Privacy policy

Privacy Policy Haarjäger/Webshop

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable national data protection laws of member states, as well as other data protection regulations, is:

Nils Jäger
Martin-Luther-Str. 42
10779 Berlin
Phone: +49 30 213 56 20
Email: shop@haarjaeger.de
Website: www.haarjaeger.de

II. General Information on Data Processing

1. Scope of Processing Personal Data
We process the personal data of our users only to the extent necessary for providing a functional website and our content and services. The processing of personal data regularly takes place only with the user’s consent. Exceptions apply in cases where obtaining prior consent is not possible due to practical reasons and where processing is permitted by legal provisions.

2. Legal Basis for Processing Personal Data

  • If we obtain consent from the data subject for processing operations, Art. 6 (1)(a) GDPR serves as the legal basis.
  • For processing personal data required for the performance of a contract to which the data subject is a party, Art. 6 (1)(b) GDPR is the legal basis. This also applies to processing operations necessary for pre-contractual measures.
  • If processing is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1)(c) GDPR serves as the legal basis.
  • If processing is necessary to protect the legitimate interests of our company or a third party, and these interests are not overridden by the interests, fundamental rights, or freedoms of the data subject, Art. 6 (1)(f) GDPR serves as the legal basis.

3. Data Deletion and Retention Period
Personal data will be deleted or blocked as soon as the purpose of storage ceases to exist. Data may be retained beyond this if required by European or national legislation under Union regulations, laws, or other provisions applicable to the controller. Data will also be deleted or blocked when any prescribed retention period under such regulations expires unless further storage is necessary for the conclusion or fulfillment of a contract.

III. Provision of the Website and Creation of Log Files

1. Shopify
We use the Shopify platform, provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, to host and display our online shop. All data collected through our website is processed on Shopify servers. Data may also be processed by Shopify Inc., Canada, Shopify Data Processing (USA) Inc., Shopify Payments, or Shopify (USA) Inc., under further processing agreements. Data transfers to Shopify Inc. in Canada are protected by the European Commission’s adequacy decision ensuring an appropriate level of data protection.

For more information on Shopify's data protection policies, visit: Shopify Privacy Policy.

Using Shopify is based on Art. 6 (1)(f) GDPR, as we have a legitimate interest in a reliable website presentation. If consent for processing is obtained (e.g., for cookies or device fingerprinting as defined by the TTDSG), processing is based on Art. 6 (1)(a) GDPR and Section 25 (1) TTDSG, which may be revoked at any time.

2. Description and Scope of Data Processing
Whenever our website is accessed, the system automatically collects data and information from the accessing device. This includes:

  1. Browser type and version
  2. Operating system
  3. Internet service provider
  4. IP address
  5. Date and time of access
  6. Referring websites
  7. Websites accessed via our platform

This data is also stored in our system’s log files without being linked to other personal data.

3. Legal Basis for Data Processing
The temporary storage of data and log files is based on Art. 6 (1)(f) GDPR.

4. Purpose of Data Processing
Temporary storage of the IP address is necessary to deliver the website to the user’s device. Log file storage ensures functionality, technical optimization, and IT system security. The data is not analyzed for marketing purposes.

5. Retention Period
Data is deleted as soon as it is no longer required for its original purpose. Data collected for website functionality is deleted when the session ends. Log files are deleted within seven days unless extended retention is necessary. In such cases, IP addresses are anonymized.

6. Right to Object and Removal
The collection of data for website functionality and log file storage is essential for website operation, meaning users cannot object.

The following payment services/providers are used on this website:

PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal").
Data transfer to the USA is based on the European Commission’s standard contractual clauses. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
For further information, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Apple Pay
The provider of this payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.
Apple's privacy policy can be found at: https://www.apple.com/legal/privacy/de-ww/.

Google Pay
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google’s privacy policy can be found here: https://policies.google.com/privacy.

Shopify Payment
The provider of this payment service within the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify Payment").
Details are available in Shopify Payment’s privacy policy: https://www.shopify.de/legal/datenschutz.

Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium ("Mastercard").
Mastercard may transfer data to its parent company in the USA. Data transfers to the USA are based on Mastercard’s Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA
The provider of this payment service is Visa Europe Services Inc., Branch Office London, 1 Sheldon Square, London W2 6TT, United Kingdom ("VISA").
The UK is considered a secure third country under data protection law, with a data protection level equivalent to that of the European Union.
VISA may transfer data to its parent company in the USA. Data transfers to the USA are based on the European Commission’s standard contractual clauses. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
Further information can be found in VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Haarjäger Gift Card
You can pay for your order in full or in part with a Haarjäger gift card. To redeem the gift card, the printed card number and code are processed during checkout. If you return your order, the amount paid with the Haarjäger gift card will be refunded as a new digital gift card, sent to the email address associated with your account.

Contact Form and Email Communication

  1. Description and Scope of Data Processing
    Our website includes a contact form that can be used for electronic communication. If a user uses this option, the data entered in the input form is transmitted and stored.

Consent for data processing is obtained during the submission process, along with a reference to this privacy policy.

Alternatively, users can contact us via the provided email address. In this case, the user’s personal data transmitted via email is stored.

No data is shared with third parties; it is used solely to process the conversation.

  1. Legal Basis for Data Processing
    The legal basis for processing data upon user consent is Art. 6(1)(a) GDPR.
    For email correspondence aimed at contract conclusion, the additional legal basis is Art. 6(1)(b) GDPR.

  2. Purpose of Data Processing
    Personal data collected through the contact form or email is processed solely to handle the inquiry.

  3. Retention Period
    Data is deleted once it is no longer required for its collection purpose, typically when the correspondence is deemed complete.

  4. Right to Object and Deletion
    Users can revoke their consent to the processing of their personal data at any time by emailing haarjaeger@icloud.com. Stored data related to the inquiry will then be deleted.

Web Analytics

Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to gather various usage data, such as page views, session durations, operating systems, and user locations. This data is assigned to a User-ID and linked to the visitor's device.

Google Analytics may also track mouse movements, scrolling, and clicks, and employs machine learning for data analysis. It uses technologies like cookies and device fingerprinting to analyze user behavior. Information collected is usually transferred to Google servers in the USA and stored there.

This service is used based on consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG, which can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details:
Google Controller Terms.

Browser Plugin
Users can prevent Google from processing their data by installing the browser plugin available here.

For more information, refer to Google's privacy policy:
Google Analytics Privacy Policy.

Rights of Data Subjects

If your personal data is being processed, you are entitled to the following rights under the GDPR. To exercise your rights, email shop@haarjaeger.de:

  1. Right to Access
    You can request confirmation of whether your personal data is processed and obtain details such as processing purposes, data categories, recipients, storage duration, and more.

  2. Right to Rectification
    You can request immediate correction or completion of your personal data if it is incorrect or incomplete.

  3. Right to Restrict Processing
    Under certain conditions, such as contesting the accuracy of your data or objecting to its processing, you can request restricted processing.

  4. Right to Erasure
    You can request deletion of your data if it is no longer necessary, you withdraw consent, or the processing was unlawful, among other reasons.

  5. The existence of the right to correction or deletion of personal data concerning you, the right to restriction of processing by the controller, or the right to object to such processing;

  6. The existence of the right to lodge a complaint with a supervisory authority;

  7. All available information about the origin of the data if the personal data were not collected from the data subject;

  8. The existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the scope and the intended effects of such processing on the data subject.

    You have the right to request information about whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR related to the transfer.

    1. Right to Rectification You have the right to request rectification and/or completion of your personal data held by the controller if they are inaccurate or incomplete. The controller must make the correction without delay.

    2. Right to Restriction of Processing You may request the restriction of processing of your personal data under the following conditions: (1) If you dispute the accuracy of the personal data concerning you, for a period that enables the controller to verify the accuracy of the personal data; (2) The processing is unlawful, and you oppose the deletion of the personal data and request instead the restriction of their use; (3) The controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims; or (4) If you have objected to processing pursuant to Art. 21(1) GDPR, and it has not yet been determined whether the legitimate grounds of the controller override your rights.

    If the processing of your personal data is restricted, these data may only be processed – apart from their storage – with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

    If the restriction of processing has been applied according to the above conditions, you will be notified by the controller before the restriction is lifted.

    1. Right to Deletion a) Obligation to Delete You can request the immediate deletion of your personal data from the controller, and the controller is obliged to delete these data without delay if one of the following reasons applies: (1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed; (2) You withdraw your consent on which the processing was based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing; (3) You object to the processing under Art. 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing under Art. 21(2) GDPR; (4) The personal data concerning you have been unlawfully processed; (5) The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject; (6) The personal data concerning you were collected in relation to the services of the information society pursuant to Art. 8(1) GDPR.

    b) Information to Third Parties If the controller has made your personal data public and is obliged to delete them according to Art. 17(1) GDPR, the controller will, taking into account available technology and the cost of implementation, take reasonable measures, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested the deletion of all links to, or copies or replications of, your personal data.

    c) Exceptions The right to deletion does not apply if the processing is necessary: (1) To exercise the right of freedom of expression and information; (2) To fulfill a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) For reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR; (4) For archiving purposes in the public interest, scientific or historical research, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right to deletion is likely to prevent or seriously impair the achievement of the objectives of that processing; or (5) For the establishment, exercise, or defense of legal claims.

    1. Right to Notification If you have exercised your right to rectification, deletion, or restriction of processing with the controller, the controller is obligated to notify all recipients to whom the personal data concerning you have been disclosed, of the rectification, deletion, or restriction of processing, unless this proves impossible or involves disproportionate effort.

    You have the right to be informed about these recipients by the controller.

    1. Right to Data Portability You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data were provided, if: (1) The processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR; and (2) The processing is carried out by automated means.

    In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be affected.

    The right to data portability does not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    1. Right to Object You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on these provisions. In such cases, the controller will no longer process your personal data unless the controller can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

    If the processing of your personal data is for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling related to direct marketing.

    If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

    You have the option to exercise your right to object in relation to the use of information society services – regardless of Directive 2002/58/EC – through automated means, using technical specifications.

    1. Right to Withdraw Consent You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

    2. Automated Individual Decision-Making, including Profiling You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision: (1) Is necessary for the entry into or performance of a contract between you and the controller; (2) Is authorized by Union or Member State law to which the controller is subject, and that law provides appropriate safeguards for your rights and freedoms and legitimate interests; or (3) Is based on your explicit consent.

    However, such decisions may not be based on special categories of personal data under Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and appropriate safeguards for the rights and freedoms and legitimate interests of the data subject are in place.

    In cases (1) and (3), the controller will implement appropriate measures to safeguard your rights and freedoms, which must include at least the right to obtain human intervention, to present your point of view, and to contest the decision.

    1. Right to Lodge a Complaint with a Supervisory Authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, your place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

    The supervisory authority to which the complaint has been lodged will inform the complainant of the progress and outcomes of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

    Status: 17.07.2024

Free Shipping

Get free shipping throughout Europe for orders over €2,000.

Customer Support

The best way to reach us is here in the chat. We usually respond within a few minutes and always personally.

Secure Payment

Pay online securely and encrypted.