Data protection declaration

1) Information about the collection of personal data and contact details of the person responsible

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we will inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Tatiana Huber, Pilgersheimer Str. 44, 81543 Munich, Germany, Tel .: 017655777590, email: info@huberbeauty.com. The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 & nbsp; For security reasons and to protect the transfer of personal data and other confidential content (e.g. orders or inquiries to the person responsible), an SSL or. TLS encryption. You can create an encrypted connection using the string “https: //” and the lock symbol in your browser line.

2) Data collection when you visit our website

With the mere For informational use of our website, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source / reference from which you came to the page
  • Browser used
  • Operating system used
  • IP address used (if necessary: in anonymous form)

Processing is carried out in accordance with Article 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

3) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. In some cases, these cookies are automatically deleted again after the browser is closed (so-called “session cookies”), in some cases these cookies remain on your end device for longer and allow you to save page settings (so-called “persistent cookies”). In the latter case, you can see the storage duration in the overview of the cookie settings in your web browser.
If personal data is also processed by individual cookies we use, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either for the execution of the contract, in accordance with Article 6 (1) (a) GDPR in the case of consent given or in accordance with Art. Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contacting

When you contact us (e.g. via the contact form or email) – exclusively for the purpose of processing and answering your request and only to the extent necessary for this – personal data processed. The legal basis for processing this data is our legitimate interest in answering your request. Art. 6 para. 1 lit.f GDPR. If your contact is aimed at a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no legal retention requirements

5) Data processing when opening a customer account

According to Art. 6 Paragraph 1 lit. Which data is required to open an account can be found in the input mask of the corresponding form on our website. A deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After your customer account has been deleted, your data will be deleted, provided that all of the contracts entered into have been processed in full, there are no legal retention periods and we have no legitimate interest in further storage.

6) Use of customer data for direct mail

6.1 Registration for our e-mail newsletter

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of further data is voluntary and is used in order to be able to address you personally. We use the so-called double opt-in procedure for sending the newsletter, which ensures that you will only receive the newsletter if you have given us your express consent by using a verification link sent to the email address provided Have confirmed receipt of the newsletter

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. We save your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any misuse of your e-mail address at a later point in time. The data collected by us when registering for the newsletter are used strictly for the specific purpose. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the person responsible mentioned above. After you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we will inform you in this declaration.

6.2  – Newsletter dispatch via MailChimp
Our e-mail newsletters are sent via the technical service provider The Rocket Science Group, LLC d / b / a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA ( http://www.mailchimp.com/), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 Para. 1 lit.f GDPR and serves our legitimate interest in the use of an effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a MailChimp server in the USA and stored there.
MailChimp uses this information to send the newsletter on our behalf. MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
To protect your data in the USA, we have concluded a data processing contract (“Data Processing Agreement”) with MailChimp on the basis of the standard contractual clauses of the European Commission in order to enable the transfer of your personal data to MailChimp. If you are interested, this data processing contract can be viewed at the following Internet address: https://mailchimp.com/legal/data -processing-addendum /
You can view MailChimp’s privacy policy here: https://mailchimp.com/legal/privacy/

7) Data processing for order processing

7.1 As far as necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be processed in accordance with Art. 6 Para. 1 lit. b GDPR passed on to the commissioned transport company and the commissioned credit institution.

To process your order, we also work together with the following service provider (s) who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

7.2 Use of payment service providers (payment services)

– Klarna
If you choose a Klarna payment service, the payment will be processed by Klarna Bank AB (publ) [ https: // www .klarna.com / en],  Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”;). In order to enable the processing of the payment, your personal data (first and last name, street, house number, postcode, city, gender, email address, telephone number and IP address) as well as data, which in connection with the order (e.g. invoice amount, article, type of delivery) are passed on to Klarna for the purpose of the identity and credit check, provided that you You have expressly consented to Art. 6 (1) (a) GDPR as part of the ordering process. You can see here which credit agencies your data can be forwarded to:
https://cdn.klarna.com/1.0/shared / content / legal / terms / 0 / de_de / credit_rating_agencies
The credit report can contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of default in payment for a balanced decision on the justification, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the person responsible for data processing or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for the contractual payment processing.
Your personal details are processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna’s data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects based in Austria https : //cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
treated.

– Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “Paypal Invoice” or “Pay in 4” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. as part of payment processing. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”), on. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only insofar as this is necessary for payment processing.
PayPal reserves the right to use to carry out a credibility report for the payment methods Credit Card via PayPal, Direct Debit via PayPal or- if offered – “Paypal Invoice” or “Pay in 4” via Paypal. For this purpose, your payment details may be used in accordance with Article 6 (1) (f) GDPR is passed on to credit agencies on the basis of PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further data protection information, including the credit agencies used, please refer to PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.

– SOFORT
When selecting the payment method “SOFORT” Payment is processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 München, Germany (hereinafter referred to as “SOFORT”), to whom we provide the information you provided during the ordering process, along with the information about your order according Art. 6 para. 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden) . Your data is passed on exclusively for the purpose of processing payments with the payment service provider SOFORT and only to the extent that it is necessary for this. You can find more information about SOFORT’s privacy policy at the following Internet address: https: //www.klarna .com / immediately / privacy. 

– Stripe
If you choose a payment method from the payment service provider Stripe, the payment will be processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we communicated your information as part of the ordering process Information as well as the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) according to Art. 6 para. 1 lit. b GDPR. You can find more information on Stripe’s data protection at the URL https://stripe.com/de/ privacy # translation.
Stripe reserves the right to carry out a credit check on the basis of mathematical-statistical procedures in order to safeguard the legitimate interest in determining the solvency of the user. The personal data required for a credit check and received as part of payment processing may be forwarded by Stripe to selected credit agencies, which Stripe will disclose to users on request. The credit report can contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Stripe uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding on the authorization to use the selected payment method.
You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit bureaus.
However, Stripe may still be entitled to process your personal data if this is necessary for the contractual payment processing.

8) Web analysis services

8.1 Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google (Universal) Analytics uses so-called “cookies”, which are text files that are stored on your device and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website (including the abbreviated IP address) is usually transmitted to a Google server and stored there; this can also be transmitted to the servers of Google LLC. in the US.
This website uses Google (Universal) Analytics exclusively with the extension “_anonymizeIp ()”, which ensures anonymization of the IP address by shortening it and excludes direct personal reference. As a result of the extension, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google LLC. Server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google (Universal) Analytics will not be merged with other Google data.
Google Analytics enables a special function, the so-called “demographic features” to create statistics with statements about the age, gender and interests of the site visitors based on an evaluation of interest-based advertising and below Use of third-party information. This allows the definition and differentiation of user groups of the website for the purpose of target group-optimized alignment of marketing measures. However, collected via the ” demographic characteristics”  data records cannot be assigned to a specific person. 

Details on the processing initiated by Google Analytics and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites
All processing described above, in particular the setting of Google Analytics cookies for reading out information on the terminal device used, will only be carried out if you have given us permission to do so. Art. 6 para. 1 lit. a GDPR have given your express consent to this. Without this consent, Google Analytics will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website. We have concluded an order processing agreement with Google for the use of Google Analytics, with which Google is obliged to protect the data of our website visitors and not to pass them on to third parties.
For the transfer of data from the EU to the USA, Google relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.
Further information on Google (Universal) Analytics can be found here: https: // policies. google.com/privacy?hl=de&gl=de 

8.2 – Jetpack
This offer uses the web analysis service Jetpack (formerly WordPress.com-Stats), which is provided by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110-4929, USA, using the tracking technology of Quantcast Inc., 201 3rd St, Floor 2, San Francisco, CA 94103-3153, USA. With the help of Jetpack, pseudonymized visitor data is collected, evaluated and saved. From this data, pseudonymised usage profiles can be created and evaluated for the same purpose. Jetpack uses so-called cookies, i.e. small text files that are stored locally in the cache of the visitor’s Internet browser. Among other things, these cookies serve to recognize the browser and thus enable a more precise determination of the statistical data. The data of the IP address of the user is also collected, but is pseudonymised immediately after it is collected and before it is stored in order to exclude any personal reference. The information generated by the cookie about your use of this website (including the pseudonymised IP address) is transferred to a server in the USA and stored there to safeguard the interests mentioned above.
All processing described above, in particular the setting of cookies for reading out information on the terminal device used, will only be carried out if you have given us permission to do so. Art. 6 para. 1 lit. a GDPR have given your express consent to this. You can revoke your consent at any time with effect for the future by using this service in the “Cookie Consent Tool” disable.

9) Page functionalities

9.1 Use of Vimeo videos
Our website includes plugins from the Vimeo video portal from Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. When you call up a page on our website that contains such a plugin, your browser establishes a direct connection to the Vimeo servers. Vimeo sends the content of the plugin directly to your browser and integrates it into the page. Through this integration, Vimeo receives the information that your browser has called up the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged into Vimeo. This information (including your IP address) is transmitted from your browser directly to a Vimeo server in the USA and stored there.
If you are logged in to Vimeo, Vimeo can immediately assign your visit to our website to your Vimeo account. If you interact with the plugins (such as pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there.
If you do not want Vimeo to assign the data collected via our website directly to your Vimeo account, you must log out of Vimeo before visiting our website.
The purpose and scope of the data collection and the further processing and use of the data by Vimeo as well as your related rights and setting options to protect your privacy can be found in Vimeo’s data protection information: https://vimeo.com/privacy 
The tracking tool Google Analytics from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, is automatically integrated into videos from Vimeo that are integrated on our site. This is Vimeo’s own tracking, to which we have no access and which cannot be influenced by our side. Google Analytics uses so-called “cookies” for tracking, these are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server and stored there; it can also be transferred to the Google LLC. server in the US.

All processing described above, in particular the reading out of information on the terminal device used via the tracking pixel, will only be carried out if you have given us permission to do so. Art. 6 para. 1 lit. a GDPR have given your express consent to this. Without this consent, Vimeo videos will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please deactivate this service in the “Cookie Consent Tool” About alternative possibilities communicated to you on the website.

9.2 Google Translate

This site uses the translation service “Google Translate” via an API integration. of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). So that the translation is automatically displayed according to your choice of a national language, the browser you are using connects to the Google servers. Google uses so-called “cookies” for this, which are text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website (including the abbreviated IP address) is usually transmitted to a Google server and stored there; this can also be transmitted to the servers of Google LLC. in the US.
You can find more information about Google Translate and Google’s data protection declaration at: https: // www.google.com/policies/privacy/ 

You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the “Cookie Consent Tool” provided on the website.

10) Tools

Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The & ldquo; Cookie Consent Tool & ldquo; is displayed to users when the page is called up in the form of an interactive user interface, on which consent for certain cookies and / or cookie-based applications can be given by ticking the box. Through the use of the tool, all cookies / services that require consent are only loaded if the respective user gives consent by ticking the box. This ensures that such cookies are only set on the respective end device of the user if consent has been given.

The tool sets technically necessary cookies in order to save your cookie preferences. Personal user data are generally not processed here.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and therefore in a legally compliant design of our website.
Another legal basis for processing is Article 6 (1) (c) GDPR. As the person responsible, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

11) Rights of the data subject

11.1 The applicable data protection law grants you the following rights of data subjects (information and intervention rights) vis-à-vis the person responsible with regard to the processing of your personal data, whereby for the respective exercise requirements reference is made to the legal basis mentioned:

  • Right to information in accordance with & r auml; & szlig; Art. 15 GDPR;
  • Right to rectification in accordance with Art. 16 GDPR;
  • Right to deletion in accordance with Art. 17 GDPR;
  • Right to restriction of processing in accordance with Art. 18 GDPR;
  • Right to information in accordance with Art. 19 GDPR;
  • Right to data portability in accordance with Art. 20 GDPR;
  • Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR;
  • Right to complain in accordance with Art. 77 GDPR.

11.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR MAINLY LEGITIMATE INTEREST, YOU HAVE THE EVERY TIME TO PROCESS YOUR PERSONAL DATA, FOR REASONS WHICH WE APPLY TO YOUR SPECIFIC SITUATION.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED. FURTHER PROCESSING IS RESERVED IF WE CAN PROVE COMPULSORY REASONS FOR PROCESSING THAT OUTSIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOM OR IF THE PROCESSING OR EXPRESSION APPLIES.

IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY OBJECTIVE AS DESCRIBED ABOVE.

IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

12) Duration of storage of personal data

The duration of the storage of personal data is based on the respective legal basis, the processing purpose and & ndash; if relevant – additionally based on the respective statutory retention period (e.g. commercial and tax retention periods).

When processing personal data on the basis of an express consent in accordance with Art. 6 para. 1 lit. a GDPR, these data are stored until the person concerned revokes their consent.

If there are statutory retention periods for data that are processed in the context of legal or similar obligations on the basis of Art. 6 Para. 1 lit. erased if they are no longer required for contract fulfillment or contract initiation and / or we have no legitimate interest in further storage.

When processing personal data on the basis of Art. 6 Paragraph 1 lit. We can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. 

When processing personal data for the purpose of direct advertising on the basis of Art. 6 Paragraph 1 lit.

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will otherwise be deleted if they are necessary for the purposes for which they were collected or processed in any other way are no longer necessary.

View original version in German here.

Sign up for our newsletter!
Be the first to know about new product launches
Shopping Cart
Scroll to Top