I. General Information and Notes
In the following, we inform you about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
1. The controller pursuant to Art. 4 No. 7 EU General Data Protection Regulation (GDPR) is:
Biebricher Allee 36
Phone: +49 611 97 819-60
Competent data protection supervisory authority:
The Hessian Commissioner for Data Protection and Freedom of Information
You can reach our data protection officer at
contact person: Nikolai Haas
In den Leppsteinswiesen 14
Phone: +49 6154 57605-111
2. When you contact us, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to better answer your inquiries. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations.
3. The processing of this data is based on Art. 6 (1) sentence 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) p. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 (1) p. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the requests addressed to us.
4. If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
1. You have the followiYou have the following rights in relation to us in respect of personal data relating to you:
- Right of access,
- Right of rectification or erasure,
- Right to restrict processing,
- Right to object to processing,
- Right to data portability.
2. You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
3. To exercise your rights regarding your perTo exercise your rights with regard to personal data concerning you, please contact Betroffenenrechte@interco.de.
4. Please note that in the event of a request for information, we will store both the request and our subsequent information for a period of three years for the purpose of providing proof that the information was properly provided.
Objection or withdrawal against the processing of your data
1. If you have given your consent to the processing of your data, you may withdraw this consent at any time. Such a withdrawal affects the permissibility of the processing of your personal data after you have expressed it to us.
2. As long as we base the processing of your personal data on our legitimate interests, you can object to the processing. Provided that processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have previously done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
3. Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to advertising e-mails
The use of contact data published within the framework of the imprint obligation for the purpose of sending advertising and information material not explicitly requested is hereby prohibited. The operators of the pages openly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam e-mails.
II. Use of the website
In the case of informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server.
If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Data volume transferred in each case
- Web page from which the request comes
- Operating system and its interface
- Language and version of the browser software.
2. In addition to the informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually must provide further personal data which we use to provide the respective service and for which the aforementioned data processing principles apply.
Data transfer to service providers & partners
1. In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
2. Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners. You will receive more information on this when you provide your personal data or in the description of the offer.
3. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you in the offer’s description.
Data transfer to the U.S.
1. The U.S. is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities, for control and monitoring purposes, possibly without redress.
2. Please note in particular the further information on the tools and services used by us in this data protection declaration with regard to data transfers to the U.S..
3. Many tools and services use so-called “cookies” (more on this below under the point “Cookies”). Typically, their use is accompanied by the transfer of data to the U.S. by US providers such as Google, Facebook, Twitter, YouTube, LinkedIn, etc.. If you do not wish this to happen, please ensure that you do not give the corresponding consent that we obtain when you call up the website.
What are cookies?
Our website uses so-called cookies to store user-specific data. Cookies are small files that are stored on your computer by our website and contain certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the “user-specific” information back to our site. Thanks to the cookies, our website knows who you are and offers you your usual default settings. A cookie consists of a name and a value.
When you visit our website for the first time (using a so-called “cookie banner” or “cookie consent tool”), you will be asked which cookies you wish to accept. Cookies that are not essential to provide the services of this website will only be used after you have given your consent. However, this decision will in turn be stored in a cookie for purposes of proof and to implement your setting.
You can review and switch your cookie settings on any occasion here: Cookie Preferences
By agreeing to the use of the respective cookies by U.S. providers such as Google, Facebook, Twitter, YouTube, LinkedIn, etc., you also consent to the processing of your data in the U.S. in accordance with Article 49 (1) sentence 1 a GDPR.
Which cookies are set in each case, which data is stored in them and under which further circumstances; is additionally explained in more detail in our notes on the tools, plug-ins or services used.
Which cookies are set in each case, which data is stored in them and under which further circumstances; is additionally explained in more detail in our notes on the tools, plug-ins or services used.
First-party and third-party cookies
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites or their tools/plug-ins/services (e.g. Google Analytics). Each cookie is to be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests”. Cookies also cannot access information on your PC.
What are the different types of cookies?
1. Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, when the user adds a product to the shopping cart, then continues surfing on other pages and only later goes to the checkout. Through these cookies, the shopping cart is not emptied even if the user closes his browser window.
2. Functional Cookies
These cookies are not mandatory, but they increase the functionality of the website. This includes, for example, information such as usernames, language selection, once entered form data, font size, etc..
3. Performance or marketing cookies
These cookies come from external advertising companies, among others, and are used to collect information about the websites visited by the user, for example, to create targeted advertisements for the user.
Other cookies collect information about user behaviour on the website and whether users receive error messages (if so, which ones) in order to improve the content and structure of the website. Loading time or the behaviour of the website with different browsers is also measured with these cookies.
Browser-side deactivation or deletion of cookies
You can set your web browser in such a way that the storage of cookies on your end device is generally prevented or you are asked each time whether you agree to the cookies’ setting. Once cookies have been set, you can delete them at any time. How this works is described in the help function of the web browser you are using.
A general deactivation of cookies may lead to functional limitations of this website.
Data processing of applicants
Purpose and legal basis of the processing
We process your personal data for the purpose of establishing an employment relationship in compliance with Art. 6 (1) p. 1 lit. b GDPR in conjunction with Art. 88 GDPR and Section 26 BDSG. The processing is carried out solely for the purpose of assessing your suitability, ability and professional performance with regard to the position for which you are applying.
We also process your personal data for certain purposes (e.g. for longer storage) if you have given us your consent to data processing within the meaning of Article 6 (1) sentence 1 a GDPR in conjunction with Article 7 GDPR.
If applicable, we are obliged to process your personal data pursuant to Art. 6 (1) sentence 1 lit. c GDPR. Various legal obligations may exist in this regard (e.g. obligations under the German Commercial Code; the German Fiscal Code; to store tax-relevant data; under the German Social Security Code; under the General Equal Treatment Act; or other relevant regulations).
Nature of the categories of data processed
We process persoWe process personal data that we receive from you as part of the application process, e.g. through letters of application, CVs, references, correspondence, telephone or verbal information.
The following categories of data can be affected:
- Personal data (surname, first name, date of birth)
- Address data (address, place of residence)
- Contact details (telephone no., e-mail address)
- Application data (cover letter, references, curriculum vitae)
- Special personal data (health data such as diseases and disabilities)
Recipients or categories of data recipients
Your data is first accessed by our HR and accounting departments, but also by the specialist department of the job for which you have applied. Our administrators and order processors have technically and necessarily the possibility to access data processed by means of IT. They are strictly bound by our instructions and may not process the data for their own purposes. In certain cases, we may need to disclose your personal data to third parties, such as our bank ,in case of receiving a reimbursement or the post office, if we communicate with you via letter.
Furthermore, third parties may receive data for certain purposes if this is required by law in the context of your application (e.g. notification to the Federal Employment Agency).
Data is not transferred to locations in countries outside the European UniData will not be transferred to countries outside the European Union (so-called third countries).
Duration of data storage
Your personal data will be stored for as long as it’s necessary to fulfil our contractual and legal obligations in the application process. In the event of a successful application, your personal data will be placed in your personnel file and used to implement and terminate the employment relationship.
If we are currently unable to offer you employment, we will continue to process your data on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR for up to 6 months after sending the rejection, in order to be able to defend ourselves against any legal claims.
In the case of consenting to the storage of your data beyond the prescribed period, the duration may be correspondingly longer (max. two years).
If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted, unless storage is required due to legal retention periods (e.g. for the fulfilment of commercial and tax retention periods of ten years).
1. General information
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 U.S.. Google Analytics uses so-called “cookies”, which enables the analysis of your U.S.ge behaviour on the website. The data collected this way is used by Google to provide us with an evaluation of your visit to our website and of your U.S.ge activities there. This data may also be used to provide other services related to the use of our website and the Internet.
2. Categories of data processed
Within the scope of the service, U.S.ge and user-related information, such as IP address, location, time or frequency of visits to our website, is recorded.
3. Legal basis
The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.
The legal basis for setting the cookie is your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. Details of this can be found above, under the “Cookies” section.
4. Deactivation of data collection by Google Analytics
- You can withdraw your consent to the storage of cookies at any time. For this, we refer to the previous notes on “Cookies” and the rights to which you are entitled.
- You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
5. IP anonymization
We have implemented Google Analytics IP address anonymization on this website. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place. This means that IP addresses are processed in abbreviated form, which means that they cannot be linked to a specific person.
More information on IP anonymization can be found at: https://support.google.com/analytics/answer/2763052?hl=de.
6. Data protection of the provider
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S. Please note our information on data transfers to the U.S..
Google Tag Manager
1. Through the Google Tag Manager, so-called tags (i.e. relevant information for others such as code snippets or also pixels for other tools) are installed on the website. The tag manager works by installing a container with a unique container ID on the website. All relevant information of the tools used is, then, stored in it.
2. The further implementation of tools then takes place via the user interface of the Tag Manager. Through the Tag Manager, a central place is thus created via which all tools can be started and also switched off again. The Google Tag Manager takes care of triggering other tools by collecting the relevant information for the built-in tools. However, a processing of the collected data does not take place through the Tag Manager, it is only forwarded to the respective tool. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
3. The legal basis for the use of the tag manager is our legitimate interest in accordance with Art. 6 para. 1 p. 1 lit. f GDPR in a functioning management of the other tools of this website. The Google Tag Manager is needed to control analytics or other tools. Based on your selection, the Google Tag Manager blocks or activates the tools we use.
5. Google’s privacy notice for this tool can be found at: https://www.google.de/tagmanager/use-policy.html.
Integration of Vimeo
1. We also use videos from the company Vimeo on our website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, U.S.. With the help of a plug-in, we can show you interesting video material directly on our website. Personal data may be transferred to Vimeo in the process.
2. When you visit one of our websites that has a Vimeo video embedded, your browser connects to the servers of Vimeo. This results in a data transmission. This data is collected, stored and processed onto the Vimeo servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical info about your browser type, operating system or very basic device information. In addition, Vimeo stores information about which website you use the Vimeo service and what actions (web activities) you perform on our website. These web activities include, for example, session duration or which button you clicked on our website with a built-in Vimeo function. Vimeo may track and store these actions using cookies and similar technologies.
3. If you are logged into Vimeo as a registered member, more data can often be collected as more cookies may have already been set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while “surfing” on our website.
4. The goal is to provide you with the best content possible and to do so as easy and accessible as possible. Only when we have achieved this are we satisfied with our service. Vimeo gives us the opportunity to present you with high quality content directly on our website. Instead of just giving you a link to an interesting video, you can watch the video right there on our site. This expands our service and makes it easier for you to access interesting content. Thus, we offer video content in addition to our text and images.
5. The legal basis is therefore Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies, as previously described, in the quality improvement of our website.
6. The legal basis for the setting of cookies is your consent in accordance with Art. 6 (1) p. 1 lit. a GDPR. Details of this can be found above under the point “Cookies”.
Integration of Google Maps
1. On this website we use the Google Maps service. The service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.
2. In order for Google Maps to fully provide its service, the company must collect and store data from you. This includes, among others, the search terms entered, your IP address and the latitude and longitude coordinates. However, this data storage happens on Google Maps’ websites. We can only inform you about this, but cannot influence it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your U.S.ge behavior. Google uses this data primarily to optimize its own services and to provide individual, personalized advertising for you.
3. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest lies in the optimization of the functionality of our website.
4. It is not excluded that the processing is carried out by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S. Please note our information on data transfers to the U.S..
There you will also receive further information about your rights in this regard and the settings options for protecting your privacy (available at: http://www.google.de/intl/de/policies/privacy).
1. General information
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.
Social networks can usually comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media profile, numerous data protection-relevant processing operations are triggered.
2. Personal data
If you are logged into your social media account and visit our social media profile, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media profile. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
3. Notice of risks
We would like to point out that the respective providers may process user data outside the European Union. This can result in risks for the users, because, for example, the enforcement of the rights of the users could be made more difficult. With regard to US providers who offer guarantees of a secure level of data protection through, for example, EU standard contractual clauses, we point out that they thereby undertake to comply with EU data protection standards.
4. Purpose of the processing/legal basis
Our own processing of personal data on our social media sites is based on our legitimate interests according to Art. 6 (1) p. 1 lit. f GDPR, in order to inform about our offer, to make posts more attractive, to find the right time for publication, as well as to communicate with customers; interested parties and users active there. We have no influence on any further processing by the providers.
The legal basis for the setting of the aforementioned cookies is your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You can find details on this above under the point “Cookies” or under “Social Media Plugins”.
5. Joint controllership
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit.
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
6. Rights management
In principle, you can assert your rights both against us and against the operator of the respective social media portal.
However, we would like to point out that these can be asserted most effectively with the operators. Only the operators have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please feel free to contact us.
7. Storage period
The data collected directly by us via the social media profile will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, withdraw your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
8. Data protection of the providers
For a detailed presentation of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information of the providers of the respective social media networks, over which we have no influence and which apply when the respective websites are called up.
9. Existing social media profiles
Own profile: https://www.linkedin.com/company/interco-cosmetics-gmbh
Social media profiles via graphic or text link
1. We also link on our website to social media profiles on the platforms listed above. The integration takes place via a linked graphic or a text link of the respective platform. The use of this linking prevents a connection to the respective server of the platform from being automatically established when a website with a social media link is called up in order to display a graphic of the respective platform itself. Only by clicking on the corresponding graphic will the user be forwarded to the service of the respective platform.
2. After the user has been forwarded, information about it is collected by the respective provider. It cannot be ruled out that the data collected this way is processed in the U.S.. Please note our information on data transfers to the U.S..
3. This is initial data such as IP address, date, time and page visited. If the user is logged into its user account of the respective platform during this time, the operator may be able to assign the collected information of the specific visit of the user to its personal account. If the User interacts via a “Share” button of the respective platform, this information can be stored in the User’s personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to its user account, it must log out before clicking on the graphic. In addition, there is the possibility to configure the respective user account accordingly.