- scope of application
The protection of personal data is very important to us. With the following information on data
protection, we would like to explain to you which personal data we process for which purposes while
you are using our website.
The following information applies to all contents of the website https://www.truecare.skin/ (hereinafter
referred to as "offer").
The legal basis for data protection can be found in the EU General Data Protection Regulation
(hereinafter referred to as DSGVO) and the Federal Data Protection Act.
"Personal data" means any information relating to an identified or identifiable natural person; an
identifiable natural person is one who can be identified, directly or indirectly, in particular by reference
to an identifier such as a name, an identification number, location data, an online identifier (e.g. a
cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic,
cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data,
whether or not by automatic means, such as collection, recording, organisation, filing, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction, erasure or destruction.
- types of personal data
Access data is data about each access to the server on which our website is located. The access
data includes the name of the website accessed, file, date and time of access, amount of data
transferred, notification of successful access, browser type and version, the user's operating system,
referrer URL (the previously visited page), IP address and the requesting provider.
Cookies are small files that allow specific information related to the device to be stored on the access
If you fill out the contact form on our website or contact us by other means (e.g. telephone, e-mail),
we process the personal data that you enter in the respective form or provide to us by other means
(e.g. last name, first name, e-mail address, address).
Order and registration data
This is the data you provide for ordering via our online shop and registering as a customer.
- Purposes of the processing
Our hosting provider collects access data on our behalf for security reasons for fraud and abuse
control as well as for statistical recording of website usage. The legal basis for the processing is Art.
6 (1) sentence 1 f) DSGVO. For the processing of the IP address by third-party providers, see section
The website uses the following cookies:
Essential cookies enable basic functions and are necessary for the proper functioning of the website.
website and optimisation of our offers.
Are used by third-party providers or publishers to display personalised advertising. They do this by
tracking visitors across the website. More information on the cookies used can be found in the privacy
para. 1 a) DSGVO. You can consent to the use of these cookies within the framework of the data
If you use our contact form or provide us with your personal data by other means, we will use it to
process your request (legal basis Art. 6 para. 1 sentence 1 a, f) DSGVO). If you communicate with
us via e-mail, your e-mails and the personal data communicated therein will be transported on our
behalf to the servers of our e-mail hosting provider to be stored on their servers and our servers
(legal basis Art. 6 para. 1 sentence 1 a, f DSGVO).
Our legitimate interest in collecting data within the meaning of Art. 6 para. 1 f) DSGVO follows from
the fact that we cannot process your request (contacting you, processing your request) without your
Order and registration data
We process order data for contract processing (legal basis is Art. 6 para. 1 sentence b DSGVO). In
addition, we collect usage data such as your IP address for each order for the purpose of fraud and
abuse control (legal basis is Art. 6 para. 1 sentence 1 f DSGVO).
We process registration data to open and manage your account (legal basis is Art. 6 para. 1 sentence
b DSGVO). We process further data in the customer area in order to make your purchase as convenient and time-saving as possible (legal basis is Art. 6 para. 1 sentence 1 f DSGVO).
Service offers by e-mail
As a customer of ours, you will receive service offers from us by e-mail at irregular intervals, provided
you have given us an e-mail address. You will receive these offers from us regardless of whether
you have subscribed to a newsletter. In this context, we use the e-mail address provided by you in
connection with the use of our service to advertise our own services that are similar to those that
you have used with us on the basis of a booking you have already made (legal basis is Art. 6 para.
1 sentence 1 f) DSGVO). If you do not wish to receive offers by e-mail, you can object to receiving them at any time at email@example.com and at the end of each offer e-mail, without incurring more than the transmission costs according to the basic rates.
Postal advertising / telephone advertising
We also use your name and address for direct postal advertising (legal basis is Art. 6 para. 1
sentence 1 f) DSGVO). We only undertake telephone advertising measures if you have given your
consent to this (legal basis is Art. 6 Para. 1 Sentence 1 f) DSG-VO).
If you agree, we will inform you at regular intervals by e-mail about our service offers, news in our
institutes and skin care tips. You can register for our newsletter. If you would like to receive
information, we require a valid e-mail address from you. After you have registered, an e-mail will be
sent to the e-mail address you have provided, asking you to confirm that you wish to receive the
newsletter. When you register for the newsletter, your e-mail address, the IP address used and the
time of registration and confirmation are stored. The purpose of this procedure is to be able to prove
your registration and, if necessary, to clarify a possible misuse of your personal data. The legal basis
for this is Art. 6 para. 1 sentence 1 f DSGVO. The legal basis for sending the newsletter is Art. 6
para. 1 sentence 1 f a DSGVO.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the
newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail
or by e-mail. We would like to point out that a revocation does not change the lawfulness of the
processing granted until the revocation (no retroactive effect of the revocation).
By subscribing to the newsletter, you give us the following consent, if applicable, which we reproduce
here only for your information:
"I confirm that I have reached the age of 16 and consent to True Care GmbH using the email address
I have provided to inform me at regular intervals about their service offerings, news in their institutes
and skin care tips. I can revoke my consent at any time by unsubscribing from the newsletter, sending
an e-mail to firstname.lastname@example.org or sending it by post with effect for the future. I have taken note of
- Data processing by third parties
Our website is operated on the servers of our hosting provider. This provider processes the personal
data mentioned in section 3 on our behalf for the operation of our website and for abuse control. The
legal basis for this is Art. 6 para. 1 sentence 1 f) DSGVO.
Plug-ins, usage analysis
We integrate various services and content from third-party providers on our website. The integration
may result in the processing of your personal data. In addition, the integration of third-party content
may result in the transfer of data to countries outside the EU. You can find more information on this
under point 6.
The legal basis for the integration of the services and content is Art. 6 para. 1 sentence 1 f) DSGVO.
Our legitimate interest for data processing follows from the fact that we use the services of third
parties for the purpose of user-friendliness of our website and optimisation of our offers.
Online appointment calendar, customer management
You can book an appointment with us online via our website. For this purpose, we use the booking
system of REVIDERM AG, Robert-Bosch-Straße 7, 82054 Sauerlach, where you can then book an
appointment. To do this, you must enter your full name, telephone number and e-mail address; other
fields in the input form are optional. After sending the appointment request, you will receive a
confirmation of the appointment at the e-mail address provided. We will then process your data for
the purpose of making the appointment and for reminders of the upcoming appointment by e-mail or
SMS (legal basis is Art. 6 para. 1 sentence 1 a, b, f DSGVO). In addition, the data you provide will
be processed on the provider's servers so that we can manage you as a customer there. This allows
us to create you as a customer in the provider's system, enter your data and appointments in our
appointment calendar (legal basis is Art. 6 para. 1 sentence 1 f b, f DSGVO). In addition, we can
upload treatment data and photos and manage them there (legal basis is Art. 6 para. 1 sentence 1 f
DSGVO). Information from the provider on their access to your data and data protection can be
- Plug-ins, usage analysis, external media
This website uses Google Analytics, a web analytics service provided by Google, Inc ("Google").
Google Analytics uses "cookies", which are text files placed on your computer, to help the website
analyse how users use the site. The information generated by the cookie about your use of this
website is usually transmitted to a Google server in the USA and stored there. In the event that IP
anonymisation is activated on this website, however, your IP address will be truncated beforehand
by Google within member states of the European Union or in other contracting states to the
Agreement on the European Economic Area. Only in exceptional cases will the full IP address be
transmitted to a Google server in the USA and shortened there. On behalf of the operator of this
website, Google will use this information for the purpose of evaluating your use of the website,
compiling reports on website activity and providing other services relating to website activity and
internet usage to the website operator. The IP address transmitted by your browser as part of Google
the appropriate settings on your browser, however please note that if you do this you may not be
able to use the full functionality of this website. You can also prevent the collection of data generated
by the cookie and related to your use of the website (incl. your IP address) by Google, as well as the
processing of this data by Google, by downloading and installing the browser plugin available at the
following link: http://tools.google.com/dlpage/gaoptout.
When visiting our website, you may or may not consent to the use of Google Analytics in the cookie
bar or in the privacy settings under "Marketing". If you consent, you give your consent within the
meaning of Art. 49 (1) sentence 1 a) DSGVO that your data (IP address, timestamp, user behaviour
on our website, if applicable) will be transmitted to Google in the USA and processed there. The ECJ
considers the USA to be a country with a level of data protection that is not adequate by European
standards. There is a risk of access by US authorities. In addition, we do not know exactly how
Google processes your data. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence
1 a) DSGVO.
Google Tag Manager and Remarketing
For easier management of the aforementioned Google tools, we use the Google Tag Manager and
Google Remarketing, an advertising analysis tool. The Google Tag Manager itself does not create
user profiles, does not store cookies and does not perform any independent analyses. It is only used
for administration and the tools integrated via it. Depending on the integrated tool, the Google Tag
Manager collects IP addresses of website visitors and passes them on to the Google tools.
For more information on the purpose and scope of data collection and its processing by Google,
this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy.
If you click on "Confirm" at the bottom of the cookie bar when visiting our website without changing
the settings regarding Google Tag Manager and Remarketing on the Cookie Settings page, you
consent within the meaning of Art. 49 (1) sentence 1 a) DSGVO to your data (IP address, timestamp,
user behaviour on our website, if applicable) being transmitted to Google in the USA and processed
there. The ECJ considers the USA to be a country with a level of data protection that is not adequate
by European standards. There is a risk of access by US authorities. In addition, we do not know
exactly how Google processes your data. The legal basis for the use of the Google Tag Manager is
Art. 6 para. 1 sentence 1 a DSGVO.
We currently use the following tracking pixels: Facebook pixel
Tracking pixels are small graphics that are automatically loaded when a web page or HTML email is
accessed. This allows us to track the behaviour of site visitors after they have been redirected to our
website by clicking on a third-party advertisement. This allows us to evaluate the effectiveness of
the advertisements for statistical and market research purposes and to optimise future advertising
measures. The data collected is anonymised for us as the operator of this website, so we cannot
draw any conclusions about the identity of the users. However, the data is processed by the thirdparty providers. This enables a connection to the respective user profile. We cannot influence this use of the data. We have neither influence on the collected data and data processing procedures,
nor are we aware of the full extent of the data collection, the purposes of the processing, the storage
periods. We also have no information on the deletion of the collected data by the third-party providers.
The legal basis for the use of the tracking pixels is Art. 6 para. 1 sentence 1 a) DSGVO. In the
cookie bar or the data protection settings, you can consent to the use of the Facebook tracking pixel
under "Marketing". By doing so, you give your consent within the meaning of Art. 49 (1) sentence 1
a) DSGVO that your data is transmitted to the provider based in the USA and processed there. The
ECJ considers the USA to be a country with an inadequate level of data protection according to
European standards. There is a risk of access by US authorities. In addition, we do not know exactly
how Facebook/Meta Platforms Inc. processes your data.
If necessary, you can also prevent the use of pixels by setting your browser software accordingly.
Addresses of the pixel provider and URL with data protection information:
Meta Platforms, Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php.
Institute finder and Google Maps
You can use our institute finder to find a Reviderm store near you. To do this, you can either click on
the "Institute near me" button. You will then be asked if we may collect your location data. If you
agree, this data will be collected by Google Maps and you will be shown the Reviderm store closest
to your position. You can also click on the interactive map on the https://www.reviderm.com/institute/institutsfinder.html page or enter the country and postcode/city in the input field. The nearest
store will then be displayed. If you then click on "Your route to the institute", you will be redirected to
the Google Maps page. There you can then enter the route data. By visiting our website, Google
receives the information that you have called up the corresponding sub-page of our website. In addition, to the best of our knowledge, the following information is transmitted to Google: Date and time
of the visit to the relevant web page, internet address or URL of the web page accessed, IP address
of the access device and, on the Google Maps page, the start and destination address entered as
part of the route planning. This is done regardless of whether Google provides a user account via
which you are logged in or whether no user account exists. If you are logged in to Google, your data
will be assigned directly to your account. If you do not wish your data to be associated with your
Google profile, you must log out before activating the button. Google stores your data as usage
profiles and uses them for the purposes of advertising, market research and/or demand-oriented
design of its website. Such an evaluation is carried out in particular (even for users who are not
logged in) to provide needs-based advertising and to inform other users of the social network about
your activities on our website. You have the right to object to the creation of these user profiles, and
to exercise this right you must contact Google.
Further information on the purpose and scope of data collection and processing by Google can be
regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy.
If you click on "Confirm" at the bottom of the cookie bar when visiting our website without changing
the settings regarding Google Maps on the Cookie Settings page, you consent to your data (IP
address, time stamp, user behaviour on our website, if applicable) being transmitted to Google in
the USA and processed there in accordance with Art. 49 (1) sentence 1 a) DSGVO. The ECJ
considers the USA to be a country with an inadequate level of data protection according to European
standards. There is a risk of access by US authorities. In addition, we do not know exactly how
Google processes your data.
The legal basis for the use of the Institute Finder and Google Maps is Art. 6 para. 1 sentence 1 f
DSGVO. Our legitimate interest in collecting data follows from the fact that we use Google Maps for
the purpose of better locating our Reviderm stores and thus optimising our offers.
Further information on Google's data protection guidelines can be found at:
- Categories of recipients of personal data
If you pay in our online shop with cash, EC card, credit card, your payment information is automatically transmitted to the payment provider for the purpose of payment processing (legal basis is Art. 6 para. 1 sentence 1 f) DSGVO). Regarding the processing by the payment provider, please refer to
Web hosting provider
The data mentioned in section 3 are processed on our behalf and on our instructions by our web
hosting provider for the purpose of operating our website and for fraud and misuse control. If you
communicate with us via e-mail, your e-mails and the personal data communicated therein will be
stored on our behalf on the servers of our web hosting provider (legal basis is Art. 6 para. 1 sentence
1 a, f DSGVO).
IT service provider
Our IT service providers receive access to the data mentioned in section 3 on our behalf and on our
instructions, insofar as this is necessary for technical reasons and for website optimisation and system maintenance (legal basis is Art. 6 para. 1 sentence 1 f DSGVO).
Shipping service provider / logistics service provider
If we deliver goods, we use shipping service providers to whom your first and last name and delivery
address and, if applicable, with your consent, your telephone number are transmitted (legal basis is
Art. 6 para. 1 sentence 1 b DSGVO).
Integration of third-party services and content
With regard to the integration of services and content of third parties on our website and the data
transfers in this regard, see section 6.
Tax consultant and auditor
For the purpose of bookkeeping and filing tax returns, we transmit your data to our tax advisors and
auditors to the extent necessary (legal basis is Art. 6 para. 1 sentence 1 f DSGVO).
Your data will only be passed on to other third parties in the following cases:
- if necessary for the assertion, exercise or defence of legal claims and there is no reason to
assume that you have an overriding interest worthy of protection in not having your data
disclosed (legal basis is Art. 6 Para. 1 Sentence 1 f DSGVO);
- we are legally obliged to disclose data in connection with official enquiries, court orders or
We work with service providers as processors or joint controllers and have concluded a contract
pursuant to Art. 28 or Art. 26 DSGVO.
- Voluntariness of the provision of data
The provision of personal data when visiting our website is neither legally or contractually required
nor necessary for the conclusion of a contract. You are also not obliged to provide personal data
when visiting our website, however, access data is collected automatically when you visit our website.
If you register as a customer and wish to use our login area, registration data is required
- voluntary provision of data
The access data is stored by our hosting provider for security reasons (e.g. to clarify acts of abuse
or fraud) for a maximum period of 6 months and then deleted. Data whose further storage is required
for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
Cookies, third-party providers
If IP addresses are processed by third-party providers, we have no influence on the duration of the
processing. You will find the links to the data protection declarations of the third-party providers under
point 6. There you can inform yourself about the duration of the processing. In addition, we inform
you about the duration of the cookie sessions or cookie runtimes in the cookie bar or data protection
We will use your personal data for postal advertising until you object to this.
Personal data that you provide via our forms or communicate to us in any other way will be processed
by us for the duration of the processing of your request, unless this data is subject to retention periods
under tax and commercial law or consent justifies continued storage. In any case, the data will be
stored until the expiry of limitation periods for claims for damages.
Order and contract data
For evidence purposes, we must retain order data for three years from the end of the year in which
the ordered item was delivered. Any claims shall become statute-barred at the earliest at this point
in time in accordance with the statutory limitation period. In addition, this data may be subject to
longer retention periods under tax and commercial law; these are 6-10 years.
- duration of the processing
You have the right to object at any time to the personal data processed on the basis of Art. 6
(1) sentence 1 f) DSGVO, provided that there are grounds for the objection arising from your
particular situation. However, your personal data will be further processed if there are
compelling legitimate grounds to further process the data that override the interests, rights
and freedoms of your person, or if the processing serves the assertion, exercise or defence
of legal claims. If we process your personal data for the purpose of direct marketing, you
have the right to object to the processing of personal data for the purpose of such marketing
at any time without giving reasons (Art. 21 DSGVO).
- Further data subject rights
YIf you have given your consent, you have the right to revoke it. We would like to point out that a
revocation does not change the lawfulness of the processing granted until the revocation (no
retroactive effect of the revocation).
Within the scope of the GDPR, you have the right to request information free of charge about the
personal data we hold about you (Art. 15 GDPR).
Furthermore, in accordance with the GDPR, you have the right to correction (Art. 16 GDPR), deletion
(Art. 17 GDPR), restriction (Art. 18 GDPR) and transfer (Art. 20 GDPR) of your personal data.
You also have the right to complain to the competent data protection supervisory authorities in
justified cases (Art. 77 DSGVO).
You can assert your rights under the GDPR by e-mail or in writing. You can find the contact details
of the provider below.
13. Contact details
TRUE CARE GmbH
Data Protection Officer::
Data protection supervisory authority:
Bavarian State Office for Data Protection Supervision
PO Box 606
Telephone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
Status: April 2023