service providers: hosting, cloud services
- Partners: resellers, influencers, affiliates
- Consultants: tax advisors, auditors
- Authorities: where legally required

All recipients are contractually bound.

6. International Data Transfers

Transfers to third countries (e.g. USA, China) are based on GDPR safeguards:

USA: EU-U.S. Data Privacy Framework (Meta, Google)
China/Singapore (TikTok): Standard Contractual Clauses (2021/914), plus encryption and pseudonymization. Risk assessment available upon request.

You have the right to object to transfers to TikTok/ByteDance.

7. Storage and Deletion

Data is deleted once the purpose no longer applies, subject to retention laws:

- Customer data: 10 years (tax law)
- Order data: 6 years (commercial law)
- Marketing data: 3 years after last interaction
- Cookie data: max. 13 months
- Applicant data: 6 months after rejection

8. Data Subject Rights

You have the following GDPR rights:

- Access (Art. 15): information about processed data
- Rectification (Art. 16): of inaccurate data
- Erasure (Art. 17): “right to be forgotten”
- Restriction (Art. 18): of processing
- Portability (Art. 20): structured format
- Objection (Art. 21): to processing, especially marketing/profiling
- Withdrawal (Art. 7(3)): of consent
- Complaint (Art. 77): with authority (see section 1)

Requests will be processed within one month. Cross-border complaints: max. 3 months (from June 2025).

9. Automated Decisions, Profiling and AI Systems

We use profiling for personalized recommendations (legitimate interest, right to object). No automated decisions with legal effect.

AI systems (e.g. skin analysis, influencer matching, chatbot):

- Risk classification: low
- Human oversight and opt-out possible
- Photos/chat data stored max. 30 days

10. Cookies and Tracking

We use cookies via our consent banner. The settings can be adjusted at any time.

Categories of cookies we use:

Necessary cookies:
- Example: session cookies
- Purpose: ensure basic website operation
- Duration: until the end of the session

Functional cookies:
- Example: language settings
- Purpose: improve user experience
- Duration: 1 year

Analytics cookies:
- Example: Google Analytics, TikTok Analytics
- Purpose: statistical analysis of website usage
- Duration: up to 13 months

Marketing cookies:
- Example: TikTok Pixel, Facebook Pixel
- Purpose: retargeting and personalized advertising
- Duration: up to 90 days

Opt-out links:
- Google: https://tools.google.com/dlpage/gaoptout
- TikTok: https://www.tiktok.com/legal/privacy-policy
- Facebook: https://www.facebook.com/settings?tab=ads

11. Social Media Presence and TikTok Shop

Joint responsibility with platforms (agreements available at datenschutz@derma-perfect.com).

TikTok Shop:
- Data: user ID, purchases, interactions
- Purpose: order processing, marketing
- Privacy: https://www.tiktok.com/legal/privacy-policy

Instagram/Facebook:
- Insights: aggregated statistics
- Agreement: https://www.facebook.com/legal/terms/page_controller_addendum

12. Partners, Resellers and Influencers

Data processed: contact, commissions, KPIs.
Purpose: cooperation and billing.
Legal basis: contract fulfillment.

13. Newsletter and Direct Marketing

Email newsletters: double opt-in. Content: offers, tips. Unsubscribe via link or email.

WhatsApp: separate consent, opt-out via “STOP”.
Performance measurement: open/click rates (opt-out available).

14. Protection of Minors

Services available from age 18. TikTok Shop: age verification. 16–17-year-olds require parental consent for purchases/newsletters.

No advertising to under-16s.

15. EU Data Act – Extended Data Portability

From September 12, 2025: expanded rights to access/portability.

- Export in JSON/CSV
- API access for third parties (on request)
- Note: no IoT products, limited application

16. GDPR Simplifications for SMEs

As a company with <250 employees, simplified records are kept (Art. 30 GDPR), full records only for high-risk processing (e.g. health data, transfers).

17. Changes to this Privacy Policy

We may update this policy when necessary. Substantial changes will be communicated by email. Current version: https://derma-perfect.com/en/privacy-policy/

18. Contact and Questions

Email: datenschutz@derma-perfect.com
Phone (WhatsApp): +49 170 702 96 87
Mail: DermaPerfect GmbH, Datenschutz, Am Sonnenrain 9a, 79539 Lörrach, Germany

Responses within 30 days.

Last update: August 17, 2025

Go back

Navigate

Home

About Us

Shop

Account

Socials

Legal / Copyright

Legal Notice

Privacy Policy

Terms & Conditions

Cancellation Policy

Shipping Methods

Payment Methods

ODR

Newsletter

© 2025 DermaPerfect GmbH. All rights reserved.

Enjoy 15% off
your first purchase