Privacy Policy
Privacy Policy
Last updated: June 18, 2026
-
Data Controller
Tsubaki Beauty UG (haftungsbeschränkt)
Represented by: Roua Moger
Address: Schlehenweg 10, 85757 Karlsfeld, Germany
Email: care@tsubakibeauty.com
Phone: +49 173 3682888
This Privacy Policy explains how we collect, use, process, and protect personal data when you visit our website, place orders, create customer accounts, subscribe to our newsletter, submit forms, or use our services.
-
General Information
We take the protection of your personal data very seriously. Personal data refers to any information relating to an identified or identifiable natural person.
We process personal data only in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
2.1 Legal Bases for Processing
Article 6(1)(a) GDPR – Consent (e.g. cookies, newsletter, marketing)
Article 6(1)(b) GDPR – Performance of a contract or pre-contractual measures
Article 6(1)(c) GDPR – Compliance with legal obligations
Article 6(1)(f) GDPR – Legitimate interests
2.2 Data Retention
Personal data is stored only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by applicable legal retention periods, including tax and commercial law obligations of up to 10 years.
2.3 Recipients of Data
We may share personal data with:
• Hosting and IT service providers
• Payment service providers
• Shipping providers
• Marketing and newsletter providers
• Analytics and advertising partners
• Government authorities where legally required
Where required, data processing agreements are concluded in accordance with Article 28 GDPR.
2.4 International Data Transfers
Personal data may be transferred to countries outside the European Economic Area (EEA) only where an adequacy decision exists or where appropriate safeguards are in place, such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs).
2.5 Your Rights
You have the following rights under the GDPR:
• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object
• Right to withdraw consent at any time
You also have the right to lodge a complaint with the competent supervisory authority.
For all privacy-related requests, please contact:
-
Hosting, Platform and Security
3.1 Shopify Platform
Our online store is hosted by Shopify International Ltd., 1-2 Haddington Road, Dublin 4, Ireland.
Shopify processes data including IP addresses, browser information, access times, order details, payment information, and customer account information to provide and operate our online store.
Legal basis:
• Article 6(1)(b) GDPR
• Article 6(1)(f) GDPR
• Article 6(1)(a) GDPR where consent is required
Further information:
https://www.shopify.com/legal/privacy
3.2 SSL/TLS Encryption
Our website uses SSL/TLS encryption to protect data transmitted between your device and our website.
-
Data Collected on This Website
4.1 Server Log Files
When visiting our website, technical information may automatically be collected, including:
• IP address
• Browser type
• Operating system
• Date and time of access
• Referring URL
• Visited pages
Legal basis:
Article 6(1)(f) GDPR
Retention period: generally 14–30 days.
4.2 Cookies and Consent Management
We use essential cookies required for the operation of our store as well as optional analytics and marketing cookies based on your consent.
Cookie preferences can be managed through Shopify's privacy and consent management tools, including the cookie preferences center available on our website.
Legal bases:
• Article 6(1)(a) GDPR for non-essential cookies
• Article 6(1)(f) GDPR for essential cookies
Examples:
• Essential cookies: Shopify checkout and cart functionality
• Analytics cookies: Google Analytics
• Marketing cookies: Meta Pixel and TikTok Pixel
A complete list of cookies is available through our cookie banner and preference center.
4.3 Contact Requests
When contacting us via email, forms, or customer support channels, we process the information you provide to respond to your request.
Legal basis:
• Article 6(1)(b) GDPR
• Article 6(1)(f) GDPR
4.4 Shopify Forms
We use Shopify Forms to collect information voluntarily submitted through newsletter forms, promotional campaigns, waiting lists, surveys, and customer communication forms.
The information submitted is processed solely for the stated purpose.
Legal basis:
• Article 6(1)(a) GDPR
• Article 6(1)(b) GDPR
-
Customer Accounts, Orders, Shipping and Payments
5.1 Customer Accounts
When creating a customer account, we process account information, login credentials, saved addresses, and order history.
Legal basis:
Article 6(1)(b) GDPR
5.2 Orders
To process orders, we may collect:
• Name
• Billing and shipping address
• Email address
• Phone number
• Order details
• Payment information
Legal basis:
• Article 6(1)(b) GDPR
• Article 6(1)(c) GDPR
• Article 6(1)(f) GDPR
5.3 Shipping Providers
To deliver orders, we share the necessary shipping information with DHL and other shipping providers where applicable.
We use Shopify Post & DHL Shipping integration to generate shipping labels, track shipments, and process delivery information.
5.4 Payment Providers
Payments are processed through Shopify Payments and may also involve third-party providers such as:
• PayPal
• Klarna
• Apple Pay
• Google Pay
• Visa
• Mastercard
These providers process payment information under their own responsibility and privacy policies.
-
Customer Reviews and Wishlist Services
We use third-party services to provide product review, rating, and wishlist functionality.
Review services may include:
• Doran Product Reviews
• Trustpilot Reviews
• Trusted Shops Reviews
These services may process customer names, email addresses, order information, ratings, review content, IP addresses, and usage data.
We use Wishlist Plus to allow customers to save products for future purchases.
Wishlist Plus may process customer account information, saved products, and usage data necessary to provide the service.
Legal basis:
• Article 6(1)(b) GDPR
• Article 6(1)(f) GDPR
-
Newsletter and Marketing Communications
We use Omnisend Email Marketing & SMS to manage newsletters, customer communication, segmentation, marketing automation, and email performance analytics.
Newsletter subscriptions are processed only with your explicit consent through a double opt-in procedure.
We may measure newsletter performance, including opens and clicks, in a pseudonymized manner to improve our communications.
You may unsubscribe at any time using the unsubscribe link included in every newsletter or by contacting us directly.
Legal basis:
Article 6(1)(a) GDPR
-
Analytics and Advertising
8.1 Google Tag Manager
We use Google Tag Manager to manage website tags and services.
Google Tag Manager does not create user profiles.
8.2 Google Analytics 4
We use Google Analytics 4 to analyze website usage and improve our services.
Google Analytics processes data in accordance with current GA4 privacy mechanisms.
Legal basis:
Article 6(1)(a) GDPR
8.3 Meta Pixel and Conversion API
We use Meta Pixel and Conversion API to measure advertising effectiveness and website interactions.
Legal basis:
Article 6(1)(a) GDPR
8.4 TikTok Pixel
We use TikTok Pixel to measure conversions and advertising performance.
Legal basis:
Article 6(1)(a) GDPR
-
Minors
Our website and products are generally intended for individuals aged 16 years or older.
Minors may provide consent for cookies, newsletters, or marketing activities only with the consent of their legal guardians.
We do not knowingly collect personal data from children under the age of 16. If we become aware that such data has been collected without appropriate consent, we will delete it promptly.
-
Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, disclosure, alteration, or destruction.
-
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes.
The version published on this website shall apply.