The Colors4Beauty App is an application that is operated by MDA. It is installed by the technical providers iTunes or the Google Play Store (Android version) according to their conditions.

We collect and process your personal data only if you request certain services and we need your data for this purpose or if you have voluntarily given us your express consent. The legal basis for processing is Art. 6 Para. 1 b GDPR and Art. 6 Para. 1 a GDPR.

You can do this, for example, by completing a registration form or sending us an email, ordering products or services, submitting inquiries to us, requesting materials or registering. Unless otherwise required by law, we will only use your personal data for the purposes for which you have given your consent.

For special services such as newsletters, sweepstakes, etc. the respective special data protection provisions apply.

The Colors4Beauty App uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your device, to help the app analyze how users use the Colors4Beauty App. The information generated by the cookie about your use of the Colors4Beauty App is usually transferred to a Google server in the USA and stored there. However, if IP anonymization was enabled on Colors4Beauty App, your IP address will be shortened previously by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transferred to a Google server in the USA and shortened there. On behalf of the operator of the Colors4Beauty App, Google will use this information to evaluate your use of the Colors4Beauty App, to compile reports on Colors4Beauty App activity and to provide the Colors4Beauty App operator with further services related to Colors4Beauty App and internet use. The IP address transmitted by your browser within the scope of Google Analytics will not be aggregated with other Google data.

You can prevent Google Analytics from collecting data by making the appropriate settings on your device.

For more information on terms of use and privacy, please visit http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/. Please note that on the Colors4Beauty App Google Analytics has been extended by the code "anonymizeIp" in order to implement an anonymous registration of IP addresses (so-called IP masking).

The legal basis for processing is Art. 6 para. 1 f GDPR, whereby MDA's authorization arises from the fact that, on the one hand, MDA has an interest in evaluating the app data for purposes of app optimization and, on the other hand, a concerned person can reasonably foresee at the time when the personal data is collected and in view of the circumstances under which it is carried out (in particular the above-mentioned measures) that it will possibly be processed for this purpose.

No social media plugins are integrated.

At MDA, those bodies within MDA receive your data that are required to fulfill our contractual and legal obligations. Some data must be disclosed under strict contractual and legal requirements:

• Due to legal obligation:
  
  In certain cases, we are required by law to transfer data to a requesting public authority.
  
  Upon submission of a court order, we are obliged pursuant to § 101 of the German Copyright Act to provide owners of copyright and ancillary copyrights with information about customers who are alleged to have offered copyright-protected works on internet file-sharing sites. In these cases, our information contains the user ID of an IP address allocated at the time requested and, if known, the name and address of the customer.
  
  In other respects, personal data will only be transferred to state institutions and public authorities within the framework of mandatory national legal provisions or if disclosure is necessary in the event of attacks on the network infrastructure for legal or criminal prosecution. The legal basis for processing is Art. 6 Para. 1 c GDPR or § 24 Para. 2 No. 1 German Federal Data Protection Act.
  
  
• To external service providers for data processing:
  
  When service providers get access to our customers' personal data, this usually takes place in the course of so-called order processing of personal data. This is expressly provided for by law. In this case, MDA remains responsible for the protection of your data – in addition, the processor may also be responsible. The service provider works strictly in accordance with our instructions, which we ensure by means of strict contractual regulations, technical and organizational measures and supplementary controls.
  
  MDA works with service suppliers as processors. These are MDA Group companies and service providers for IT services (e. g. for technical-administrative tasks and for usage analysis), telecommunications, consulting and advisory services as well as sales and marketing.
  
  The data protection regulations for instruction-bound order processing of personal data are complied with.
  
  
• To MDA Group companies:
  
  MDA may transfer your personal data to MDA Group companies in order to carry out a business relationship with you or for the purposes of legitimate interests.
  
  If data are transferred abroad, they are based within the EU or the EEA or in a country which, according to the decision of the EU Commission, has an appropriate level of data protection. In the case of data transfers to MDA Group companies domiciled in other countries, MDA ensures by way of guarantees that the data-importing MDA Group company has been obligated to an appropriate level of data protection.

Beyond this, we do not transfer data to third parties unless you have given your express consent, the transfer is obviously necessary for the provision of an offer or service requested by you or this is provided for by law. We also do not intend to transfer your data beyond this to a third country or international organization.

We store data for as long as it is legally necessary or necessary for the provision of the service requested by you, or as long as it has been agreed upon in a declaration of consent.

Push notifications are messages that are sent from the Colors4Beauty App to your device, where they are prioritized and displayed. The Colors4Beauty App usespush notifications only for notifications that, a new pigment/trends/color rainbow has been successfully added. You will also receive push notifications of the latest offers from your favorite retailers in the Coupon Service. You can disable receiving push notifications at any time in your device's settings.

What other rights do I have with regard to my stored data?

You may at any time and free of charge request information about the scope, origin and recipients of the stored data as well as the purpose of the storage; in addition, you have the right to rectification, erasure or restriction of the processing of your data in accordance with data protection regulations, a right to object to the processing as well as a right to data portability. Please note that there is a right of appeal to a supervisory authority.

You have the right to withdraw your consent to the use of your data at any time. Just send an email to colors4beauty@emdgroup.com or send a letter to the following address:

Merck KGaA, Darmstadt, Germany
Electronics
Surface Solutions

Frankfurter Strasse 250
64293 Darmstadt, Germany

The data processing performed on the basis of your consent is legal until the time of withdrawal.

If you have any questions or comments, please feel free to contact our Group Data Protection Officer at any time:

Merck KGaA, Darmstadt, Germany
Group Data Protection Officer
Frankfurter Strasse 250
64293 Darmstadt, Germany

privacy@emdgroup.com

This data privacy declaration is up-to-date and dates from 2019, March, 22nd. We reserve the right to amend the data privacy declaration at any time with effect for the future, in particular to adapt it to a further development of the website or the implementation of new technologies.