BEAUTYFY BIZ

Privacy policy

Last updated: February 2024

 

1. Who We Are

This Privacy Policy explains what personal data we collect, how we use it, and your rights. It applies to all processing activities carried out by us across our online services, including our websites, mobile applications, and our external online presences such as our social media profiles (collectively, the “Online Offering”).


Data Controller:


Lara Reuter

An den Birken 10

97828 Marktheidenfeld, Germany

Email: info@lashlifteducation.de


2. Quick Overview

When you visit our website, certain data is processed. Some data is provided directly by you (e.g., via forms); other data is collected automatically for technical and security reasons. The following overview summarizes the key categories and purposes.


Data Categories We Process

  • Account and profile data (e.g., name, address).
  • Payment and billing data (e.g., bank details, invoices, payment history).
  • Contact data (e.g., email address, phone number).
  • Content you provide (e.g., messages, uploads).
  • Contract data (e.g., purchased services, term, customer segment).
  • Usage data (e.g., pages visited, interactions, access times).
  • Metadata/communications data (e.g., device information, IP addresses).

Purposes of Processing

  • Providing our services, websites, and customer support.
  • Responding to contact requests and communicating with you.
  • Security and fraud prevention.
  • Direct marketing and newsletters (with consent where required).
  • Analytics and reach/conversion measurement.
  • Back-office and organizational procedures.
  • Managing and responding to inquiries and feedback.
  • User profiles for service personalization (where permitted).
  • Improving usability of the Online Offering.

3. Legal Bases

We process personal data under the EU General Data Protection Regulation (GDPR) and applicable national laws, in particular the German Federal Data Protection Act (BDSG). Depending on the context, we rely on the following legal bases:

  • Consent (Art. 6(1)(a) GDPR): when you give consent for one or more specific purposes.
  • Contract performance (Art. 6(1)(b) GDPR): where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR): where processing is necessary to comply with a legal obligation.
  • Legitimate interests (Art. 6(1)(f) GDPR): where processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests.

Additional national rules may apply in Germany (e.g., § 26 BDSG for employment-related processing). Where more specific legal bases are relevant in individual cases, we inform you within this Privacy Policy.


4. Data Collection on This Website

4.1 Who is responsible for data collection?

The website operator named above is responsible for data processing on this site.


4.2 How do we collect data?

  • Data you provide: for example, information you enter into a contact or order form.
  • Data collected automatically: when you access our site, technical data (e.g., browser type, operating system, time of access, visited URL, referrer URL, IP address) may be collected automatically by our IT systems.

4.3 Why do we process your data?

  • To deliver a secure and functional website.
  • To analyze usage and improve our offering.
  • To respond to your requests and manage customer relationships.

4.4 Server Logs & Visit Statistics

Every access to the website is logged by the web server (server log files). The log may include timing, operating system and browser, requested URL, IP address (depending on host settings), and the referrer URL. We evaluate access data to improve services and offers. Log data is generally deleted no later than one week after the end of the visit, unless longer storage is required for security or legal reasons.


5. Contract Fulfillment & Contact

We process personal data provided during orders or when contacting us. Required fields are marked in our forms. If your inquiry relates to a contract or pre-contractual steps at your request, processing is based on Art. 6(1)(b) GDPR. Otherwise, processing is based on our legitimate interest in effectively handling inquiries and sales (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR) where obtained. We store data as long as necessary for the purpose or as legally required.


6. Your Rights

  • Right of access (Art. 15 GDPR): information about the origin, recipients, and purpose of your stored personal data.
  • Right to rectification (Art. 16 GDPR) and deletion (Art. 17 GDPR).
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to object (Art. 21 GDPR), especially to processing based on legitimate interests and to direct marketing.
  • Right to withdraw consent at any time (Art. 7(3) GDPR).
  • Right to data portability (Art. 20 GDPR), where applicable.
  • Right to lodge a complaint with a supervisory authority.

If you have questions about privacy, you can contact us at any time using the details provided above.


7. Security Measures

  • We implement appropriate technical and organizational measures considering the state of the art, costs of implementation, and the nature, scope, context, and purposes of processing.
  • We protect confidentiality, integrity, and availability of data through access controls, input controls, transmission security, availability safeguards, and data separation.
  • We build privacy by design and by default into our systems and processes.
  • SSL/TLS encryption: We use HTTPS to protect data transmitted via our Online Offering. You can recognize an encrypted connection by “https://” and the lock icon in your browser.

8. Disclosures & Recipients

In the course of processing, data may be disclosed to service providers and other recipients (e.g., IT service providers; providers of embedded services and content). We conclude appropriate contracts (e.g., data processing agreements) as required by law.


9. International Data Transfers

Where data is transferred to countries outside the EU/EEA (“third countries”), we comply with GDPR requirements by using recognized safeguards such as adequacy decisions, EU Standard Contractual Clauses, certifications, or binding corporate rules (Art. 44–49 GDPR).


10. Data Deletion

We delete personal data in accordance with legal requirements when consent is withdrawn or when there is no other lawful basis for processing (e.g., the purpose no longer applies). Where data must be retained for other legitimate purposes (e.g., statutory retention or legal claims), we restrict processing to those purposes.


11. Analytics & Cookies

We use cookies and similar technologies to operate and improve our Online Offering, for security, and—where permitted—for analytics and marketing.


Consent Management

We use the “Real Cookie Banner” consent management tool to record and manage user consents for cookies and similar technologies. The consent record may be stored server-side and/or in a cookie or similar technology. The storage duration can be up to two years. You can withdraw your consent at any time through the settings provided.

Legal bases: Art. 6(1)(c) GDPR (compliance) and Art. 6(1)(f) GDPR (legitimate interests in consent management). The provision of personal data is not contractually required; however, without it we may be unable to manage your consent preferences.


Cookie Types & Storage Duration

  • Session cookies: deleted when you leave the Online Offering and close your device/browser.
  • Persistent cookies: remain stored after closing the device/browser (e.g., to remember login status or preferences). Unless otherwise stated, assume a storage duration of up to two years.

Opt-Out Options

You may withdraw consents at any time and/or object to processing as provided by law (Art. 21 GDPR), including via your browser settings.


12. Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics helps us analyze visitor behavior (e.g., page views, time on site, operating systems, referrers). Google may combine data into profiles linked to users/devices. Technologies such as cookies or device fingerprinting may be used. Data is generally transmitted to Google servers in the USA and stored there. Use of Google Analytics is based on our legitimate interests (Art. 6(1)(f) GDPR) in analyzing usage to optimize our website and advertising, or on your consent (Art. 6(1)(a) GDPR) where required. International transfers may rely on EU Standard Contractual Clauses.

Browser add-on to opt out: https://tools.google.com/dlpage/gaoptout


Further information: https://support.google.com/analytics/answer/6004245


13. Facebook Pixel & Custom Audiences

Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (with processing in the USA and other third countries).


We use Facebook Pixel for conversion measurement and remarketing to understand the effectiveness of our ads and to build audiences. We do not receive information that directly identifies you. Facebook may link the data to user profiles and use it for its own advertising purposes pursuant to its Data Policy. Where applicable, we and Facebook are joint controllers for collection and transmission of data to Facebook (Art. 26 GDPR). After transmission, Facebook processes the data independently. You can manage ad preferences in your Facebook account.


Legal bases: Art. 6(1)(f) GDPR (legitimate interests in effective advertising), and, where applicable, Art. 6(1)(a) GDPR (consent). International transfers may rely on EU Standard Contractual Clauses.

Opt-outs and information: https://www.facebook.com/settings?tab=ads and https://www.youronlinechoices.com


14. Hosting

We host our website with WordPress.com (Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA). Details can be found in WordPress’ privacy notices. We have concluded a Data Processing Agreement (DPA) with the provider. Legal bases: Art. 6(1)(f) GDPR (legitimate interest in reliable presentation of our website) and, where applicable, Art. 6(1)(a) GDPR (consent).


15. Contact Forms, Email & Phone

If you contact us (e.g., via contact form, email, or phone), we process your details to handle the request and any follow-up. We do not share this data without your consent. Legal bases: Art. 6(1)(b) GDPR (contract-related requests), Art. 6(1)(f) GDPR (legitimate interest in effective support), or Art. 6(1)(a) GDPR (consent). We retain data until the purpose ceases or legal retention obligations apply.


16. Online Shop & Payments

We process customer data to enable selection, purchase/order of products and related services, as well as payment and delivery.


Processed Data

  • Account/profile data (e.g., name, address).
  • Payment data (e.g., bank details, invoices, payment history).
  • Contact data (e.g., email, phone).
  • Contract data (e.g., products purchased, term, customer segment).
  • Usage data and metadata (e.g., pages visited, device information, IP addresses).

Legal Bases & Purposes

  • Contract performance and pre-contractual steps (Art. 6(1)(b) GDPR).
  • Legal obligations (Art. 6(1)(c) GDPR).
  • Legitimate interests (Art. 6(1)(f) GDPR), e.g., efficient processing and security.

Payment Service Providers

  • PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg — Privacy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
  • Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA — Privacy: https://stripe.com/de/privacy
  • Thrivecart (Webactix Ltd., New Zealand) — Privacy: https://legal.thrivecart.com/platform/privacy/

Payment providers process data necessary to complete transactions. We do not receive your full account or card details. They may share data with credit agencies for identity and credit checks according to their terms. Please refer to their privacy notices for details.


17. Platforms & Member Areas

We provide services via third-party online platforms. The privacy notices of those platforms also apply, particularly for payments, analytics, and interest-based marketing.

  • Memberspot GmbH, Rilkestr. 26, 71642 Ludwigsburg, Germany — https://www.memberspot.de/datenschutz

18. Communications via Instagram & Telegram

We may communicate via Instagram and Telegram as part of our Online Offering. Please note that data may be processed outside the EU, which may pose risks (e.g., enforcement of rights). Use of Telegram is optional.

  • Instagram — Privacy: https://instagram.com/about/legal/privacy
  • Telegram — Privacy: https://telegram.org/privacy

You can always choose alternative contact channels (e.g., email or phone).


19. reCAPTCHA (Kajabi)

We use reCAPTCHA provided by Kajabi to determine whether data entry on our site (e.g., via forms) is made by a human or an automated program. The analysis starts automatically upon visiting the site and may evaluate, for example, IP address, time spent, and mouse movements. The analysis runs in the background. Legal basis: Art. 6(1)(f) GDPR (legitimate interests in protecting our services from abusive automated access); where required, Art. 6(1)(a) GDPR (consent).


20. Video Conferences, Online Meetings & Webinars

We use online conferencing tools for communications with customers. Depending on the tool and your usage, the provider may process meta and communications data, technical data (e.g., IP, device IDs), and content shared during sessions (e.g., chat, files, recordings). Encryption is provided to the extent technically supported by the provider.


Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract/performance), Art. 6(1)(f) GDPR (legitimate interests in efficient and secure communication).


Tool Used

  • Zoom Video Communications, Inc. — Privacy & Legal: https://zoom.us/docs/de-de/privacy-and-legal.html

21. Social Plugins (Instagram)

Our pages may include social media buttons/plugins implemented as HTML links. Clicking a button opens the provider’s page in a new window; no connection is made from our site to the provider unless you click. For details on data collection and your options, see the provider’s privacy notices.


22. Newsletters & Electronic Communications

We send newsletters and other electronic communications only with your consent or as permitted by law. The content may include information about us, our services, promotions, and offers.


Sign-up & Double Opt-In

  • We use a double opt-in: after sign-up, you will receive an email asking you to confirm your subscription.
  • We log the sign-up and confirmation times and IP address, as well as any changes to data stored with the email service provider, to demonstrate compliance.

Retention & Blocklist

  • We may retain unsubscribed email addresses for up to three years to prove prior consent; processing is limited to defending potential claims.
  • We may maintain a blocklist to honor objections to future emails.

Legal Bases & Provider

  • Legal bases: Art. 6(1)(a) GDPR (consent) or, where consent is not required, our legitimate interests in direct marketing (Art. 6(1)(f) GDPR).
  • Email service provider: ActiveCampaign, Inc., Chicago, IL, USA — Privacy: https://www.activecampaign.com/privacy-policy/ — SCCs: https://www.activecampaign.com/legal/newscc

You can unsubscribe at any time via the link in our emails or by contacting us. Access to certain free content or promotions may be conditional upon newsletter sign-up; if you prefer to access such content without subscribing, please contact us directly.


23. Storage Periods

Data we collect via conferencing tools is deleted from our systems once the purpose ends or upon your request, unless legal obligations require retention. Cookies remain on your device until deleted. We do not control how long third-party providers store your data; please consult their notices.


24. Additional Information

Internet data transmission (e.g., email communication) can have security gaps. Complete protection against access by third parties is not possible.


25. How to Contact Us

For questions or to exercise your privacy rights, please contact us using the details in Section 1.

Scroll to Top