Privacy policy


Last updated on 01.09.2023

We, Standard Beauty GmbH, take the protection of your personal data very seriously. This privacy policy tells you how we collect, use, store and protect your personal information.

1. Responsible body

Responsible body within the meaning of the data protection law is:

Standard Beauty GmbH
Neue Strasse 5
72820 Sonnenbühl, Germany


Info@standard-beauty.de
(Service times: Monday – Friday 8:30 a.m. – 4:30 p.m.)

(hereinafter referred to as “Standard Beauty” or “we”).

2. Collection and processing of personal data

We only collect and process personal data if this is permitted by law or if you have given us your express consent to do so. The collection usually occurs when you use our services, visit our website or register with us.

The personal information we collect may include:

  • Surname, first name and title
  • Contact information (e.g.b Email address, telephone number)
  • Address and postal code
  • Date of birth
  • Gender
  • Usage data (e.g.b pages visited, click behavior)
  • Technical information (e.g.b IP address, browser type, operating system)



2.1 Access and visit to our website – server log files; Hosting via Shopify:

2.11 Automatic data collection: When you visit our website, we automatically collect certain information that your browser sends to our server. This information is necessary so that our website can be displayed in your browser. This includes your IP address, date and time of your visit, the page visited, access status codes and other technical data. We store this data for technical reasons to ensure that our website functions and is secure. We also use them statistically to improve our website. Your IP address is also stored for security reasons, but could theoretically be traced back to you. However, we do not link this data to your identity and we do not use it for marketing purposes.

2.12Data for website usage: If you visit our website to obtain information about or use our products or services, we will use your access data temporarily in accordance with Article 6 paragraph 1 sentence 1 lit. b GDPR to fulfill our contractual obligations and in accordance with Article 6 Paragraph 1 Sentence 1 GDPR to provide a secure and user-friendly website and to ensure the security of our systems.

2.13Shopify Hosting: Our online shop is hosted by Shopify Inc. hosted. Shopify stores your data securely on servers behind a firewall. If you pay by credit card, your credit card details are encrypted and stored securely. Your purchase data will only be kept for as long as necessary for the purchase process and will then be deleted. The direct payment portals comply with the PCI DSS standard and are managed by the PCI Security Standards Council. For more information, please see Shopify's Terms of Service and Privacy Policy on their website.


3. Purpose of data processing

We process personal data for the following purposes:

  • To fulfill orders and provide our services.
  • Storing your personal data in a password-protected customer account.
  • Accounting for the money you have collected or points redeemed (Standard Loyalty Club).
  • To communicate with you and respond to your inquiries.
  • To improve our products and services.
  • To ensure the security and integrity of our website.
  • To comply with legal obligations.

All of these uses are mandatory parts of the Standard Beauty Loyalty Club, i.e. H, the appropriate processing of your data is necessary for the fulfillment of your orders.

4.Email communication, newsletter SMS and telephone calls

You can allow us to send you special information via newsletter. For example, offers or tips and tricks from Standard Beauty.
If you give us this permission, we will only send you information about our beauty products and services.

Confirmation of your newsletter registration: If you register for our newsletter, we use the double opt-in procedure. This means that after you register, we will send you an email to the address you provided. In this email we ask you to confirm that you would like to receive the newsletter. If you do not confirm your registration within 24 hours, your data will be blocked and automatically deleted after one month. We also store your IP address and the time of your registration and confirmation in order to be able to prove your registration and detect possible misuse of your data.

Newsletter unsubscribe/revocation: You can revoke at any time. For example, by clicking on the “unsubscribe” link in our emails. Your revocation does not change the lawfulness of the processing of your data until your revocation.

We will only send you personalized information and offers from Standard Beauty by email or SMS if you have allowed us to do so. We may still send you other non-advertising messages, such as score updates from our loyalty program, by email, even if you have not allowed email advertising.

External service provider: We use the service provider Klaviyo to send the newsletter. We have concluded an order processing contract with this service provider in order to protect your personal data. For more information about Klaviyo visit their website.

5. Processing of personal data when contacting us, setting up a customer account and paying in the online shop


Contact us by email or contact form:

If you send us an email or use our contact form, we store the information you provide, such as your email address. Email address, your name and your telephone number to answer your questions. We delete this data when it is no longer needed or restrict processing if there are legal retention requirements. This processing takes place because you have given us your consent in accordance with Article 6 paragraph 1 sentence 1 lit. a GDPR.

Order products or create a customer account:

If you buy products via our website or create a customer account, we collect the data necessary to process the contract. You can find this information in the corresponding input fields during registration (customer account) or in the order form. When placing an order, we require at least the fields marked as mandatory. We use this data in accordance with Article 6 Paragraph 1 Sentence 1 b GDPR to process the contract and to process your inquiries.

Payment methods and payment service providers:

We offer various payment methods for purchases in our webshop, including credit card payment. We work with various payment service providers with whom we have concluded order processing contracts. Depending on the payment method you choose, different data is transmitted to the respective payment service provider. The legal basis for this transfer varies depending on the payment service provider and is set out in Article 6 paragraph 1 sentence 1 a, b or f GDPR. You can find more information about this below.

We list our payment service providers below:

  • PayPal


If you pay for your purchase from us with PayPal, your personal data will be transmitted to PayPal. If you have not yet opened a PayPal account, you will be asked to do so by PayPal during payment processing. With the use or To open a PayPal account, you must, among other things, send your name, address, telephone number and email address to PayPal. The legal basis for the transmission of data is Article 6 paragraph 1 a GDPR and Article 6 paragraph. 1 sentence 1 lit. b GDPR

With the PayPal payment option, you consent to the transmission of personal data such as name, address, telephone number and email address to PayPal. Which other data is collected by PayPal can be found in PayPal's respective data protection declaration. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

  • Klarna


If you pay with Klarna, your personal data will be transmitted to Klarna Bank AB, which is the operator of the payment service provider Klarna. The legal basis for the transmission of data is Art. 6 para 1 lit. a GDPR and Art 6 para 1 lit. b GDPR

Klarna collects the following data when processing the payment of orders from our online shop:

  • Name, date of birth, title, billing and shipping address, email address, mobile phone number
  • Information about ordered products
  • Information about income, credit obligations and payment notes
  • Location-related information
  • IP address

Klarna also carries out an identity and credit check. The data you provide for the purchase is compared with the existing data from a credit reporting agency. This data processing is carried out based on your express consent; the legal basis is Art. 6 para 1 lit. a GDPR. You can revoke your consent at any time without giving reasons with effect for the future in accordance with. Art 7 para. 3 GDPR.

You can find detailed information about Klarna Bank AB's data protection regulations at https://www.klarna.com/de/datenschutz/

 6. Legal basis for data processing

The processing of your personal data is based on the following legal bases:

  • Performance of a contract: Processing is necessary for the performance of a contract to which you are a party or to take steps prior to entering into a contract.Legal basis: Art. 6 para 1 b) GDPR (performance of contract and pre-contractual measures)
  • Consent: If you have given us your consent to process your data, the processing will take place in accordance with this consent.
  • Compliance with legal obligations: Processing is carried out to comply with legal obligations to which we are subject.
  • The legal basis for the email communication, SMS and telephone calls described in section 4 is Art. 6 para 1 a) GDPR in conjunction with your respective consent.
  • The legal basis for the storage of data described in section 10 until the expiry of existing commercial and tax retention obligations is Art. 6 para 1 c) GDPR (fulfillment of a legal obligation).

7. Disclosure of personal data

We will only share your personal data with third parties if required to do so by law or if this is necessary to fulfill our contractual obligations or to protect our legitimate interests. These include:

  • Service providers and processors who support us in providing our services.
  • Authorities and government bodies if this is necessary to comply with legal obligations.
  • Other third parties if you have given us your consent to share your data

Here is a revised version containing some legal information:

8. Use of cookies and related technologies

We use cookies on our website to improve your online experience and enable certain functions. Cookies are small text files that are stored on your computer and do not contain viruses.

Most of our cookies are so-called “session cookies” that are automatically deleted after your visit. Other cookies remain stored on your device for a specified period of time. These cookies enable us to recognize your browser the next time you visit.

In accordance with the applicable data protection law (Art. 6 paragraph 1 lit. a GDPR) we need your consent to use cookies. You can control and reject the use of cookies in your browser. Please note, however, that this may affect the functionality of our website.

Some of our cookies come from third parties such as Google Analytics, Facebook Meta, TikTok Business and others. We use them to collect information about the use of our website and to improve our offering. You can object to the use of these cookies.

We take your privacy seriously and do not store any personal information in cookies. If you have any questions about data protection, please contact us using the contact details provided below.

8.1 Google Analytics 
We use Google Analytics to collect information about our website and its visitors. This helps us analyze and improve our website, as well as in marketing and advertising activities.
Google Analytics uses technologies such as cookies to analyze your website usage. The information collected is usually stored on Google servers in the USA. Cookies or similar technologies are only used with your consent. You can withdraw your consent at any time without affecting the lawfulness of the processing before its withdrawal.

For more information about terms of use and privacy, visit the following links: Google Analytics Terms of Use, Google Privacy Policy and Google Cookies Policy.

8.2 Google Tag Manager
Our website uses the Google Tag Manager, which is offered by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Tag Manager enables the central management of website tags without using cookies or collecting personal data. For privacy information about third-party data processing services that may be provided through Google Tag Manager, please see the relevant service providers' respective privacy policies: Google Tag Manager Privacy


8.3 Facebook Pixel for creating custom audiences with advanced data matching
We use the "Facebook Pixel" in advanced data matching mode, operated by Meta Platforms Ireland Limited, to display personalized advertisements on Facebook and Instagram. This only occurs with the user's express consent and enables Facebook to measure the effectiveness of advertising campaigns and display personalized advertising. Further information can be found in the Facebook privacy policy.


8.4 Twitter and Pinterest
We use Twitter components on our website. These components are provided by Twitter Inc. provided and may collect information about which page of our website is visited. Further information can be found in the Twitter privacy policy.
We use the Pinterest service, which can collect information about visits to our website when the "Pin it" button is used. Further information can be found in the Pinterest privacy policy.

8.5 TikTok
We use TikTok components on our website. These cookies allow TikTok to collect information about the use of our website in order to provide personalized content and advertising. Your consent to the use of TikTok cookies allows us to optimize the effectiveness of our online presence and present you with relevant content. However, you have the option of deactivating these cookies or withdrawing your consent at any time by making the appropriate settings in your browser. Further information can be found in the TikTok privacy policy.

9. Data security

We take appropriate technical and organizational measures to protect your personal data from loss, misuse, unauthorized access and other risks. Our security measures are regularly reviewed and updated.

10. Storage duration

We store your mandatory information and any voluntary information as long as you have a customer account. They are then generally deleted or anonymized immediately, or after the expiry of the existing commercial and tax retention obligation after 10 years.

When ordering online or Delete data generated when using the card or We also anonymize your data no later than after the expiry of commercial and tax retention obligations after 10 years.We will delete your communication data after 6 years

at the latest

11. Your rights

As a data subject, you have various rights in relation to your personal data, including:

  • The right to information about your stored data.
  • The right to correct inaccurate data.
  • The right to have your data deleted unless there are legal reasons against it.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to the processing of your data.

If you would like to exercise your rights or have any questions about the processing of your data, please contact us using the contact details provided below.

12. Changes to this privacy policy

This privacy policy may be updated from time to time to reflect changes in our practices or legal requirements. Please check this privacy policy regularly for updates.

13. Contact information

If you have any questions or concerns regarding this privacy policy, you can contact us as follows:

Standard Beauty GmbH
Neue Strasse 5
72820 Sonnenbühl, Germany


Info@standard-beauty.de
(Service times: Monday - Friday 9:30 a.m. - 4:30 p.m., processing time: up to 3 working days)