Article 13 General Data Protection Regulation (GDPR)

Privacy policy

With this information we are informing you about the processing of your personal data (“Data”) as well as your data protection rights.

1. Who is responsible for the processing of your Data and how can you get in touch with the controller?

Responsible for the Data processing is:

The Perma GmbH

Gartengasse 8/8, 1050 Vienna

If you have any questions or concerns about the processing of your Data, or if you have discovered an error on our website, you can contact us at: office@vesnajugovic.com

2. What are the purposes, the duration, and the legal basis of the processing of your Data?

We process your Data in the following described manner. If we process your Data for any other purpose, we will inform you separately before we start processing your Data. If you are obliged to provide the Data for the respective purpose, it will be made visible with (*).

2.1 Online/Live Courses
(If you book an online or live course or if you request more information about a specific course)

Data:             Name*, telephone number*, e-mail-address*, address* (street, city, postal code, county, country), Data about your business* (only if you are an entrepreneur), chosen course*, payment data*, chosen starter kit*

Purpose:        We process your Data for the purpose of managing our contractual relationship and to provide our services to you.

Duration:      After the courses are finished, we delete the Data, that we do not need any longer to provide our services. We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage. For reasons of tax law, we are legally obliged to retain contracts and associated documents from the contractual relationship for a period of seven years (from the end of the year in which the business case arose – see also Section 212Austrian Business Code).

Legal Basis:    We process to perform a contract with you or in order to take at your request prior to entering into a contract with you (Art. 6 para. 1 lit b GDPR).

To achieve the intended purposes, it may sometimes be necessary to disclose your Data to the following recipients:

Recipient Purpose Legal basis Located in Appropriate safeguards to third countries transfer
ready2order GmbH Collection of personal data for the issuance of payment receipts Contract fulfilment (Art. 6 para 1 lit b GDPR) Austria
Billdu LTD Collection of personal data for the issuance of invoices and payment receipts Contract fulfilment (Art. 6 para 1 lit b GDPR) UK Standard contractual clauses pursuant to Art 46 GDPR
elopage GmbH Granting access to the training platform where online courses are offered Contract fulfilment (Art. 6 para 1 lit b GDPR) Germany
PayPal (Europe) S.à.r.l. & Cie Handling of payments Contract fulfilment (Art. 6 para 1 lit b GDPR) Luxenbourg
Stripe Payments Europe Limited Handling of payments Contract fulfilment (Art. 6 para 1 lit b GDPR) Ireland, USA Standard contractual clauses pursuant to Art 46 GDPR
Amazon Payments Europe S.C.A Handling of payments Contract fulfilment (Art. 6 para 1 lit b GDPR) Luxenbourg
Deutsche Handelsbank AG (Cashpresso) Handling of payments Contract fulfilment (Art. 6 para 1 lit b GDPR) Germany
Google LLC (GooglePay) Handling of payments Contract fulfilment (Art. 6 para 1 lit b GDPR) USA Standard contractual clauses pursuant to Art 46 GDPR
Amazon Web Services EMEA SARL Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Luxenbourg
Toscom – the webserver experts Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Austria
Digitalists GmbH Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Austria
Organizer of the live course Fulfilment of the contract Contract fulfilment (Art. 6 para 1 lit b GDPR)
Public bodies and authorities Legal obligation Legal obligation (Art 6 Abs 1 lit c GDPR)
DHL Express (Austria) GmbH Processing orders and facilitating DHL Express shipping, including tracking and status updates Contract fulfilment (Art. 6 para 1 lit b GDPR) Austria
DPD Direct Parcel Distribution Austria GmbH Processing orders and facilitating DPD shipping, including tracking and status updates Contract fulfilment (Art. 6 para 1 lit b GDPR) Austria

 

2.2 Salon Appointments
(if you book a salon appointment)

Data:             Name*, telephone number*, e-mail-address*, chosen treatment*, chosen appointment*, comments, medical information relevant for the chosen treatment* (existing permanent make-up or microblading, frequent medication, skin problems, autoimmune diseases, currently pregnant or breastfeeding).

Purpose:        We process your Data for the purpose of managing the booking, our contractual relationship and to provide our services to you. Special categories of personal data are processed for the purpose of the provision of health care services to you.

Duration:      After the appointment is over, we delete the Data, that we do not need any longer to provide our services. We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage. For reasons of tax law, we are legally obliged to retain contracts and associated documents from the contractual relationship for a period of seven years (from the end of the year in which the business case arose – see also Section 212Austrian Business Code).

Legal Basis:    We process to perform a contract with you or in order to take at your request prior to entering into a contract with you (Art. 6 para. 1 lit b GDPR). Special categories of personal data are processed pursuant to Art. 9 para. 2 lit. h and para. 3 GDPR in conjunction with Section 6 Austrian Data Protection Act.

To achieve the intended purposes, it may sometimes be necessary to disclose your Data to the following recipients:

Recipient Purpose Legal basis Located in Appropriate safeguards to third countries transfer
ready2order GmbH Collection of personal data for the issuance of payment receipts Contract fulfilment (Art. 6 para 1 lit b GDPR) Austria
Billdu LTD Collection of personal data for the issuance of invoices and payment receipts Contract fulfilment (Art. 6 para 1 lit b GDPR) UK Standard contractual clauses pursuant to Art 46 GDPR
elopage GmbH Granting access to the training platform where online courses are offered Contract fulfilment (Art. 6 para 1 lit b GDPR) Germany
PayPal (Europe) S.à.r.l. & Cie Handling of payments Contract fulfilment (Art. 6 para 1 lit b GDPR) Luxenbourg
Stripe Payments Europe Limited Handling of payments Contract fulfilment (Art. 6 para 1 lit b GDPR) Ireland, USA Standard contractual clauses pursuant to Art 46 GDPR
Amazon Payments Europe S.C.A Handling of payments Contract fulfilment (Art. 6 para 1 lit b GDPR) Luxenbourg
Deutsche Handelsbank AG (Cashpresso) Handling of payments Contract fulfilment (Art. 6 para 1 lit b GDPR) Germany
Google LLC (GooglePay) Handling of payments Contract fulfilment (Art. 6 para 1 lit b GDPR) USA Standard contractual clauses pursuant to Art 46 GDPR
Treatwell DACH GmbH Managing the contractual relationship and for the provision of health care services Contract fulfilment (Art. 6 para 1 lit b GDPR);
Processing of special categories of data pursuant to Art. 9 para. 2 lit. h and para. 3 GDPR in conjunction with Section 6 Austrian Data Protection Act
Germany
Amazon Web Services EMEA SARL Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Luxenbourg
Toscom – the webserver experts Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Austria
Digitalists GmbH Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Austria
Public bodies and authorities Legal obligation Legal obligation (Art 6 Abs 1 lit c GDPR)

 

2.3 Newsletter
(if you subscribe to our newsletter)

Data:           Name*, e-mail-address*, address* (street, city, postal code, county, country)

Purpose:     We process your Data for the purpose of direct marketing and advertisement. This means that we will send you personalized information by e-mail and inform you if I believe, based on your Data, that information about our offers, services and events are relevant and interesting to you. Furthermore, to analyze your reading behavior of the newsletter.

Legal Basis: We process your Data based on your consent (Art 6 para 1 lit a GDPR). You have the right to withdraw your consent at any time. The lawfulness of the processing until the withdrawal is not affected by this.

Duration:    The Data processed for this purpose will be stored until you withdraw your consent.

To achieve the intended purposes, it may sometimes be necessary to disclose your Data to the following recipients:

Recipient Purpose Legal basis Located in Appropriate safeguards to third countries transfer
The Rocket Science Group, LLC (Mailchimp) Newsletter delivery and analyzing of reading behavior Consent (Art 6 para 1 lit a GDPR) USA Standard contractual clauses pursuant to Art 46 GDPR

 

2.4 Marketing and direct advertisement

(if you interact with our Website)

Data:           Data collected by us and third parties via cookies, tracker and pixel. For more information please go to section 3.

Purpose:     We will process Data you provide when you interact with our Website for our own and third-party marketing purposes, customer loyalty or direct marketing.

Legal Basis: Our legitimate interest in marketing and direct advertisement e.g. to enhance the user-experience of the Website and to provide better services to the user.

Duration:    We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage. For reasons of tax law, we are legally obliged to retain contracts and associated documents from the contractual relationship for a period of seven years (from the end of the year in which the business case arose – see also Section 212 Austrian Business Code).

To achieve the intended purposes, it may sometimes be necessary to disclose your Data to the following recipients:

Recipient Purpose Legal basis Located in Appropriate safeguards to third countries transfer
SirPauls GmbH Marketing and direct  advertisement Legitimate interest (Art 6 para. 1 lit f GDPR): Marketing Austria
Amazon Web Services EMEA SARL Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Luxenbourg
Toscom – the webserver experts Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Austria
Digitalists GmbH Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Austria

 

2.5 Customer Service

(if you contact us through our contact form on the Website)

Data:           Name*, e-mail-address*, phone*, issue or request*

Purpose:     We will process Data you provide when you interact with our Website for the purpose of contacting us to respond to your questions or to fulfill your issues.

Legal Basis: Our legitimate interest in processing your inquiries and requests in order to be able to provide our services even better.

Duration:    We process the Data you provide only for the duration of the response or fulfillment of your requests and issues. Beyond that, we will process the Data only as long as there is a legal obligation to do so or we need Data for the exercise or defense of legal claims.

To achieve the intended purposes, it may sometimes be necessary to disclose your Data to the following recipients:

Recipient Purpose Legal basis Located in Appropriate safeguards to third countries transfer
Freshworks Inc. Processing of personal data for customer inquiry management via the ticket system Legitimate interest (Art 6 para. 1 lit f GDPR): Providing customer service USA Standard contractual clauses pursuant to Art 46 GDPR
Amazon Web Services EMEA SARL Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Luxenbourg
Toscom – the webserver experts Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Austria
Digitalists GmbH Maintenance and hosting of the website Legitimate interest (Art 6 para. 1 lit f GDPR): maintenance and hosting of the website Austria

 

2.6 Personal Vouchers

Data:                 Name*, telephone number*, e-mail-address*, address* (street, city, postal code, county, country), voucher receipt, message

Purpose:          We process your Data for the purpose of managing our contractual relationship and to provide our services to you.

Duration:        After the voucher has been purchased, we delete the Data, that we do not need any longer to provide our services. We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage. For reasons of tax law, we are legally obliged to retain contracts and associated documents from the contractual relationship for a period of seven years (from the end of the year in which the business case arose – see also Section 212 Austrian Business Code).

Legal Basis:    We process to perform a contract with you or in order to take at your request prior to entering into a contract with you (Art. 6 para. 1 lit b GDPR).

3. Cookies, Pixel and analytic tools

3.1 Cookies

We use cookies on our Website, which are small files stored on your device (web browser). On your next visit to our Website using the same device, the information stored in cookies (e.g. web browser, IP address, time zone) will subsequently be returned to our Website. Additionally, as you browse the Website, we collect information about the individual web pages or services/courses that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website.

We use the Data collected through these cookies to better represent our Website and to make our offers user-friendly, for example to evaluate the use of our Website. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser on your next visit. Other cookies are only stored on our Website for the duration of your visit.

For the collection of these Data we use the following technologies:

“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

“Log files” track actions occurring on the Website, and collect data including your IP address, browser type, referring/exit pages, and date/time stamps.

“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Website.

Cookies necessary for the functioning of the Website:

Name Function/purpose Storage Period
borlabs-cookie Tracks the user acceptance of cookies processing. 1 year
PHPSESSID Supports the server track the user session on the website in order to assure core system functionalities. Session

 

All these cookies are technically necessary for the presentation of the Website. You can deactivate the setting of cookies in the settings of your browser. Please note that a general deactivation of cookies may possibly lead to functional limitations of our Website.

Reporting and analytics:

Additionally, we use pixels and tags from the following third parties (which may in turn place cookies). These cookies are not technically necessary for the presentation of the Website and only activated with your given consent. You can withdraw your consent in the Cookie Consent Tool any time and in the settings of your browser:

 

Name Description/purpose Privacy Policy Third Party Appropriate safeguards to third countries transfer Storage period
Google Analytics We use Google Analytics to help measure how users interact with our Website. https://policies.google.com/privacy

 

Google Analytics Standard contractual clauses pursuant to Art 46 GDPR 7 days
Google Ads We use Google Ads to deliver targeted advertisements to individuals who visit our Website. https://policies.google.com/privacy

 

Google Ads Standard contractual clauses pursuant to Art 46 GDPR 7 days
Facebook Ads We use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our Websites. https://www.facebook.com/policy.php

 

Facebook Standard contractual clauses pursuant to Art 46 GDPR 7 days
PayPal We use PayPal as one of our payment providers to process your orders and capture payments. https://www.paypal.com/en/webapps/mpp/ua/privacy-full PayPal 1 day
Stripe We use Stripe as one of our payment providers to process your orders and capture payments. https://stripe.com/privacy-center/legal Stripe Standard contractual clauses pursuant to Art 46 GDPR 7 days
Treatwell We use Treatwell to handle and process the booking of appointments for clients. https://www.treatwell.at/info/datenschutzrichtlinien/ Treatwell Standard contractual clauses pursuant to Art 46 GDPR 1 day

 

 

3.2 Google Analytics

Furthermore, we use the Cookies of Google Analytics, a web analysis service provided by Google LLC (hereinafter “Google”). These cookies transmit data about your usage of the Website to a Google server in the USA. However, your IP address will be shortened prior to transmission and the transmitted data can no longer be associated with your person. Google will use this information to evaluate general usage data of our Website and to compile reports on Website activities. The collection of data only takes place with your consent. This consent can be withdrawn by you at any time. If you want to prevent the use of Google Analytics cookies in general, you can either do this through your browser settings (see section 3.1), or you can install the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout. For information about how Google and its affiliates use data and storage practices, please visit Google’s Privacy Policy, currently available at: www.google.com/privacy.html.

Google Analytics Cookie Purpose Storage period
_gid Determined by Google Analytics to identify unique sessions 1 day
_ga Determined by Google Analytics to identify unique sessions 7 days

 

3.3 Facebook Audience Pixel

We also use the Facebook Audience Pixel analysis tool from Facebook Ireland Limited or Facebook Inc. to measure the effectiveness of our advertising. The pixel collects information about Website usage, such as when the Website is used and transmits that information to Facebook’s servers in Ireland and the United States. This information may also be cross-checked with other Facebook information or our information that I have about you. All data collected by this pixel is encrypted by Facebook using “hashes”. Facebook Ireland Limited is located in the European Union; Facebook Inc. is located in the United States. The Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield, a legal mechanism for transatlantic data transfers, in July 2020. To keep your data safe Facebook relies on Standard Contractual Clauses (SCCs) to transfer data to countries outside the EU/EEA, including the United States.

The collection of data by Facebook Pixel only takes place with your consent. This consent can be withdrawn by you at any time. The comparison of the data with the data stored by us is based on our legitimate interest in marketing and customer loyalty.

4. Are you obliged to provide Data?

If you use the services of the website, you are obliged to provide the data marked with (*). Unless you provide those mandatory Data, we will generally not be unable to provide our services. You are not obliged to provide any other data.

5. Automated decision-making

We do not use automated decision-making or profiling according to Article 22 GDPR.

6. Your rights in the context of the processing of your data

You have the right to (i) access as to whether and what personal data we process and receive copies of your data, (ii) request rectification or amendment of inaccurate or not lawfully processed data and request erasure of your personal data, (iii) request restriction of data processing activities in certain circumstances, (iv) object to data processing activities in certain circumstances or withdraw consent previously given for the processing, (v) request that we provide you your data in a transferable format, and (vi) lodge a complaint with the Austrian data protection authority (www.dsb.gv.at ) or to any other data protection supervisory authority in the EU, in particular at your place of residence or place of work.

To exercise any of the above-mentioned rights, please contact us by email office@vesnajugovic.com or by post to the mentioned address above.