Privacy policy

Privacy policy

Thank you for visiting our website. As the secure use of data is our top priority, we would like to inform you about the use of your data when using our website.

The responsible position for data processing on this website is:

1. General

In principle, it is possible to use our website without providing any personal data. Insofar as special services of our company are used, the processing of personal data may be necessary. If this is the case, we obtain consent from the data subject, unless a legal basis allows us to process the data. Such a basis exists, among other things, if the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject (Art. 6 para.1 b) DSGVO.

The processing of personal data is always carried out in accordance with the provisions of data protection law, in particular the Basic Data Protection Regulation (DSGVO) and the BDSG.

We would like to inform you here about the scope and purpose of the collected, used and processed data and inform you about your rights.

The data is processed in a way that is comprehensible to you, collected only for specified, clear and legitimate purposes. The data will be processed only in accordance with the purpose and to the extent necessary for the purpose of the processing. In this respect, we ensure that the data is factually correct and, where necessary, up to date, and that the data is only stored for the permitted duration. Furthermore, we ensure that the data is adequately protected against unauthorised or unlawful processing or accidental loss. You have the possibility to obtain information about the data status at any time. We will inform you about your rights below.

2 .Definitions

Our privacy policy is based on terms and definitions used in the General Data Protection Regulation. To ensure that our data protection declaration is comprehensible, you will find a link to Article 4 of the Data Protection Regulation here.

When you visit our site, you will also receive a request asking whether you wish to allow cookies.

3. Name and address of the controller

Beauté Omar Ltd.
Ges. represented by Dr. Mariam Omar
Hohe Bleichen 8
20354 Hamburg

Responsible for compliance with data protection regulations is
Dr. Mariam Omar

4. Collection of general data and information

Our website collects general data and information each time it is accessed, such as the IP address, the browser type and version, the operating system, the referrer URL via which you may have come to us, the date and time of access and similar data. This data is stored in the log files and is not used for profiling, i.e. drawing conclusions about the person concerned. The data is collected anonymously and separated from personal data.

The aforementioned data is processed by us for the following purposes:

Ensuring a smooth connection set-up of the website,

ensuring a comfortable use of our website,

evaluating system security and stability, and

for other administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. In no case do we use the collected data for the purpose of drawing conclusions about your person.

5 Cookies

Our website sometimes uses cookies. These are small data records that are stored on your computer by a web server. They are user-specific data that are used to analyse user behaviour, but also to make the offer more user-friendly. Cookies remain stored after the end of the session.

You can adjust your cookie selection here.
You can prevent the use of cookies by setting your browser accordingly (Disable). Cookies that have already been set can be deleted by the browser at any time. If cookies are prevented, some functions of the site may be impaired. Furthermore, you can set your browser to inform you about the use of cookies.

6 Registration on our website

You have the option of registering on our website. You can see from the input mask which personal data is collected. The data collected in this way is collected and stored exclusively for our own purposes. Data is only passed on within the framework of order processing (postal services etc) and only to the extent necessary for this purpose (data economy).

The legal basis is Art. 6 para. 1 b) DSGVO.

The IP address, date and time of registration are also stored.

We explain your rights (deletion etc.) below.

7. contact option via the website/newsletter

a) Due to legal requirements, our website enables electronic communication with us. This can be done by sending an e-mail or by using the contact form.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO on the basis of your voluntarily given consent.

The personal data collected by us for the use of the contact form will be automatically deleted after the request you have made has been dealt with. You can find out which data we collect in the input mask.

b) It is possible to subscribe to a newsletter. When you register for the newsletter, the data you entered in the input mask is transmitted to us.

These are your name and your email address.

In addition, the following data is collected during registration:

IP address of the calling computer, date and time of registration.

For the processing of the data, your consent is obtained during the registration process and reference is made to the data protection declaration (OptIn).

The newsletter is sent on the basis of the sale of goods or services:

No data is passed on to third parties in connection with data processing for the dispatch of newsletters. The data is used exclusively for sending the newsletter.

8. Passing on of data

Your personal data will not be passed on to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

You have given your express consent to do so (Art. 6 para. 1 p. 1 lit. a DSGVO),
if the transfer is necessary for the execution of the order (Art. 6 para. 1 p. 1 lit. b. This includes the transfer to a shipping company.
the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (Art. 6 para. 1 p. 1 lit. f DSGVO),
in the event that there is a legal obligation to disclose your data (Art. 6 para. 1 p. 1 lit. c DSGVO), as well as
this is legally permissible and necessary for the processing of contractual relationships with you (according to Art. 6 para. 1 p. 1 lit. b DSGVO).

9. Legal basis / duration of data retention

The data processing is carried out in response to your request and is necessary for the aforementioned purposes for the appropriate processing of the order and for the mutual fulfilment of obligations arising from the order in accordance with Art. 6 Para. 1 Sentence 1 lit. b DSGVO.

The personal data collected by us for the fulfilment/processing of the contract will be stored until the expiry of the statutory retention obligation for entrepreneurs (6 years after the end of the calendar year in which the order was terminated, § 257 HGB) and then deleted, unless we are required to delete the data pursuant to Art. 6 para. 1 p. 1 lit. c DSGVO due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO) or you have consented to storage beyond this in accordance with Art. 6 Para. 1 p. 1 lit. a DSGVO. The tax retention periods as well as the periods according to § 257 para. 4 HGB (German Commercial Code) are 10 years. Furthermore, there is the possibility of storage for defence in possible liability cases for up to 30 years.

10. data subject rights

You have the right

In accordance with Art. 7 Para. 3 DSGVO, to revoke your consent once given to us at any time. This means that we may no longer continue the data processing based on this consent in the future;

to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;

in accordance with Art. 16 DSGVO, to demand the immediate correction of inaccurate or incomplete personal data stored by us;

in accordance with Article 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;

in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;

pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller; and

complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose.

11. Right of objection

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so which arise from your particular situation.

If you wish to exercise your right to object, an e-mail to will suffice.

12. privacy policy for the use of Facebook plugins

(Like button)

We use plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, You can recognise the Facebook plugins by the Facebook logo or the “Like button” (“Like”) on our site.

When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugins. This transmits your IP address to Facebook, as well as the message that our site was visited via the IP address.

If you click the “Like” button, you link the content of our pages on your Facebook profile. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please see Facebook’s privacy policy at

If you do not wish data to be transmitted, please log out of your Facebook user account.

13. Privacy policy Google Analytics

We use functions of the web analysis service Google Analytics. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics uses cookies.

These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. Google uses the data, among other things, to evaluate the use of our website, to compile online reports for us on the use of the site and to provide other services in connection with the use of our website.

For more information on how Google Analytics handles user data, please see Google’s privacy policy:

We use the add-on “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this add-on, the IP address of the Internet connection of the person concerned is shortened and anonymised by Google if access to our Internet pages takes place from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

Further information and the applicable data protection provisions of Google can be found at and at Google Analytics is explained in more detail under this link

14. Payment services

We offer our customers secure payment options and use payment service providers for this purpose.

By using these services, data is processed, which includes so-called inventory data, such as name and address, bank data, account and credit card numbers, passwords, TANS and other data necessary for transactions.

This data is stored and processed by the relevant payment service provider. We ourselves do not store credit card and bank data, but only information as to whether the transactions were approved or declined.

Which data is collected can be found in the data protection notices of the payment service providers. The terms and conditions and data protection notices of the respective payment service providers apply to their business,

Types of data processed: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Legal basis and reason for processing are contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).


You could process the payment transaction via the payment service provider Stripe, ℅ Legal Process, 510,Townsend St., San Francisco, CA 94103 (Stripe).

Stripe is used to fulfil the contract entered into with you, as well as our legitimate interest in providing an efficient and secure payment method. In connection with the payment process, the following data is passed on to Stripe insofar as it is necessary for the fulfilment of the contract (Art. 6 para. 1 lit b. DSGVO).

Name of the cardholder
E-mail address
Customer number
Order number
Bank details
Credit card details
Period of validity of the credit card
Credit card verification number (CVC)
Date and time of transaction
Transaction amount
Name of the provider

Neither you are required by law or contract to make the payment through Stripe. You have the option to choose another payment method.

In general, Stripe has implemented compliance measures for international data transfers that apply to all activities Stripe engages in globally in the processing of personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

For more information on opting out and opting in from Stripe, please visit:

Your data will be stored by us until payment processing is complete. This includes the period required for processing refunds, claims management and fraud prevention.

15. Data security

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.