Privacy policy

We are pleased that you are interested in our offer and thank you for your trust. Trust is important to us and therefore the protection of your privacy when using our website is also important to us. We always treat your data with the utmost confidentiality and naturally observe all relevant legal regulations.

Privacy policy

In this privacy policy, we inform you about the processing of personal data when using our website.

Personal data is information that relates to an identified or identifiable person. This primarily includes information that allows conclusions to be drawn about your identity, for example your name, your telephone number, your address or e-mail address. Statistical data which we collect, for example, when you visit our website and which cannot be linked to your person do not fall under the concept of personal data.

You can print or save this privacy policy by using the usual functionality of your browser.

 

1. Contact

The contact person and so-called controller for the processing of your personal data when visiting this website within the meaning of the EU General Data Protection Regulation (GDPR) is Cosmedica Estetik Turizm Sağlık Hizmetleri Sanayi ve Tic.Ltd.Şti Nisbetiye mah, Aytar Cad. Baslik Sokak No:3B, 34340 Beşiktaş/Istanbul Turkey, Phone: (+90 544 556 05 55, e-mail address: contact@hairpowerstore.com).

2. Data processing on our website

2.1. Calling up our website / access data

Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data includes in particular:

  • IP address of the requesting device;
  • Date and time of the request;
  • Address of the website accessed and the requesting website;
  • Information about the browser and operating system used;
  • Online identifiers (e.g. device identifiers, session IDs).

The data processing of this access data is necessary to enable the visit of the website and to ensure the permanent functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above, in order to create statistical information about the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices used to access the pages increases) and to generally maintain our website administratively. The legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO.

The information stored in the log files does not allow any direct inference to your person; in particular, we only store the IP addresses in shortened, anonymised form. The log files are stored for 30 days and archived after subsequent anonymisation.

2.2. Contact

You have various options for contacting us. In this context, we process the data you provide when contacting us exclusively for the purpose of communicating with you. The legal basis is Art. 6 para. 1 lit. b DSGVO. The data we collect will be automatically deleted once we have fully processed your request, unless we still need your request to fulfil contractual or legal obligations (see section “Storage period”).

2.3. Registration

You have the option of registering for our login area in order to be able to use the full range of functions of our website (e.g. for ordering in our online shop, except for guest orders). We have highlighted the data you are required to enter by marking them as mandatory fields. Registration is not possible without this data. The legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

2.4. Orders

During an order process, we collect mandatory data necessary for the processing of the contract:

  • First and last name;
    Date of birth (only for some payment methods);
  • E-mail address;
  • Password;
  • Billing and shipping
  • address;
  • Payment information, payment data.

Optional sind Angaben wie Telefon- und Faxnummer möglich, damit wir Sie bei Rückfragen auch auf diesen Wegen kontaktieren können. Rechtsgrundlage der Verarbeitung ist Art. 6 Abs. 1 S. 1 lit. b DSGVO.

2.5. Payment options, payment service provider

For orders in our online shop, we offer the payment methods commonly used in the online sector (e.g. PayPal). We work with various payment service providers from whom we receive your payment data or to whom we transmit your payment data. Without these payment data and payment service providers, the payment and contract processing is not possible. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b DSGVO.

Our payment service providers are

  • for payment by Paypal: PayPal (Europe) S.à r.l. et Cie, S.C.A, 22-24 Boulevard Royal, L-2449 Luxembourg (https://www.paypal.com)

2.6. Newsletters and promotional mailings

You have the option of subscribing to our newsletter, in which we will regularly inform you about innovations to our products and promotions.

For ordering our newsletters, we use the so-called double opt-in procedure, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The storage is solely for the purpose of sending you the newsletter and to be able to prove your registration.

In addition, we send you promotional mailings in which we ask you, for example, for your feedback on your order or inform you about the products you have purchased or products that are related to your purchase. The legal basis for this data processing is Art. 6 para. 1 lit. f DSGVO.

For the dispatch of our newsletters and promotional mailings, we work together with service providers to whom we transmit, among other things, your e-mail address and your newsletter registration in order to be able to send you the newsletters and promotional mailings. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b, f DSGVO.

We will only pass on your data to third parties within the framework of the legal provisions or with the corresponding consent. Otherwise, we will not disclose your data to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).

The necessary data protection contracts have been concluded with all service providers.

You can unsubscribe from the newsletter and promotional mailings at any time or object to receiving them. A corresponding unsubscribe link can be found in every newsletter and advertising mailing. A message to the contact details provided above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient for this purpose. The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a DSGVO.

In our newsletters and promotional mailings, we use standard market technologies with which the interactions with the newsletters can be measured (e.g. opening of the e-mail, links clicked on). We use this data in pseudonymous form for general statistical evaluations and to optimise and further develop our content and customer communication. This is done with the help of small graphics embedded in the newsletter (so-called pixels). The data is collected exclusively in pseudonymised form and is not linked to your other personal data. The legal basis for this is our aforementioned legitimate interest in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO. We want to share content that is as relevant as possible for our customers via our newsletter and better understand what readers are actually interested in. If you do not want the analysis of usage behaviour, you can unsubscribe from the newsletters or deactivate graphics in your email programme by default. The data on interaction with our newsletters is stored pseudonymously for 30 days and then completely anonymised.

2.7. Surveys and competitions

If you participate in one of our surveys, we use your data for market and opinion research. We always evaluate the data anonymously for internal purposes. If, exceptionally, surveys are not evaluated anonymously, the data is only collected with your consent. In the case of anonymous surveys, the DSGVO is not applicable and in the case of exceptionally personal evaluations, the legal basis is the aforementioned consent according to Art. 6 para. 1 p. 1 lit. a DSGVO.

In the context of competitions, we use your data for the purpose of conducting the competition and notifying you of the prize. Detailed information can be found in the conditions of participation for the respective competition. The legal basis for the processing is the competition contract pursuant to Art. 6 para. 1 p. 1 lit. b DSGVO.

2.8. Use of own cookies

For some of our services it is necessary that we use so-called cookies. A cookie is a small text file that is stored on your device by the browser. Cookies are not used to run programs or download viruses onto your computer. The main purpose of our own cookies is rather to provide an offer tailored specifically to you and to make the use of our services as time-saving as possible.

Most browsers are set to accept cookies by default. However, you can adjust your browser settings so that cookies are rejected or only stored with your prior consent. If you reject cookies, not all of our offers can function without problems for you.

We use our own cookies in particular

  • for login authentication,
  • for load balancing,
  • for the wish list function,
  • for cross-session storage of your shopping cart.
    to note that information placed on our website has been displayed to you – so that it is not displayed again the next time you visit the website.

In this way, we want to enable you to use our website more conveniently and individually. These services are based on our aforementioned legitimate interests, the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.

In addition, we also use cookies and comparable technologies (e.g. web beacons) from partners for analysis and marketing purposes. This is described in more detail in the following sections.

2.9. Use of cookies and comparable technologies for analysis purposes

In order to improve our website, we use cookies and comparable technologies (e.g. web beacons) for statistical collection and analysis of general usage behaviour based on access data. We also use analysis services to evaluate the use of our various marketing channels.

The legal basis for the data processing described in the following section is Art. 6 (1) sentence 1 lit. f DSGVO, based on our legitimate interest in the needs-based design and continuous optimisation of our website.

In the following list of the technologies we use, you will also find information on how to object to our analysis measures by means of a so-called opt-out cookie. Please note that after deleting all cookies in your browser or the subsequent use of another browser and/or profile, an opt-out cookie must be set again.

2.10. Google Analytics

Unsere Website verwendet Google Analytics, einen Webanalysedienst der Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Google Analytics verwendet Cookies und ähnliche Technologien, um unsere Website anhand Ihres Nutzerverhaltens zu analysieren und verbessern zu können. Die in diesem Zusammenhang anfallenden Daten können von Google zur Auswertung an einen Server in den USA übertragen und dort gespeichert werden. Für den Fall, dass personenbezogene Daten in die USA übertragen werden, hat sich Google dem EU-US Privacy Shield unterworfen. Ihre IP-Adresse wird jedoch vor der Auswertung der Nutzungsstatistiken gekürzt, sodass keine Rückschlüsse auf Ihre Identität erfolgen können. Hierzu wurde Google Analytics auf unserer Website um den Code „anonymizeIP“ erweitert, um eine anonymisierte Erfassung von IP-Adressen zu gewährleisten.

Google wird die durch die Cookies gewonnenen Informationen verarbeiten, um Ihre Nutzung der Website auszuwerten, um Reports über die Websiteaktivitäten für die Websitebetreiber zusammenzustellen und um weitere mit der Websitenutzung und der Internetnutzung verbundene Dienstleistungen zu erbringen.

Sie können Ihren Browser so konfigurieren, dass er Cookies abweist, oder Sie können die Erfassung der durch Cookies erzeugten und auf Ihre Nutzung dieser Website bezogenen Daten (inkl. Ihrer IP-Adresse) sowie die Verarbeitung dieser Daten durch Google verhindern, indem Sie das von Google bereitgestelltes Browser-Add-On herunterladen und installieren. Alternativ zum Browser-Add-On oder wenn Sie unsere Website von einem mobilen Endgerät aufrufen, nutzen Sie bitte diesen Opt-Out-Link . Dadurch wird Erfassung durch Google Analytics innerhalb dieser Website zukünftig zu verhindern (das Opt-Out funktioniert nur in dem Browser und nur für diese Domain). Löschen Sie Ihre Cookies in diesem Browser, müssen Sie diesen Link erneut klicken.

Nähere Informationen hierzu finden Sie in der Datenschutzerklärung von Google.

 

2.11. Use of cookies and comparable technologies for online advertising technologies

We also use cookies and similar technologies for advertising purposes. Some of the access data collected when using our website is used for interest-based advertising. By analysing and evaluating this access data, we are able to display personalised advertising to you on our website and on the websites of other providers. This means advertising that corresponds to your actual interests and needs.

The legal basis for the data processing described in the following section is Art. 6 para. 1 sentence 1 lit. f DSGVO based on our legitimate interest in advertising our products and services in a personalised form.

In the following section, we would like to explain these technologies and the providers used for this purpose in more detail.

The data collected may include in particular

  • the IP address of the device,
  • the date and time of access,
  • the identification number of a cookie,
  • the device identifier of mobile devices
    technical information about the browser and the operating system.

However, the collected data is only stored pseudonymously, so that no direct conclusions can be drawn about the persons.

In the following descriptions of the technologies we use, you will also find information on how to object to our analysis and advertising measures by means of a so-called opt-out cookie. Alternatively, you can exercise your objection through corresponding settings on the websites Truste or Your Online Choices, which provide bundled objection options from many advertisers. Both sites allow you to deactivate all ads at once for the listed providers by means of opt-out cookies or, alternatively, to make the settings for each provider individually. Please note that after deleting all cookies in your browser or the subsequent use of another browser and/or profile, an opt-out cookie must be set again.

 

2.11.1. Facebook conversion and retargeting tags

For marketing purposes, our websites use so-called conversion and retargeting tags (also “Facebook pixel”) of the social network Facebook, a service of Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”). We use Facebook Pixel to analyse the general use of our websites and to track the effectiveness of Facebook advertising (“conversion”). In addition, we use the Facebook pixel to play you individualised advertising messages based on your interest in our products (“retargeting”). For this purpose, Facebook processes data that the service collects via cookies and similar technologies on our websites.

The data collected in this context may be transferred by Facebook to a server in the USA for analysis and stored there. In the event that personal data is transferred to the USA, Facebook has submitted to the EU-US Privacy Shield.

If you are a Facebook member and have allowed Facebook to do so via the privacy settings of your account, Facebook can also link the information collected about your visit to us with your member account and use it for the targeted placement of Facebook ads. You can view and change the privacy settings of your Facebook profile at any time. If you are not a Facebook member, you can prevent data processing by Facebook by clicking the deactivation button for the “Facebook” provider on the TRUSTe website mentioned above. You can still prevent data processing by clicking the following button. CUSTOM OPT-OUT


If you deactivate data processing by Facebook, Facebook will only display general Facebook ads that are not selected on the basis of the information collected about you.

For more information, please see Facebook’s privacy policy.

 

2.11.2. Google AdWords Conversion-Tracking und Remarketing

Our websites use the “AdWords Conversion Tracking” and “AdWords Remarketing” services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). By means of “AdWords Conversion Tracking”, we record and analyse defined customer actions (such as clicking on an advertisement, page views, downloads). We use “AdWords Remarketing” to show you individualised advertising messages for our products on partner websites of Google. Both services use cookies and similar technologies for this purpose. The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield.

If you use a Google account, Google may, depending on the settings stored in the Google account, link your web and app browsing history to your Google account and use information from your Google account to personalise ads. If you do not wish this association with your Google account, it is necessary for you to log out of Google before accessing our contact page.

As shown above, you can configure your browser to reject cookies. In addition, you can deactivate the “Personalised advertising” button in the Google settings for advertising. In this case, Google will only display general advertising that has not been selected on the basis of the information collected about you.

You can find more information on this in Google’s privacy policy.

 

2.12. Social Media

2.12.1. Social Media Plug-ins

Our website uses social media plug-ins (such as the Like button) of the social networks Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”) and Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA (“Twitter”) as well as Google+ of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO, based on our legitimate interest that you share our content via social networks and that we thereby increase our reach. In the event that personal data is transferred to the USA, Facebook and Twitter have submitted to the EU-US Privacy Shield.

Facebook / Twitter / Google receives the information that you have accessed the corresponding sub-page of our online offer. This occurs regardless of whether you have an account with Facebook / Twitter / Google and are logged in there. If you are logged in to Facebook / Twitter / Google, this data is directly assigned to your account. If you activate the plug-in and, for example, link to the page, Facebook / Twitter / Google will also store this information, including the date and time, in your user account and share this publicly with your contacts and followers. If you do not wish this to be associated with your Facebook / Twitter / Google profile, you must log out before activating the plug-in.

Facebook / Twitter / Google stores this data as a usage profile and uses it for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; as a Facebook / Twitter / Google member, you can deactivate advertising based on social actions, e.g. on Facebook in the advertising preferences. You can also completely prevent the loading of Facebook / Twitter / Google social media plug-ins with additional programs for your browser, e.g. with the Facebook Blocker.

You can find more information on this in Facebook’s privacy policy and Twitter’s privacy policy, as well as in Google’s privacy policy.

 

3. Passing on data

The data we collect will only be passed on if:

  • you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO;
  • the disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 (1) sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed;
  • we are legally obliged to disclose your data according to Art. 6 para. 1 p. 1 lit. c DSGVO;
  • or this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centres that store our website and databases, IT service providers that maintain our systems, and delivery and logistics service providers. If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

3.1. Google Tag-Manager

Our website uses the Google Tag Manager, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in the source code of our website, for example, in order to record specified usage data. The Google Tag Manager does not require the use of cookies. The Google Tag Manager ensures that the usage data required by our partners (cf. the data processing procedures described above) is forwarded to them. Some of the data is processed on a Google server in the USA. In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield. The legal basis is Art. 6 para. 1 lit. f DSGVO, based on our legitimate interest in integrating and managing multiple tags on our website in an uncomplicated manner. You can find more information on this in Google’s information on the tag manager.

4. Integration of third-party content and services

It may happen that third-party content, for example videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites are integrated within our website. This always requires that the providers of this content (“third-party providers”) know your IP address. This is because without the IP address, they cannot send the content to your browser. The IP address is thus necessary for the display of this content. The legal basis for this data processing is Art. 6 para. 1 lit. b, f DSGVO.

We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence if the third-party providers store the IP address for statistical purposes, for example.

 

5. Storage period

In principle, we only store personal data for as long as is necessary to fulfil contractual or legal obligations for which we collected the data. Thereafter, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.

For evidentiary purposes, we must retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest in accordance with the standard statutory limitation period.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.

 

6. Your rights

You have the right to request information about the processing of your personal data by us at any time. When you request information, we will explain the data processing to you and provide you with an overview of the data stored about you.

If any data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You can also request the deletion of your data. If deletion is exceptionally not possible due to other legal provisions, the data will be blocked so that it is only available for this legal purpose.

You can also have the processing of your data restricted, e.g. if you believe that the data we hold is incorrect.

You also have the right to data portability, which means that we will provide you with a digital copy of the personal data you have provided to us if you request it.

To exercise your rights as described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees demonstrating an adequate level of data protection.

In addition, you have the right to object to data processing based on Art. 6 (1) lit. e or f DSGVO. Finally, you have the right to complain to the data protection supervisory authority responsible for us. You can assert this right at a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

 

7. Data security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge. These are adapted to the current state of the art in each case. To secure the personal data you enter on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.

 

8. Changes to the privacy policy

From time to time, we may update this privacy policy, for example, if we make changes to our website or if legal or regulatory requirements change.