Data Privacy: BSC Skincare



Privacy Notice

Thank you for your visit to our website! Protecting your data and your privacy is important to us. Please see below which data we process when, for which purpose, and on which legal basis. We also explain how the services work that we offer and how we ensure the protection of your personal data in this regard.

According to Article 4 (1) GDPR, personal data are information that refers to an identified or identifiable natural person. Identifiable means a natural person who can be identified directly or indirectly. For further information, see Article 4 (1) GDPR.

To the extent that we refer to our legitimate interest or the legitimate interest of a third party as the legal basis of the processing of personal data (Article 6 (1) (f) GDPR, you have a right to objection pursuant to Article 21 GDPR.

According to Article 21 (1) and (2) GDPR

You are entitled to object to the processing of your personal data at any time. We will then refrain from processing your personal data, unless we can prove the existence of absolutely legitimate reasons for the processing that override your interest, rights, or freedoms, or if the data is processed to assert, exercise, or defend any legal claims (see Article 21 (1) GDPR, the so-called “limited right to objection”). In such case, you must present your reasons for the objection that are based on your own special situation.

Below, in various sections, you will find information about your right to object. If you have a right to object, this will be indicated by the phrase “you have a right to object”. There, you will also find more information about how to exercise your right to object.


The controller as defined under Article 4 (7) GDPR that is responsible for the processing or personal data is:

BSC Skincare Development GmbH
Managing Director: Concordia Deininger
In der Au 27
74405 Gaildorf
Telefonnummer: 07971 912988
Send e-mail

Data security

We protect our website and other systems by technical and organizational measures against loss, destruction, access, modification, or dissemination of your data through unauthorized persons. Despite regular checks, full protection against all risks is still not possible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential information, for example purchase orders or requests that you sent to us in our capacity as the operator of this website, this website uses SSL or TLS encryption. You can recognize encrypted connections by the padlock icon in the browser address bar and the address bar will switch from “http://” to “https://”.

If SSL or TLS encryption is enabled, any data that you submit to us cannot be read by third parties.

Rights of data subjects (Article 15 et. seq. GDPR)

You are entitled, at your request, to obtain information about the personal data (Art. 15 GDPR) that we store about you. If the data that we store is incorrect, you have a right to rectification (Art. 16 GDPR). If the statutory requirements are met, you have a right to erasure and restriction of processing (Art. 17 et. seq. GDPR). As a rule, data can only be erased after the retention periods under tax and commercial law have lapsed.

Notwithstanding any other administrative or judicial remedy to which you may be entitled, you can lodge an objection with the state’s data protection officer regarding the processing of your data:

Prof. Dr. Tobias Keber
Lautenschlagerstraße 20
70173 Stuttgart
Telefonnummer: 0711 615541-0
Faxnummer: 0711 615541-15

Automated case-by-case decisions and profiling

Automated decision-making or profiling is not carried out on our website.

Data collected on our website

Below, you can inform yourself where and why we collect your personal data.

Log files

Every time you visit our website, we automatically collect data and information from the system of your device and store it in so-called server log files. This is information that relates to identified or identifiable natural persons (here: website visitors). The data will automatically be transferred by your browser during your visit to our website. This includes the following information:

  • The time at which our website is requested (request to the server of the host provider),
  • URL of the website from which you access our website,
  • The operating system that you use,
  • Type and version of the browser you use,
  • Your computer's IP address (the IP address is pseudonymized).

The purpose of this processing is that you can access our website with your device and to allow the correct presentation of our website on your device or your browser. Furthermore, we use your data to optimize our website and to ensure the security of our systems.

The legal basis for this processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in presenting our website in a form that is optimized for your browser and to allow communication between our server and your end device. For the latter, it is necessary to process your IP address, in particular.

We store this information for the period of one month.

Right to object

You have a right to object. You can inform us about or send us your objection at any time. For this, please use the address of the controller of this website that is responsible for data protection.


Our website uses cookies. Cookies are text files that are stored on your device for a more convenient use of our website. Cookies can store entries or settings made on or for a website so that users need not enter such information every time they visit a website. Cookies contain so-called cookie IDs which allow the identification of the devices on which the cookies are stored.

Most of the cookies used by us are so-called “session cookies”. They are deleted automatically at the end of your visit. Other cookies are stored on your end device until you delete them. These cookies allow us to recognize your browser at your next visit.

The purpose of this processing is to make the use of our website convenient for you and allow you to save your settings.

The legal basis for this processing is - insofar as personal data is concerned - Art. 6 (1) (f) GDPR. We have a legitimate interest in presenting our website in a way that your personal settings are saved to facilitate your use of our website.

Right to object

You have a right to object. In your browser settings, you can restrict or completely prevent the storage of cookies. You can set your browser to delete all cookies automatically upon the closing of the browser window, however, please note that in that case, you may not be able to fully use all functions of this website.

Contact form

There are one or more contact forms at our website that you can use to contact us by electronic means. If you contact us via these contact forms, we will process the data entered in the entry fields.

You have expressly consented to the processing of your data prior to submitting your contact information.

Mandatory and voluntary information is treated in the same way by us. Mandatory information is necessary to contact you and to process your request.

When you send a message, we also store the following data:

  • Your IP address

  • Date and time the request is submitted

The purpose of the processing of personal data is to process the request and to contact the person who sent the request. Any other personal data that is processed when the request is submitted is used to prevent any abuse of our contact form.

The legal basis for the processing of the data as described herein is Article 6 (1) (f) GDPR. Our legitimate interest is to give you the opportunity to contact us at any time and to reply to your requests.

We will process the personal data only as long as this is necessary to provide the function.

Right to object

You have a right to object. You can inform us about or send us your objection at any time. For this, please use the address of the controller of this website that is responsible for data protection.

Use of Google Web Fonts

On our website, we use external fonts, so-called Google Fonts. Google Fonts is a service by Google Ireland Limited (“Google”), Gordon, Barrow Street, Dublin 4, Ireland.

Web Fonts are integrated via an interface (“API”) to the Google services. By integrating the Web Fonts, Google may - under certain circumstances - collect information (also personal data) and processes them. In this regard, it cannot be excluded that Google transfers data to servers in third countries.

Google’s Privacy Shield certification shows (see after entering the search term “Google”) that Google has committed itself to compliance with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework about the collection, use, and storage of personal data from the EU member states or Switzerland. In the certification, Google, including Google LLC and its wholly owned subsidiaries in Ireland, declares that it observes the Privacy Shield principles. For more information, see

Which data Google actually collects and processes is beyond our control. However, Google states that Google can basically process the following information (personal data):

  • Log data (the IP address)

  • Location-based information

  • Unique Application Numbers

  • Cookies and similar technologies

For detailed information, see under the section “Information that we obtain from your use of our services”.

When you are logged in to your Google account, Google can add the processed information to your account depending on your account settings and treat them as personal data, see in particular.

For example, Google does the following:

Under certain circumstances, we combine personal information from one service with personal information from other Google services. This facilitates, for example, the sharing of contents with friends. Depending on your account settings, we may combine your activities on other websites and in apps with your personal data to improve Google’s services and ads displayed by Google."

You can prevent the direct adding of this data if you log out from your Google account or by changing the corresponding settings of your Google account. Furthermore, you can prevent the installation of cookies - insofar as Google uses cookies - by adjusting the settings of your browser; however, please note that in that case you may not be able to fully use all of the functions of this website.

The purpose of our integration of Google Fonts is to be able to display uniform font types on your device.

The legal basis for the processing of the data as described herein is Article 6 (1) (f) GDPR. Our legitimate interest in this regard is the great benefit that is offered by a uniform presentation of the font types. This option of a uniform presentation means that our expense for design is reduced because we need not graphically adjust our website to the font standards of different operating systems or browsers. Moreover, Google has a legitimate interest in the collected (personal) data to improve their own services, for example.

For more information, see the data privacy statement of Google that can be viewed here:

For information on Google’s privacy settings, see

Right to object

You have a right to object. You can inform us about or send us your objection at any time. For this, please use the address of the controller of this website that is responsible for data protection.