Privacy policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data means any data that can be used to personally identify you. Detailed information on data protection can be found in the following sections of this Privacy Policy.

Data Collection on This Website

Some data is collected automatically when you visit the website by our IT systems (e.g., browser, operating system, time of page access, IP address). Other data is collected when you provide it to us (e.g., via a contact form or by email).

What Do We Use Your Data For?

Some data is collected to ensure the website can be provided without errors. We also process data for security purposes (e.g., to defend against attacks). If you have given your consent, data may also be used to analyze and optimize our online offering.

What Rights Do You Have Regarding Your Data?

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time with effect for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

2. Data Controller

JW Sales GmbH
Kölner Straße 8
70376 Stuttgart
Germany

Tel: +49(0) 711 – 54 004 – 0
Fax: +49(0) 711 – 54 004 – 55
E-Mail: info@cosmedico.de

3. Data Protection Officer

Susanne Hörmann
Kölner Straße 8
70376 Stuttgart
E-Mail: susanne.hoermann@jw-holding.de

4. Hosting

This website is hosted externally. The personal data collected on this website is processed on the servers of the hosting provider. This may include, in particular, IP addresses, website access data, meta and communication data, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR). If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device. Consent can be revoked at any time.

We use the following hosting provider:
ESTUGO
Schuhhagen 30
D – 17489 Greifswald

Data Processing Agreement
We have concluded a data processing agreement (DPA) with the hosting provider named above.

5. Cookies & Consent Management (Real Cookie Banner)

This website uses the consent technology of Real Cookie Banner to obtain your consent for the storage of certain cookies on your end device or for the use of certain technologies and to document this in compliance with data protection law. The provider is devowl.io GmbH, Tannet 12, 94539 Grafling, Germany.

Real Cookie Banner is installed locally on our servers. Real Cookie Banner stores a cookie in your browser in order to be able to assign consents and/or their revocation. The data collected in this way is stored until you request deletion, delete the cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.

Legal bases: Art. 6(1)(c) GDPR (legal obligation) and – where necessary – Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

6. Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a technically error-free presentation, stability, and security).

7. Contact

If you contact us by email, telephone, or fax, your inquiry, including all resulting personal data (e.g., name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not pass this data on without your consent.

Processing is carried out on the basis of Art. 6(1)(b) GDPR, insofar as your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6(1)(f) GDPR).

The data remains with us until you request deletion, the purpose for storing the data no longer applies, or statutory retention obligations prevent deletion.

8. Forms (Avada Forms)

We use Avada Forms (Avada Theme) for forms on this website. When a form is submitted, the data you enter (e.g., name, email address, message) is processed to handle your inquiry.

In the Avada form settings, the storage of the IP address and user agent for form submissions is disabled (Store IP and User Agent: No).

Legal bases: Art. 6(1)(b) GDPR (contract/pre-contractual measures) or Art. 6(1)(f) GDPR (handling inquiries). If consent is requested, additionally Art. 6(1)(a) GDPR.

Retention period: Form data is deleted as soon as it is no longer required for processing and no statutory retention obligations prevent deletion.

9. Web Analytics (Google Analytics via Site Kit)

This website uses Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to analyze website usage. Google Analytics uses cookies or similar technologies to collect and evaluate information about how the website is used (e.g., pages accessed, technical information about the device/browser, referrer URL, interactions).

Integration is carried out via Site Kit by Google.

Consent: Google Analytics is only activated after your consent via the cookie banner.

Legal bases: Art. 6(1)(a) GDPR (consent) in conjunction with Section 25(1) TDDDG. You can revoke your consent at any time.

Third-country transfer: A transfer of data to third countries (in particular the USA) cannot be ruled out. Google regularly uses appropriate safeguards for this purpose (e.g., Standard Contractual Clauses). Further information can be found in Google’s privacy notices.

10. Google Search Console & PageSpeed Insights (Site Kit)

We also use Site Kit to integrate Google Search Console and PageSpeed Insights in order to analyze and improve the technical performance and discoverability of our website. These services are used primarily for administrative purposes. As a rule, this does not set cookies for website visitors.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in optimization and stable provision).

11. Security (Wordfence Security)

We use Wordfence Security to protect this website (e.g., firewall, detection/defense against attacks). Technical data (e.g., IP address, access attempts, header information) may be processed to detect and defend against attacks.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security of the website).

12. Multilingualism (WPML)

We use WPML (WPML Multilingual CMS) to provide multilingual content. Technical information required for language selection and display is processed for this purpose (e.g., language setting).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a user-friendly multilingual presentation).

13. Performance & Caching

To optimize performance and stability, we use local optimizations (e.g., server-side object caching via Redis Object Cache and optimization functions via WP-Optimize). As a rule, no personal data is transferred to third-party providers in this process.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in fast, secure operation).

14. iFrame Configurator (Internal Service)

This website includes an iFrame that refers to a configurator which is also operated on the servers of our hosting provider (ESTUGO). No external third-party provider is integrated as a result.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in functionality).

15. Local Hosting of Google Fonts

This site uses so-called Google Fonts for the consistent display of fonts; these are installed locally. No connection to Google servers is established.

Legal basis: Art. 6(1)(f) GDPR.

16. Your Rights

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR), in particular where processing is based on Art. 6(1)(f) GDPR
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may withdraw consent that you have already given at any time with effect for the future. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected.

Right to Object to Processing (Art. 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. WE WILL THEN NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. This right exists without prejudice to any other administrative or judicial remedy.

17. SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and a lock symbol is displayed in your browser line.

If SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

18. Status

Status: March 2026

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data means any data that can be used to personally identify you. Detailed information on data protection can be found in the following sections of this Privacy Policy.

Data Collection on This Website

Some data is collected automatically when you visit the website by our IT systems (e.g., browser, operating system, time of page access, IP address). Other data is collected when you provide it to us (e.g., via a contact form or by email).

What Do We Use Your Data For?

Some data is collected to ensure the website can be provided without errors. We also process data for security purposes (e.g., to defend against attacks). If you have given your consent, data may also be used to analyze and optimize our online offering.

What Rights Do You Have Regarding Your Data?

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time with effect for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

2. Data Controller

JW Sales GmbH
Kölner Straße 8
70376 Stuttgart
Germany

Tel: +49(0) 711 – 54 004 – 0
Fax: +49(0) 711 – 54 004 – 55
E-Mail: info@cosmedico.de

3. Data Protection Officer

Susanne Hörmann
Kölner Straße 8
70376 Stuttgart
E-Mail: susanne.hoermann@jw-holding.de

4. Hosting

This website is hosted externally. The personal data collected on this website is processed on the servers of the hosting provider. This may include, in particular, IP addresses, website access data, meta and communication data, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR). If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device. Consent can be revoked at any time.

We use the following hosting provider:
ESTUGO
Schuhhagen 30
D – 17489 Greifswald

Data Processing Agreement
We have concluded a data processing agreement (DPA) with the hosting provider named above.

5. Cookies & Consent Management (Real Cookie Banner)

This website uses the consent technology of Real Cookie Banner to obtain your consent for the storage of certain cookies on your end device or for the use of certain technologies and to document this in compliance with data protection law. The provider is devowl.io GmbH, Tannet 12, 94539 Grafling, Germany.

Real Cookie Banner is installed locally on our servers. Real Cookie Banner stores a cookie in your browser in order to be able to assign consents and/or their revocation. The data collected in this way is stored until you request deletion, delete the cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.

Legal bases: Art. 6(1)(c) GDPR (legal obligation) and – where necessary – Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

6. Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a technically error-free presentation, stability, and security).

7. Contact

If you contact us by email, telephone, or fax, your inquiry, including all resulting personal data (e.g., name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not pass this data on without your consent.

Processing is carried out on the basis of Art. 6(1)(b) GDPR, insofar as your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6(1)(f) GDPR).

The data remains with us until you request deletion, the purpose for storing the data no longer applies, or statutory retention obligations prevent deletion.

8. Forms (Avada Forms)

We use Avada Forms (Avada Theme) for forms on this website. When a form is submitted, the data you enter (e.g., name, email address, message) is processed to handle your inquiry.

In the Avada form settings, the storage of the IP address and user agent for form submissions is disabled (Store IP and User Agent: No).

Legal bases: Art. 6(1)(b) GDPR (contract/pre-contractual measures) or Art. 6(1)(f) GDPR (handling inquiries). If consent is requested, additionally Art. 6(1)(a) GDPR.

Retention period: Form data is deleted as soon as it is no longer required for processing and no statutory retention obligations prevent deletion.

9. Web Analytics (Google Analytics via Site Kit)

This website uses Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to analyze website usage. Google Analytics uses cookies or similar technologies to collect and evaluate information about how the website is used (e.g., pages accessed, technical information about the device/browser, referrer URL, interactions).

Integration is carried out via Site Kit by Google.

Consent: Google Analytics is only activated after your consent via the cookie banner.

Legal bases: Art. 6(1)(a) GDPR (consent) in conjunction with Section 25(1) TDDDG. You can revoke your consent at any time.

Third-country transfer: A transfer of data to third countries (in particular the USA) cannot be ruled out. Google regularly uses appropriate safeguards for this purpose (e.g., Standard Contractual Clauses). Further information can be found in Google’s privacy notices.

10. Google Search Console & PageSpeed Insights (Site Kit)

We also use Site Kit to integrate Google Search Console and PageSpeed Insights in order to analyze and improve the technical performance and discoverability of our website. These services are used primarily for administrative purposes. As a rule, this does not set cookies for website visitors.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in optimization and stable provision).

11. Security (Wordfence Security)

We use Wordfence Security to protect this website (e.g., firewall, detection/defense against attacks). Technical data (e.g., IP address, access attempts, header information) may be processed to detect and defend against attacks.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security of the website).

12. Multilingualism (WPML)

We use WPML (WPML Multilingual CMS) to provide multilingual content. Technical information required for language selection and display is processed for this purpose (e.g., language setting).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a user-friendly multilingual presentation).

13. Performance & Caching

To optimize performance and stability, we use local optimizations (e.g., server-side object caching via Redis Object Cache and optimization functions via WP-Optimize). As a rule, no personal data is transferred to third-party providers in this process.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in fast, secure operation).

14. iFrame Configurator (Internal Service)

This website includes an iFrame that refers to a configurator which is also operated on the servers of our hosting provider (ESTUGO). No external third-party provider is integrated as a result.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in functionality).

15. Local Hosting of Google Fonts

This site uses so-called Google Fonts for the consistent display of fonts; these are installed locally. No connection to Google servers is established.

Legal basis: Art. 6(1)(f) GDPR.

16. Your Rights

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR), in particular where processing is based on Art. 6(1)(f) GDPR
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may withdraw consent that you have already given at any time with effect for the future. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected.

Right to Object to Processing (Art. 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. WE WILL THEN NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. This right exists without prejudice to any other administrative or judicial remedy.

17. SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and a lock symbol is displayed in your browser line.

If SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

18. Status

Status: March 2026