Cookie Policy

ICONS OF SKIN MAISON

COOKIE POLICY

(EU / EEA — ePrivacy Directive & GDPR Compliant)

VERSION 2.0

 

 

COVER NOTE FOR REVIEWING COUNSEL

This document (Version 2.0) has been prepared by the US-side compliance team of Royce Roll Design Group, LLC (d/b/a Icons of Skin Maison) for review and validation by German legal counsel prior to publication.

 

The following material changes were made from Version 1.0 to eliminate vulnerabilities to Abmahnungen under German law:

·         1. ClearSale Reclassification: ClearSale fraud prevention technology has been reclassified from "strictly necessary" to "Functional — Fraud Prevention" requiring explicit user consent. The contradictory dual classification in V1.0 (Sections 5 and 7) has been resolved. All references to a Legitimate Interest Assessment (LIA) have been removed, as no such assessment exists.

·         2. Weglot Reclassification: The Weglot language preference cookie has been reclassified as "Strictly Necessary" under § 25(2) TTDSG, as it is essential for providing the multilingual service explicitly requested by the user.

·         3. Art. 27 EU Representative [ACTION REQUIRED]: The Article 27 GDPR EU Representative address remains a placeholder. THIS MUST BE COMPLETED BEFORE PUBLICATION. The policy cannot go live with a blank mandatory field.

·         4. GA4 Data Retention Clarification: Google Analytics 4 data retention language has been clarified to distinguish between event-level data (2 months) and aggregated non-personal statistical data (which may persist).

·         5. Cookie Duration Specificity: Cookie durations have been specified per individual cookie where possible, replacing vague ranges.

·         6. Consent Retention Justification: Consent record retention of 3 years is now explicitly tied to the German statute of limitations under § 195 BGB.

·         7. "No Disadvantage" Clause Added: An explicit statement has been added confirming that refusing non-essential cookies will not restrict access to the Online Store or its core purchasing functionality.

Reviewing counsel is requested to: (a) validate the ClearSale classification under current TTDSG/GDPR guidance; (b) confirm the Weglot reclassification; (c) insert the Art. 27 representative address; and (d) confirm the document is suitable for publication to German, Austrian, Dutch, and Nordic consumers.

 

1. WEBSITE OPERATOR AND DATA CONTROLLER

This Cookie Policy applies to the website www.the-ios.maison (the "Online Store"), operated by:

 

Legal Entity:                Royce Roll Design Group, LLC

Trading As (DBA):       Icons of Skin Maison

Registered Office:       1000 Brickell Avenue, Suite #715, Miami, FL 33131, USA

Email:                         privacy@the-ios.maison

Telephone:                  +1 305 317 4117

 

 

For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the data controller for personal data processed through cookies on this website is Royce Roll Design Group, LLC. For full details on how we process your personal data, please see our Privacy Policy at www.the-ios.maison/pages/privacy-policy.

 

2. WHAT ARE COOKIES AND SIMILAR TECHNOLOGIES?

Cookies are small text files that are placed on your device (computer, tablet, or smartphone) when you visit a website. Cookies are widely used to make websites work, to improve their efficiency, and to provide information to the website operator.

Similar technologies include:

·         Web beacons (tracking pixels): Tiny, invisible images embedded in web pages that notify the website operator when a page has been viewed.

·         Local storage (HTML5): Small amounts of data stored in your browser for session management.

·         Device fingerprinting: The collection of information about your device configuration for the purpose of fraud prevention during the checkout process.

In this Cookie Policy, the term "cookies" refers to cookies and all similar technologies unless otherwise specified.

 

3. LEGAL BASIS FOR THE USE OF COOKIES

The use of cookies on our Online Store is governed by:

·         Article 5(3) of Directive 2002/58/EC (the "ePrivacy Directive") as implemented in the national law of each EU Member State;

·         Regulation (EU) 2016/679 (the "GDPR"), in particular Article 6(1)(a) (consent) for the processing of personal data collected through non-essential cookies;

·         § 25 of the German Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG) — the German implementation of the ePrivacy Directive, which requires prior informed consent for all cookies and similar technologies that are not strictly necessary for the provision of the service explicitly requested by the user.

In summary:

·         Strictly Necessary Cookies: Do not require your consent. They are placed under Article 5(3) of the ePrivacy Directive (and § 25(2) TTDSG in Germany) because they are essential for the website to function or to provide a service you have explicitly requested.

·         All Other Cookies (Functional, Analytics, Marketing): Require your prior, informed, freely given, and unambiguous consent before they are placed on your device. These cookies are blocked by default and are only activated after you grant consent through our Cookie Consent Management Platform. You will suffer no disadvantage, restriction of access, or reduction in service quality if you choose to refuse these cookies.

4. COOKIE CONSENT MANAGEMENT PLATFORM (CMP)

We use Pandectes GDPR Compliance as our Cookie Consent Management Platform ("CMP"). Pandectes is an EU-based service provider that manages cookie consent in compliance with the GDPR, the ePrivacy Directive, and the German TTDSG.

 

4.1 How the Cookie Banner Works

 

When you first visit our Online Store, you will be presented with a cookie consent banner. The banner provides you with the following options:

·         "Accept All" — activates all cookie categories (strictly necessary, functional, and analytics);

·         "Reject All" — activates only strictly necessary cookies; all other cookies remain blocked;

·         "Customize Preferences" — allows you to select which categories of cookies you wish to accept or reject individually.

The "Reject All" button is presented with equal prominence, size, color, and placement as the "Accept All" button, in compliance with the requirements of the German Datenschutzkonferenz (DSK) and the Court of Justice of the European Union ruling in Case C-673/17 (Planet49).

Refusing all non-essential cookies will not prevent you from browsing the Online Store, adding items to your cart, or completing a purchase. Core website functionality is not contingent upon your acceptance of non-essential cookies.

 

 

4.2 Changing Your Cookie Preferences

 

You may change or withdraw your cookie consent at any time by:

·         Clicking the cookie settings link in the footer of our website (available on every page);

·         Clearing your browser cookies and revisiting the website, which will trigger the cookie banner again.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

4.3 Consent Records

 

Pandectes GDPR Compliance stores a record of your consent decision, including:

·         The date and time of your consent or refusal;

·         The categories of cookies you accepted or rejected;

·         Your IP address (anonymized) and browser information for identification purposes;

·         The version of the cookie banner presented to you.

These records are retained for a period of three (3) years. This retention period is aligned with the standard limitation period for regulatory and civil claims under § 195 of the German Civil Code (Bürgerliches Gesetzbuch, "BGB") and serves the accountability obligations of the data controller under Article 5(2) GDPR and the documentation requirements of § 25 TTDSG.

 

5. COOKIE CATEGORIES AND DETAILED COOKIE LIST

The following table sets out all cookies used on our Online Store, organized by category. This list is reviewed and updated whenever new cookies are added or existing cookies are changed.

6. GOOGLE ANALYTICS 4 — SPECIFIC CONFIGURATION AND SAFEGUARDS

 

We use Google Analytics 4 ("GA4") to understand how visitors interact with our Online Store. GA4 is configured with the following privacy-protective settings:

·         EU data residency enabled: All analytics data is processed on servers located within the European Union;

·         IP anonymization: Active by default in GA4 — your full IP address is never stored;

·         Google Signals: Disabled — we do not use cross-device tracking or demographic reporting;

·         Data retention: Event-level data retention is set to the minimum period of 2 months. Aggregated, non-personal statistical reports (which contain no data attributable to any individual user) may persist beyond this period for internal performance analysis;

·         Consent-gated loading: GA4 scripts are blocked by Pandectes GDPR Compliance and do not load until you grant consent for "Analytics" cookies via the cookie banner. No data is collected by GA4 if you reject analytics cookies.

·          

6.1 Opting Out of Google Analytics

You may opt out of Google Analytics at any time by:

·         Rejecting or withdrawing consent for "Analytics" cookies via the cookie settings link in the footer of our website;

·         Installing the Google Analytics Opt-Out Browser Add-on, available at: https://tools.google.com/dlpage/gaoptout

7. CLEARSALE — FRAUD PREVENTION TECHNOLOGY

We use ClearSale for fraud prevention and risk assessment during the checkout process. ClearSale collects device fingerprint data, IP address, geolocation (country/city level), and behavioral patterns to detect and prevent fraudulent transactions.

ClearSale is classified as a Functional — Fraud Prevention technology. Because ClearSale employs device fingerprinting and behavioral analysis that extends beyond what is strictly necessary for the technical delivery of the checkout service, it requires your consent before activation.

 

ClearSale is subject to the following scope limitations:

·         ClearSale technology is activated only during the checkout process and only after you have granted consent for "Functional" cookies;

·         ClearSale does not track, profile, or monitor your browsing behavior outside of the checkout context;

·         ClearSale does not use the collected data for marketing, advertising, or any purpose other than fraud prevention for the specific transaction;

·         Data collected by ClearSale is retained only for the duration of the transaction review period (maximum 12 months for chargeback and dispute resolution purposes) and is thereafter deleted.

If you do not grant consent for Functional cookies, ClearSale will not be activated. You may still complete your purchase; however, your order may be subject to additional manual verification procedures to ensure transaction security. No order is automatically rejected by ClearSale without human review.

For further information on ClearSale's data processing, please see our Privacy Policy, Section 6 (Recipients of Your Personal Data).

 

8. THIRD-PARTY COOKIES AND INTERNATIONAL DATA TRANSFERS

Certain cookies on our Online Store are placed by third-party service providers. Where these providers are located outside the European Economic Area ("EEA"), we ensure that appropriate safeguards are in place for any transfer of personal data:

 

 

 

For full details on international data transfers, including copies of applicable Standard Contractual Clauses, please see our Privacy Policy, Section 7 (International Data Transfers), or contact us at privacy@the-ios.maison

 

9. HOW TO MANAGE COOKIES IN YOUR BROWSER

In addition to using our Cookie Consent Management Platform, you may manage cookies directly through your browser settings. Please note that disabling certain strictly necessary cookies may affect the functionality of our Online Store (for example, you may not be able to add items to your cart or complete checkout).

Instructions for managing cookies in common browsers:

·         Google Chrome: Settings → Privacy and Security → Cookies and other site data

·         Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data

·         Safari: Preferences → Privacy → Manage Website Data

·         Microsoft Edge: Settings → Cookies and site permissions → Manage and delete cookies

For more information about cookies and how to manage them, you may visit:

·         https://www.allaboutcookies.org

·         https://www.youronlinechoices.eu

 10. YOUR RIGHTS UNDER THE GDPR

To the extent that cookies process your personal data, you have the following rights under the GDPR:

·         The right of access (Article 15 GDPR);

·         The right to rectification (Article 16 GDPR);

·         The right to erasure (Article 17 GDPR);

·         The right to restriction of processing (Article 18 GDPR);

·         The right to data portability (Article 20 GDPR);

·         The right to object to processing (Article 21 GDPR);

·         The right to withdraw consent at any time (Article 7(3) GDPR), without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights in relation to cookie data, please contact us at:

 

Email:                                     privacy@the-ios.maison

Postal:                                     Icons of Skin Maison — Privacy Department,c/o

Royce Roll Design Group, LLC,

1000 Brickell Avenue, Suite #715,

Miami, FL 33131, USA

EU Representative

(Article 27 GDPR):

 

[⚠️ ACTION REQUIRED — TO BE INSERTED BY GERMAN COUNSEL BEFORE PUBLICATION. THIS FIELD IS MANDATORY UNDER ART. 27 GDPR. THE POLICY MUST NOT BE PUBLISHED WITH THIS FIELD BLANK.]

 

You also have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. For German residents, the competent supervisory authorities include the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) and the data protection authority of your respective Bundesland.

 

11. CHANGES TO THIS COOKIE POLICY

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, changes in legal requirements, or changes in our business practices. When we make material changes:

·         The updated Cookie Policy will be published on our Online Store with a new "Last Updated" date;

·         If new categories of cookies are introduced that require your consent, you will be presented with a new cookie consent banner;

·         We will not rely on previously given consent for new cookie categories — fresh, specific consent will be obtained.

12. RELATIONSHIP TO OUR PRIVACY POLICY

This Cookie Policy is a standalone document that should be read in conjunction with our Privacy Policy (available at www.the-ios.maison/pages/privacy-policy). Where this Cookie Policy addresses the use of cookies and similar technologies specifically, our Privacy Policy provides comprehensive information about all processing of your personal data, including data collected through cookies.

In the event of any inconsistency between this Cookie Policy and our Privacy Policy regarding the use of cookies and similar technologies, this Cookie Policy shall prevail.

 

13. CONTACT US

If you have any questions about this Cookie Policy or our use of cookies, please contact us:

Cookie & Privacy Inquiries:                 privacy@the-ios.maison

General Customer Service:                 ClientService@the-ios.maison

Postal Address:                                   Icons of Skin Maison — Privacy Department, c/o Royce Roll Design Group, LLC,

1000 Brickell Avenue, Suite #715,

Miami, FL 33131, USA

EU Representative (Art. 27 GDPR):      [⚠️ TO BE INSERTED BEFORE PUBLICATION]

Telephone:                                          +1 305 317 4117