Privacy Statement

We would hereby like to inform you of the ways and scope in which your personal data is processed by BCG Baden-Baden Cosmetics Group GmbH and your rights in accordance with data protection legislation.


1. Who Is Responsible for Data Processing and How Do I Contact the Data Protection Officer?

The party responsible for data processing is:
BCG Baden-Baden Cosmetics Group GmbH
Data protection officer
Im Rosengarten 7
76532 Baden-Baden, Germany

Tel.: +49-(0)7221-688-100
Fax: +49-(0)7221-688-369

Represented by: Managing Director / CEO Hermann Crux 

You can contact our data protection officers via the contact data above or via email at


2. What Are the Purposes of and Legal Basis for Processing Data?

We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (new FDPA) as well as all other relevant laws only insofar as this is required to provide information on this website as well as our services on this website.

If you are using the website simply for information purposes, that is to say, if you are not logging in or regis-tering to use the website or providing us with any other information, we will not collect any personal data, with the exception of the data that your browser transmits in order to enable you to visit the website. These are:

  • IP address
  • Date and time of query
  • Time zone difference in relation to Greenwich Mean Time (GMT)
  • Content of request (specific page)
  • Access status/HTTP status code
  • Transferred data quantity in each case
  • Website issuing the request
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

To ensure that the website functions, this information is saved in log files. Furthermore, this data is used for the purposes of ensuring that our information-technology systems are secure and optimizing our website.

Art. 6 (1) f) of the GDPR forms the legal basis for temporarily saving data and log files. If processing operations for personal data are based on acquiring the consent of the person affected, Art. 6 (1) a) of the GDPR serves as the legal basis.

Art. 6 (1) b) of the GDPR forms the legal basis for processing personal data in order to fulfill contracts in the case that one of the contracting parties is the person concerned. The same applies to implementing pre-contractual measures that necessitate processing operations. If our company is subject to a legal obligation for which it is necessary to process personal data, Art. 6 (1) c) of the GDPR serves as the legal basis. Art. 6 (1) d) of the GDPR is the legal basis in cases where vital interests of the persons concerned or another natural person necessitate the processing of personal data. If personal data is processed in order to protect the legitimate interests of our company or a third party, the interests, basic rights and fundamental freedoms of the person concerned are of secondary importance. Art. 6 (1) f) of the GDPR is the legal basis for processing data in this instance. Personal data can be passed onto our IT service providers for the purposes of making this website available.


3. Data Security

We maintain up to date technical procedures to ensure data security, in particular in relation to the protection of your personal data against risks during data transfer and against third parties acquiring knowledge of these data. These procedures are continuously updated to reflect the current state of the art.


4. Cookies

Furthermore, cookies will be stored on your computer. Cookies are small text files that are stored on your hard drive, assigned to your browser, and through which certain information passes to the body responsible for setting the cookies (us, in this case). Cookies cannot execute programs or transfer viruses to your com-puter.

They are used to make our Internet services overall more user-friendly and effective. As soon as our website is called up by a user, the respective user is notified of the use of cookies for analy-sis purposes. To process the personal data used in this context, the user’s consent is obtained. This website uses cookies to the following extent: transient cookies (temporary use), persistent cookies (used for a specific period of time), third-party cookies (from third-party providers), flash cookies (permanent use).

a) Transient cookies are automatically deleted once you close the browser. This includes in particular session cookies. These store a session ID with which various queries from your browser can be as-signed to the same session. This enables your computer to be identified on a return visit to the web-site. The session cookies are deleted once you log out or close the browser.
b) Persistent cookies are automatically deleted after a specific period of time, which may vary from cookie to cookie. You may delete the cookies at any time in the security settings of your browser.
c) You may configure your browser settings as required and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out that if you do so, you may not be able to use all of the functions of this website.
d) The flash cookies used are not collected by your browser but by your flash plug-in. They store the necessary data independently of the browser you use and have no automatic expiry date. If you do not wish the flash cookies to be processed, you will have to install an add-on, e.g. “Clear Flash Cookies” for Mozilla Firefox ( or Ado-be Flash Killer Cookie for Google Chrome.
e) Analysis cookies. We use analysis cookies to improve the content and quality of our website. Analy-sis cookies enable us to understand how our website is being used, which allows us to optimize our services on an ongoing basis.

Name of Cookie, Type of Cookie, Purpose of Cookie, Completion of Cookie:

Cookieconsent_Status Persistent cookie Displays cookie information 12 months

PHPSESSID Transient cookie This cookie guarantees the execution of php-applications When a browser ses-sion ends

_ga, _gid Persis-tent cookie Registers a unique ID that is used to generate statistical data on user behavior on the website Different periods of validity: ten years, 24 months, and when a browser session ends

_gat Transi-ent cookie Reduces the requirement rate (Google Analytics) When a browser ses-sion ends

c_user Persis-tent cookie Facebook cookie following registration Three months

Fr, tr Persis-tent cookie Used by Facebook to control a variety of promo-tional offers, such as real-time offers from third parties Three months

1P_JAR,_utma, _utmz Persis-tent cookie These cookies are used to collect website statis-tics for Google Analytics as well as to track con-version rates Four weeks

CONSENT, HSID, NID, SAPISID, SID, SIDCC, SSID Persis-tent cookie This cookie is necessary for Google to collect anonymized, statistical data. No sensitive data is collected when you are not logged into your Google account. When you are logged in, Google links your actions to your account. For more information on Google and the cookies used, please click on the following link: Different periods of validity: between five months and 20 years

_gmb_ga_test Persis-tent cookie This cookie is necessary for Google (Google Analytics) to collect anonymized, statistical data 24 months

JSESSIONID Transi-ent cookie If your browser assigns an anonymized ID (ses-sion ID) for the duration you visit a website in order to be able to bundle several associated requests on the server and assign these to a session When a browser ses-sion ends

This stored information is stored separately from any other data submitted to us. The cookies data, in particu-lar, are not associated with your other data. You can delete any currently saved cookies at any point in time. Automatic deletion is also an option. Processing personal data via the use of cookies required for technical purposes is based on the legal basis of Art. 6 (1) f) of the GDPR. If the respective user has consented to the processing of personal data via the use of cookies for analysis purposes, this consent forms the legal basis in accordance with Art. 6 (1) a) of the GDPR. You may prevent cookies being stored by adjusting the settings in your browser software accordingly; how-ever, we would like to point out that if you do so you may not be able to make full use of all of the functions of this website.


5. Newsletter

With your consent, you can subscribe to our newsletter; we use this newsletter as a means of informing you of the interesting products and services currently available. The goods and services advertised are specified in the declaration of consent. With regard to the procedure for registering for our newsletter, we use the ‘double opt-in’ process. This means that once you have specified your email address, we send you a confirmation email to the email address specified, asking you to please confirm that you would like to receive the newsletter. If you do not confirm that this is the case within a moderate period of time, your registration is deleted automatically. If you confirm that you would like to receive the newsletter, we save your email address until you unsubscribe from the newsletter. Your email is saved purely for the purpose of being able to send you the newsletter. Furthermore, when you register and confirm your registration, we save your IP address and the time so as to prevent any misuse of your personal data. An email address is the only information required for the newsletter to be sent. Specifying additional, specially designated information is voluntary and such information is used only for the purposes of personalizing the newsletter. All of this information is also fully deleted if the subscription to the newsletter is canceled. You can choose to withdraw your consent at any time with regard to receiving the newsletter. You can de-clare your choice to withdraw your consent by clicking on the link provided in each newsletter email, via email to or by means of sending a message via the contact details specified in the Legal Notice. Your data is not passed onto third parties. The consent of the user in accordance with Art. 6 (1) a) of the GDPR forms the legal basis for processing data once the respective user has registered to receive the newsletter. As soon as data collected for a par-ticular purpose is no longer required, it is deleted. Correspondingly, the data from newsletter subscribers is only saved for the duration of the subscription.


6. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP ad-dress) will generally be transmitted to and stored by Google on servers in the United States. If IP anonymiza-tion is activated on this website, Google will truncate your IP address within the Member States of the Euro-pean Union or in other treaty States of the European Economic Area prior to transmitting it to the US. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. Google will use this information on behalf of the website provider for the purpose of evaluating your use of the web-site, compiling reports on website activity and providing the website provider with other services relating to website activity and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google. You may prevent the collection for Google of the data (incl. your IP address) generated by cookies and relat-ed to your use of the website, and the processing of such data, by downloading and installing the browser plug-in that can be accessed at: or by using Google Analytics OptOut on the basis of a cookie. This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in truncated form, thereby preventing them from being traced to a specific person. If the data acquired about you can be attributed to a personal connection, this contact will be dismissed immediately and the personal data will be deleted without delay. We use Google Analytics so that we can analyze the usage of our website and improve it on a continuous basis. Using the statistics obtained, we can improve our services and make these more interesting for you as a user. In exceptional cases in which personal data is transferred to the USA, Google has signed up to the EU-US Privacy Shield: The legal basis for using Google Analytics is Art. 6 (1) (1) f) of the GDPR. The legal basis for processing the personal data of users is Art. 6 (1) f) of the GDPR. Processing the person-al data of users enables us to analyze the browsing behavior of our users. By analyzing the data acquired, we are able to compile information about the use of the individual components that make up our website, which helps us to improve our site and how user-friendly it is on a continuous basis. Our legitimate interest in processing data lies in these objectives in accordance with Art. 6 (1) f) of the GDPR. Anonymizing the IP address means that the user’s interest with regard to the protection of personal data is sufficiently taken into account. The data is deleted as soon as it is no longer required for our recording purposes. Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions:, overview of data protection:, as well as the privacy statement:


7. Use of Social Media Plug-Ins

We currently use the following social media plug-ins: Facebook, Instagram and YouTube. As part of using these plug-ins, we adopt the ‘two-click’ solution. This means that when you visit our site, no personal data is passed onto the provider of these plug-ins. You can identify the provider of the plug-in via the marking on the box above the initial letters of the company name or the logo. We give you the option to communicate directly with the plug-in provider via the button. Only when you click on the marked field and thereby activate it does the plug-in provider receive the information that you have called up the respective web page of our website. In addition, the data referred to under No. 2 of this statement is transferred. In the case of Facebook and Instagram, the IP address is anonymized immediately after it is obtained in Germany according to the infor-mation provided by the respective providers. When the plug-in is activated, personal data is transferred from you to the respective plug-in provider and then saved by the respective provider (in the USA in the case of US providers). As the plug-in provider obtains data primarily via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box. We do not have any influence on the data obtained or the data processing procedures and neither are we aware of the full extent of the data obtained, the purposes of processing the data and the periods for which the data is stored. We also do not have any information on the plug-in providers’ procedures for deleting the data obtained. The plug-in provider saves this data as a usage profile and uses this for the purposes of advertising, con-ducting market research and/or designing its website in line with users’ needs. This data (including the data of users who are not logged in) is analyzed in particular for the purposes of displaying appropriate advertise-ments and informing other users of the social network of your activities on our website. You have the right to object to the creation of this user profile; you need to contact the respective plug-in provider to exercise this right. Through plug-ins, we give you the option of interacting with social networks and other users, so that we can improve our website and make it more interesting for you as a user. The legal basis for using plug-ins is Art. 6 (1) (1) f) of the GDPR. Data is passed on irrespective of whether you have an account with the plug-in provider and are logged into this account. If you are logged into the plug-in provider’s site, the personal data we have obtained from you is directly allocated to your existing account with the plug-in provider. If you press the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and publicly shares it with your contacts. We recommend that you log out regularly after using a social network and espe-cially before activating the button as doing so means that you can avoid data being allocated to your profile by the plug-in provider. You can find more information on the purpose and scope of data collection and data processing by the plug-in providers in the providers’ privacy statements provided below. These statements will also provide you with further information on your rights regarding this matter and how you can adjust your settings to protect your privacy. The addresses of the respective plug-in providers and URLs to their data protection information: a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;; more information on data collection:, applications as well as everyoneinfo. b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; c) Instagram LLC, 1601 Willow Rd Menlo Park CA 94025 USA. You can find more information on data collection at: d) YouTube LLC 901 Cherry Ave. San Brund, CA 94066 USA; you can find more information at:


8. Which Data Protection Rights Can I Enforce as a Concerned Party?

If professional provisions are not in conflict, you have the right:

  • To withdraw any consent given to us at any point in time in accordance with Art. 7 (3) of the GDPR. This results in us no longer being permitted to continue data processing operations based on this consent in the future.
  • To request information on your personal data processed by us at any time in accordance with Art. 15 of the GDPR. In particular, you can request information on the purposes of processing the data, the category of personal data, as well as the source of the data, the categories of recipients to whom your data was or is disclosed, the purpose and intended storage period, the existence of a right to rectify incorrect data, erase data and restrict processing operations or object to data being pro-cessed, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, as well as the existence of an automated decision-making function, including profiling and, where applicable, significant information regarding the profiling details;
  • To request that incorrect or incomplete personal data saved by us is rectified or completed without delay in accordance with Art. 16 of the GDPR;
  • To request that personal data saved by us be erased in accordance with Art. 17 of the GDPR, pro-vided that processing this data is not required for the purposes of exercising freedom of expression and information, fulfilling a legal obligation or for reasons relating to public interest or to establish, exercise or defend legal claims;
  • To request that the processing of your personal data is restricted in accordance with Art. 18 of the GDPR, insofar as you dispute the accuracy of the data, the processing operation is illegal but you refuse the erasure of the data and we no longer require the data, you need this data to establish, exercise or defend legal claims however or you have filed an objection to the processing of your per-sonal data in accordance with Art. 21 of the GDPR;
  • To receive your personal data with which you provided us in a standard, structured format that can be processed by a computer in accordance with Art. 20 of the GDPR or to have this data transferred to another responsible party and
  • raise a complaint regarding data processing with a supervisory authority in accordance with Art. 77 of the GDPR. As a general rule, you can contact the supervisory authority in the area in which you normally live; alternatively, you can contact the supervisory authority of your workplace or our legal office. Please direct any requests for information, or queries or objections to the processing of your data via email to or to the address listed in our Legal Notice.


9. Children

We do not collect the personal data of minors. In the event that such data are collected unwittingly, they will be deleted without delay.


10. Can I Object to My Personal Data Being Processed?

You have the right to object to your personal data being processed for the purposes of direct advertising without having to specify your reasons for doing so. If we process your data to protect legitimate interests, you can object to your data being processed for this purpose for reasons relating to your particular situation. In this case, we no longer process your personal data, unless we can establish compelling and legitimate reasons for processing the data that outweigh your interests, rights and freedoms or if the data is processed for the purposes of establishing, exercising or defending legal claims. In order to make the website available to users and ensure that the website operates correctly, it is neces-sary to record data and save this data in log files. As a result of this, users do not have the option of object-ing to data being processed in this manner. If log files are saved, they are deleted after seven days at the latest and the respective data is not pro-cessed further.


11. Do I have the Option to Raise a Complaint?

If you believe that we are processing your personal data in an illegal manner or that we are violating data protection legislation for other reasons, you can raise a complaint with the supervisory authority responsible for us: State officer for data protection:

Königsstraße 10a
70025 Stuttgart, Germany