Privacy and Data Protection

We, Saida Nails GmbH, represented by Saida Nasirova, appreciate your interest in visiting our website and shop. Protecting your privacy is very important to us. Below, we provide detailed information about how your data is handled when you visit our website www.saida-nails.de, as well as when you use the online shop at https://saida-nails.de (hereinafter collectively referred to as “our website”).

Provider and responsible body within the meaning of the Data Protection Law

The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union, and other provisions with data protection character is:

Saida Nails GmbH
represented by Saida Nasirova
Siedlungsweg 5
94315 Straubing
Germany

Tel.: +49 9421 7038200
E-mail: info@saida-nails.de
Website: www.saida-nails.de

Scope of application

With this privacy policy you will receive information about the type, scope, and purpose of the collection and use of your data by the responsible provider.

The protection of your personal data is a matter we take seriously. In principle, the use of this website is possible without providing any personal data. However, if you wish to use special services of our company via this website, the processing of personal data may be required. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.

The processing of your personal data (e.g., name, address, email address, telephone number) always takes place in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection provisions applicable to our company. Through this privacy policy, we would like to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy will inform you of your rights.

As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, Internet-based data transmissions can, in principle, have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, for example, by telephone.

Collection, Processing, and Use of Personal Data

You can visit our website without providing any personal information. We then only store access data without personal reference (such as the name of your Internet service provider, the page from which you visit us, or the name of the requested file). These data are evaluated exclusively to improve our offer and do not allow any conclusions to be drawn about your person.

Personal data is only collected if you voluntarily provide it to us as part of your registration as a customer for the online shop https://saida-nails.de and/or when placing an order or booking a training course. We use the data you provide (such as title, name, address, date of birth, email address, telephone number, fax number, bank details) without separate consent exclusively for the fulfillment and processing of the order. Your personal data will be collected, processed, and stored by us exclusively in accordance with the provisions of German data protection law (in particular in accordance with the Federal Data Protection Act and the Telemedia Act and from 25.05.2018 in accordance with the GDPR).

Legal Basis of Processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Art. 6 I lit. d GDPR.

Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases, if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and fundamental freedoms of the data subject do not outweigh. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In that regard, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

Legitimate Interests in the Processing Pursued by the Controller or a Third Party

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business for the benefit of the well-being of all our employees and our shareholders, the targeted and relevant information of our customers about our products and offers, as well as the optimization of our online shop.

Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner).

Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data that must subsequently be processed by us. The data subject is obliged to provide us with personal data, for example, when our company concludes a contract with him. Failure to provide personal data would mean that the contract with the data subject could not be concluded.

Before providing personal data by the data subject, the data subject must contact us. We will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the non-provision of the personal data would have.

Contact Option via the Website

This website contains information required by law that enables quick electronic contact with our company as well as direct communication with us, which includes a general address of so-called electronic mail (email address). If you contact us by email or via a contact form, the personal data you transmit will be automatically stored. Such personal data voluntarily transmitted by you to us (e.g. name, address, telephone number, email address) are stored solely for the purpose of processing or contacting you. There is no transfer of this personal data to third parties.

Disclosure of Personal Data

Your data will only be passed on if this is necessary for the fulfillment of the contractual relationships. For the processing of payments, we pass on your payment data to the credit institution commissioned with the payment. Your personal data will not be passed on to other third parties or used for advertising or similar purposes without your express consent.

With complete processing of the contract and complete payment of the purchase price, all personal data that you have communicated to us within the scope of the order via https://saida-nails.de will be blocked for further use and deleted after the expiry of the tax and commercial law retention periods, unless you have expressly consented to the further use of your data. The same applies to the data that you have left us when concluding a contract for the provision of a service.

Duration for which the Personal Data are Stored

We store personal data in accordance with the principles of data avoidance and data minimization for a maximum of as long as it is provided for in accordance with the respective statutory retention period. After expiry of this period, the corresponding data will be routinely deleted, provided that they are no longer required for contract fulfillment or contract initiation.

Routine Deletion and Blocking of Personal Data

We process and store your personal data only for the period of time that is necessary to achieve the storage purpose or if this has been provided for by the European Directive and Regulation or another legislator in laws or regulations to which we are subject.

If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be routinely deleted in accordance with the statutory provisions.

Automatic Deletion of Inactive Customer Accounts

In order to fully guarantee your right to deletion (right to be forgotten) according to Art. 17 GDPR, unused customer accounts, including associated personal data, will be deleted from our database after an inactivity period of at least 3 years. For this purpose, the date of the corresponding last shop access is read out via a script in order to determine the activity or inactivity of the account. The deletion takes place at irregular intervals.

Excluded from this automatic deletion are personal data that are mandatory for tax law issues and are subject to a statutory retention period.

PayPal

Our website enables payment via PayPal (including payment by credit card, SEPA direct debit). The provider of the payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal assumes the function of an online payment service provider as well as a trustee and offers buyer protection services in this context.

If you pay with PayPal, the payment data you enter will be transmitted to PayPal, which is necessary for payment processing. For the purchase contract processing, such personal data are also necessary, which are related to the respective order (e.g. number of items, item number, invoice amount/taxes, other invoice information). The transmission of your data is necessary for payment processing via PayPal and takes place on the basis of Art. 6 para. 1 lit. a GDPR (consent) as well as Art. 6 para. 1 lit. b GDPR (processing for the fulfillment of a contract). PayPal may pass on your personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of the contractual obligations or the data are processed on behalf.

Under certain circumstances, PayPal may pass on your transmitted personal data to credit agencies in the course of an identity or credit check. PayPal uses credit checks to decide on the provision of the respective payment method, taking into account the statistical probability of payment default. The credit report may contain probability values (so-called score values). Insofar as this is the case, the basis of these score values is a scientifically recognized mathematical-statistical procedure.

You can view which credit agencies are involved here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full#rAnnex

A revocation of your already granted consent to the processing of your data is possible at any time vis-à-vis Paypal. Data processing operations in the past remain effective in the event of a revocation, provided that the data had to be processed, used or transmitted for contractual payment processing.

You can access Paypal’s privacy policy here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Ratepay

Our website enables payment via Ratepay (purchase on account). The provider of the payment service is Ratepay GmbH, Ritterstr. 12-14, D-10969 Berlin, Germany, registered in the commercial register of the Charlottenburg (Berlin) District Court under HRB 124156 B. Ratepay assumes the function of an online payment service provider as well as a trustee.

If you pay with Ratepay, the payment data you enter will be transmitted to Ratepay, which is necessary for payment processing. For the purchase contract processing, such personal data are also necessary, which are related to the respective order (e.g. number of items, item number, invoice amount/taxes, other invoice information). The transmission of your data is necessary for payment processing via Ratepay and takes place on the basis of Art. 6 para. 1 lit. a GDPR (consent) as well as Art. 6 para. 1 lit. b GDPR (processing for the fulfillment of a contract). Ratepay may pass on your personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of the contractual obligations or the data are processed on behalf.

Under certain circumstances, Ratepay may pass on your transmitted personal data to credit agencies in the course of an identity or credit check. Ratepay uses credit checks to decide on the provision of the respective payment method, taking into account the statistical probability of payment default. The credit report may contain probability values (so-called score values). Insofar as this is the case, the basis of these score values is a scientifically recognized mathematical-statistical procedure.

A revocation of your already granted consent to the processing of your data is possible at any time vis-à-vis Ratepay. Data processing operations in the past remain effective in the event of a revocation, provided that the data had to be processed, used or transmitted for contractual payment processing.

Further information and data protection provisions of Ratepay can be found here: https://ratepay.com/legal-payment-dataprivacy/

Stripe

A) Controller and Data Processing

Stripe Payments Europe, Ltd., located at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, is a payment service provider that we use to process payments. When you place an order in our online shop and make a payment via Stripe, your payment data will be transmitted directly to Stripe.

The data processing takes place on the basis of Art. 6 para. 1 lit. b GDPR (contract fulfillment) and, if necessary, on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in the secure and efficient processing of payments.

b) Type of data processed

The processed data may include:

  • Payment information (e.g. credit card number, bank details, billing address),

  • IP address,

  • Email address,

  • Transaction details (e.g. amount, date, currency).

Stripe may pass on this data to other companies of the Stripe Group as well as to sub-processors, insofar as this is necessary for the fulfillment of contractual obligations or for compliance with legal regulations.

c) Further information

Stripe also processes your data in the USA. In order to ensure an adequate level of data protection, Stripe has implemented the standard contractual clauses of the European Commission. Further information on data processing by Stripe can be found in Stripe’s privacy policy: https://stripe.com/de/privacy.

Use of Weglot to Provide Multilingual Content

A) Controller and Data Processing

Weglot SAS, located at 138 Rue Pierre Joigneaux, 92270 Bois-Colombes, France, is a translation tool that we use to offer our online shop in different languages. Data is processed to provide the translation function.

The processing takes place on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to make our shop accessible to international customers and thus improve our customer service.

b) Type of data processed

Weglot processes in particular:

  • Texts that are displayed in your browser,

  • Language preferences,

  • IP address (for geolocation and language-specific display),

  • Browser information.

c) Data transfer

The data may be transferred to servers outside the European Union. Weglot ensures that an adequate level of data protection is guaranteed during data transfer, for example by concluding standard contractual clauses.

Further information can be found in Weglot’s privacy policy: https://weglot.com/privacy-policy/.

Subscription to our Newsletter

On our website, users are given the opportunity to subscribe to our company’s newsletter. Which personal data is transmitted to us when ordering the newsletter results from the input mask used for this purpose.

We inform our customers and business partners about offers from our company at irregular intervals by means of a newsletter. You can only receive our company’s newsletter if (1) you have a valid email address and (2) you register for the newsletter. For legal reasons, a confirmation email is sent to the email address you entered for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation email serves to check whether the owner of the email address as the data subject has authorized the receipt of the newsletter.

When you register for the newsletter, we also save the IP address assigned by the Internet service provider (ISP) of the computer system you used at the time of registration, as well as the date and time of registration. The collection of this data is necessary to be able to trace the (possible) misuse of your email address at a later point in time and therefore serves as our legal protection.

The personal data collected as part of a newsletter registration is used exclusively to send our newsletter. Furthermore, newsletter subscribers could be informed by email if this is necessary for the operation of the newsletter service or a related registration, as could be the case with changes to the newsletter offer or changes to the technical conditions. The personal data collected as part of the newsletter service will not be passed on to third parties. You can cancel your subscription to our newsletter at any time. To do this, simply send an email to newsletter@saida-nails.de stating your email address with which you registered with us in the shop or for the newsletter. Your deletion request will be carried out manually by our technical support staff.

Consent to the storage of personal data that you have given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking your consent, you will find the corresponding support email address newsletter@saida-nails.de in every newsletter.

Newsletter tracking
Our newsletters do not contain any tracking functions and do not collect any other statistical data.

Email Marketing Service Omnisend

We use Omnisend, a service of Omnisend, LLC, 6800 SW Meadows Rd, Suite 200, Lake Oswego, Oregon 97035, USA, for sending emails and newsletters. Omnisend serves us as a platform for the automated sending of emails such as reminders for abandoned shopping carts, emails for evaluating our products as well as newsletters and other marketing measures. In the following, we will inform you about the processing of your data in connection with the use of this service.

Processed data
When you sign up for our newsletter or register in our online shop as part of a purchase process, the following data is transmitted to Omnisend:

  • Your email address
  • First and last name (if provided)
  • Information about your orders (e.g. products purchased, time of purchase)
  • Usage data relating to behavior in emails (e.g. openings, clicks)
  • Information on canceled orders (e.g. contents of the shopping cart)

This data is used exclusively for sending information about our products, special offers and promotions as well as the automated sending of reminders or evaluation requests.

Transfer of data to a third country
Omnisend is based in the USA, a third country outside the European Union (EU). The transfer of data to Omnisend takes place on the basis of the standard contractual clauses of the European Commission (Art. 46 Para. 2 lit. c GDPR) in order to ensure an adequate level of data protection. Further information on the standard contractual clauses and the data protection guidelines of Omnisend can be found here: https://www.omnisend.com/privacy/.

Storage period
The data collected via Omnisend is stored as long as you have consented to receive our newsletter or as long as a customer relationship exists, unless otherwise required by law. As soon as you revoke your consent or object to the processing of your data, the data will be deleted immediately, unless there are legal retention requirements to the contrary.

Right of revocation and objection
You can revoke your consent to receive our newsletter at any time. A description of how to unsubscribe can be found at the end of each newsletter. You can send us an email to newsletter@saida-nails.de at any time to stop receiving further emails. The revocation of consent does not affect the legality of the processing carried out until the revocation.

Should you object to the use of your data for the above-mentioned purposes, we will no longer process your data for these purposes.

Further information
Further information on data protection at Omnisend and the measures taken to protect your data can be found in Omnisend’s privacy policy: https://www.omnisend.com/privacy/.

Use of Cookies

We use so-called “cookies” on various sub-pages of our website in order to make your visit to our website attractive and to enable the use of certain functions. “Cookies” are small text files that are stored on your computer. Most of the cookies we use are deleted from your hard drive at the end of the browser session (so-called session cookies). Other cookies permanently store data and thus enable you, for example, to log into our website as an already registered user without having to re-enter your username and password. These cookies are permanently stored on your computer and enable us to recognize your computer on your next visit (permanent cookies).

The data collection and storage in the context of cookies can also be contradicted at any time with effect for the future by preventing the acceptance of cookies yourself by settings in your Internet browser. In your Internet browser you can in particular set whether you want to allow cookies in general on your computer, you are informed about the setting of cookies and decide on the acceptance from case to case or whether you exclude the acceptance of cookies in principle. If cookies are not accepted, the functionality of our site, in particular the functionality of the online shop at https://saida-nails.de, may be limited.

Below you will find a description of how to set whether you want to allow cookies on your computer using the example of Windows Internet Explorer 9:

Tools I Internet Options I Privacy I Advanced I Override automatic cookie handling I Confirm each time I OK I OK.

If you have made these settings, a warning message will appear when you visit a page that uses cookies. After clicking the Details button, the properties and content of the cookies are displayed. You then have the option of allowing or rejecting the individual cookies. Other browsers such as Mozilla Firefox or Google Chrome also allow such settings.

Note on Google Analytics

Our website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics also uses cookies that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website and to compile reports on website activity for website operators. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Google will not associate your IP address with any other data held by Google. Under the item “Cookies” you will find instructions on how you can prevent and/or restrict data collection and storage by means of cookies through appropriate settings in your browser. By using this site, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Finally, we would like to point out that you can also completely prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

We would like to point out that on this website Google Analytics has been extended by the code “gat._anonymizelp();” in order to guarantee anonymized collection of IP addresses. Due to the activation of IP anonymization on this website, your IP address will, however, be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Data Protection Regulations on the Use and Application of Google AdWords

We have integrated Google AdWords on this website, a service for Internet advertising that allows advertisers to place ads both in Google’s search engine results and in the Google advertising network. Google AdWords enables an advertiser to predefine specific keywords by means of which an ad is displayed in Google’s search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the ads are distributed to thematically relevant Internet pages using an automatic algorithm and in compliance with the previously defined keywords.

The operating company of Google AdWords services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of Google AdWords is to promote our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine and by displaying third-party advertising on our website.

If a data subject reaches our website via a Google ad, Google will store a so-called conversion cookie on the information technology system of the data subject. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, such as the shopping cart of our online shop system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a data subject who has reached our website via an AdWords ad has generated sales, i.e. has completed or canceled a purchase of goods.

The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who have been referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertising customers receive information from Google that could be used to identify the data subject.

With the help of the conversion cookie, personal information, such as the Internet pages visited by the data subject, is stored. Each time you visit our website, personal data, including the IP address of the Internet connection used by the data subject, is therefore transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the option of objecting to interest-based advertising by Google. To do this, the data subject must access the link www.google.de/settings/ads from each of the Internet browsers they use and make the desired settings there.

Further information and Google’s applicable data protection regulations can be found at https://www.google.de/intl/de/policies/privacy/.

Embedded Content from External Websites

Posts and sub-pages of our website may contain embedded content (e.g. videos) from external websites (e.g. Facebook, Youtube, etc.). Embedded external content behaves exactly as if you, as a visitor to our website, were visiting the other corresponding website at the same time. The external websites belonging to the embedded content can collect personal data about you, use cookies (see section “Cookies”), embed additional tracking services from third parties and record your interaction with the embedded content. If you have your own user account on the corresponding external website (e.g. a user account on Youtube, Facebook or similar) and are logged in there at the same time as visiting our website, your interactions with the content embedded on our website can be transferred to your user account and logged in it. If you do not want this, please log out of the corresponding website beforehand.

Social Media Plug-Ins

We do not use any social media plug-ins on this website. Behind all other displayed logos of social networks (e.g. Youtube or Facebook) there is a normal link to the corresponding social network page of our company.

Google Maps

We use the product Google Maps from Google Inc as an embedding to display the location of our company on this website. By using this website, you consent to the collection, processing and use of the data collected automatically by Google Inc, its representatives and third parties. The exact terms of use of Google Maps can be found here: Google Maps Terms of Use.

The operating company of the Google Maps service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Rights of the Data Subject

Every data subject has the rights listed below granted by the European legislator for directives and regulations vis-à-vis the controller (our company).

a) Right to confirmation
You can request confirmation as to whether personal data relating to you is being processed by us.

b) Right to information (Art. 15 GDPR)
You can obtain information free of charge at any time about the personal data we have stored about you and a copy of this information. Furthermore, you have the right to receive information about the following information:

  • the processing purposes
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organizations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by us or a right to object to such processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • if the personal data are not collected from you: Any available information as to their source
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you 1 and 4 GDPR and – at least in those cases – meaningful information about the logic involved, as well as the scope and the intended effects of such processing for you

Furthermore, you have the right to be informed as to whether personal data have been transferred to a third country or to an international organisation. Where this is the case, you have the right to be informed of the appropriate safeguards relating to the transfer.

c) Right to rectification (Article 16 GDPR)
You can request the immediate correction of incorrect personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

d) Right to erasure (‘right to be forgotten’) (Article 17 GDPR)
You can request us to erase personal data concerning you without undue delay, where one of the following grounds applies and as long as the processing is not necessary:

  • The personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
  • You withdraw your consent on which the processing is based according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, and there is no other legal ground for the processing.
  • You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
  • The personal data have been unlawfully processed.
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.

If one of the aforementioned reasons applies, and you want to initiate the erasure of personal data that is stored by us, you can contact us at any time. We will comply with the erasure request without undue delay.

Where we have made the personal data public and are obliged as the controller pursuant to Art. 17 para. 1 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data, as far as the processing is not required. We will arrange what is necessary in individual cases.

e) Right to restriction of processing (Article 18 GDPR)
You can request us to restrict the processing at any time, if one of the following conditions is given:

  • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
  • We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
  • You have objected to processing pursuant to Art. Art. 21 para. 1 GDPR pending the verification whether our legitimate grounds override yours.

If one of the aforementioned conditions is given and you want to request the restriction of personal data that is stored by us, you can contact us at any time. We will arrange the restriction of processing.

f) Right to data portability (Article 20 GDPR)
You can receive the personal data concerning you, which was provided to a controller by you, in a structured, commonly used and machine-readable format at any time. You have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising your right to data portability pursuant to Art. 20 para. 1 GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

g) Right to object (Article 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling based on those provisions.

In the event of objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where we process personal data for direct marketing purposes, you have the right to object at any time to processing of personal data for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If you object to our company processing your data for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you by us for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 para. 1 GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, you can contact us directly. In addition, you are free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling (Article 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, as long as the decision (1) is not necessary for entering into, or performance of, a contract between you and our company, or (2) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is based on your explicit consent.

If the decision (1) is necessary for entering into, or performance of, a contract between you and our company, or (2) it is based on your explicit consent, we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of our company, to express your point of view and to contest the decision.

i) Right to withdraw consent under data protection law (Art. 7 para. 3 GDPR)
You can withdraw consent to the processing of personal data at any time.

j) Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
According to the mentioned article, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or workplace.

If you want to claim one or more of the mentioned rights, you can contact us at any time. An e-mail with the request to the above-mentioned e-mail address is sufficient.

Existence of Automated Decision-Making

As a responsible company, we do not use automatic decision-making or profiling.

Data Security

For the highest possible data security, we use encryption via SSL (Secure Socket Layer) for our website, using the highest encryption level supported by your browser. This is regularly a 256-bit encryption. If your browser does not support 256-bit encryption, 128-bit v3 technology will be used instead. You can recognise that a page of our website and its content is transmitted in encrypted form by the closed (or green) padlock symbol or key icon in the address or status bar of your browser.

Furthermore, we use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

We secure our website and other systems by technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. Despite regular checks and state-of-the-art technology, 100% protection against all dangers on the Internet is unfortunately practically impossible.

Actuality and Amendment of this Data Protection Declaration

It may become necessary to amend this declaration due to the further development of our website and services or due to changes in legal or regulatory requirements. You can access the current version of our data protection declaration at any time on this website under the menu item “Data protection”.

Right to Information

According to the Federal Data Protection Act, you have a right to free information about your stored data and, if applicable, a right to correction, blocking or deletion of this data. If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data, as well as for the revocation of granted consents, please contact:

Saida Nails GmbH, represented by Saida Nasirova,
Siedlungsweg 5,
94315 Straubing,
E-mail: info@saida-nails.de

End of the data protection declaration
As of 15.1.2025

supplemented with the help of the data protection declaration generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which operates as External Data Protection Officer Hof, in cooperation with the Lawyer for Data Protection Law Christian Solmecke.