Privacy policy
PRIVACY INFORMATION
1. What information does this document contain for you?
When you visit our website and purchase our products, we process your personal data. We ensure that we comply with the requirements of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. Below, we provide you with a detailed overview of how we process your personal data and what rights you have regarding your personal data.
2. Who is responsible for data processing and who is the Data Protection Officer?
2.1 The controller for data processing is:
therefore beauty
represented by:
terrorists of beauty GmbH
Natalie Richter
Schulterblatt 3
20357 Hamburg
Germany
2.2 You can contact our Data Protection Officer at:
terrorists of beauty GmbH
Schulterblatt 3
20357 Hamburg
Germany
hello@therefore-beauty.de
Phone: +49 160 92308985
3. Scope and changes to this privacy statement
3.1 This privacy statement applies to the use of our website and to our customers and prospective customers. It does not apply to the websites of other service providers to which we link. We assume no responsibility for the statements and policies of third parties. We recommend that you familiarize yourself with the privacy policies and practices of those third parties.
3.2 We reserve the right to amend these data protection rules from time to time in line with future changes regarding the collection and processing of personal data.
4. What categories of data do we use and where do they come from?
The personal data processed on our website is obtained from the following sources:
4.1 From your devices when you visit our website: our web servers by default log the Internet Protocol (IP) address (a number automatically assigned to a computer when using the Internet), the website from which you accessed our site, the files you request from us, the date of your visit, and general information about your browser (version and type).
4.2 Directly from you when you purchase our products, create an account, and/or contact us. In these cases, you are informed of the intended purpose and, if required, asked for your consent.
4.3 From cookies: when you visit our website, cookie identifiers are linked to the online identifiers provided by your devices. You are informed of the intended purpose and, if required, asked for your consent to install cookies on your devices. For more information, see our Cookie Policy.
5. For what purposes and on what legal basis is your data processed?
Personal data may be processed for the following purposes:
5.1 Security purposes. The information collected from your devices (see section 4.1) is processed to ensure the stability and security of the web server and to display our website to you (e.g., on your phone, laptop, or other devices). These data may be analyzed only in anonymized form for statistical purposes.
5.1.1 Legal basis: Processing is necessary for the purposes of our legitimate interests (Art. 6(1)(f) GDPR in accordance with Art. 32(1) GDPR) and based on Recital 47 GDPR.
5.2 Ordering products. When you purchase our products, we process your personal data to handle your order, payment, and delivery to the address provided in your order form. The personal data processed are those you provide to us and/or that are requested in the order form, e.g., first name, last name, email, street, postal code, city, and payment information.
5.2.1 Legal basis: Processing is necessary for the performance of a contract or for pre-contractual measures (Art. 6(1)(b) GDPR).
5.2.2 Data retention: The information is processed as long as necessary to deliver the products and, once delivered, for as long as required to comply with legal obligations—particularly tax regulations requiring retention for 10 years.
5.3 Creating an account. If you choose to have an account with us, we process your first name, last name, email address, and password to create an account.
5.3.1 Legal basis: Processing is based on your consent (Art. 6(1)(a) GDPR).
5.3.2 Data retention: The information is stored until you withdraw your consent.
5.4 Marketing purposes. If you are our customer because you purchased a product and/or because you voluntarily created an account, we may process your personal data to send you marketing communications about our products and services consistent with a reasonable expectation of privacy (e.g., products similar to those you ordered). Such communications are primarily by email.
Some of our marketing campaigns are personalized. To personalize our campaigns, we may profile our customers. Profiling means analyzing your order history with data not older than one year and sending you information and offers matching your preferences. You may object to profiling at any time if you do not wish to receive personalized information.
5.4.1 Legal basis: Processing is based on our legitimate interests (Art. 6(1)(f) GDPR in accordance with Recital 47 GDPR).
5.4.2 Data retention: We will process your personal data for marketing as long as you are our customer, unless you object.
5.5 Information requests. If you contact us via the contact forms or addresses on our website, we process your personal data to respond to your request and to fulfill it, including contacting you if necessary. The personal data processed are those you provide and/or that are requested in the forms, e.g., first name, last name, email, street, postal code, city, phone number, and content of your request.
5.5.1 Legal basis: Processing is necessary for the performance of a contract or for pre-contractual measures (Art. 6(1)(b) GDPR).
5.5.2 Data retention: The information is processed as long as necessary to fulfill your request, and no longer than three months after receipt.
5.6 Complaints. If you submit a complaint regarding one of our products, we process your personal data to address and handle your complaint. The personal data processed are those you provide when submitting your complaint: e.g., first name, last name, email, street, postal code, city, country, phone number, and content of your complaint.
5.6.1 Legal basis: Processing is necessary to comply with a legal obligation (Art. 6(1)(c) GDPR).
5.6.2 Data retention: The information is retained while the complaint is being processed. After resolution, the data are blocked and stored as required to comply with legal obligations.
5.7 Careers. If you apply for a specific job posting and/or send us an unsolicited application, we process your personal data to manage your application and/or assess whether your profile meets our needs. The personal data processed are those you provide and/or that are requested in the job posting: e.g., first name, last name, email, street, postal code, city, country, phone number, professional experience, salary expectations, cover letter, CVs, and any other information you include.
5.7.1 Legal basis: For specific job applications, processing is necessary for the performance of a contract and/or pre-contractual measures (Art. 6(1)(b) GDPR). For unsolicited applications, processing is based on your consent (Art. 6(1)(a) GDPR).
5.7.2 Data retention: For open positions, data are retained for six months after your application is rejected in accordance with the General Equal Treatment Act (AGG). Unsolicited applications are deleted one year after receipt.
No automated decision-making is used for the purposes above. If we need to process your data in other ways or for purposes not mentioned here, we will inform you in advance and, if necessary, obtain your consent.
6. Who receives your data?
Unless disclosure is legally required, your personal data are processed by:
6.1 The brand therefore beauty, legally represented by terrorists of beauty GmbH.
6.2 The delivery companies we work with so that your orders can be delivered to you. Under data protection regulations, these companies process your data on their own responsibility.
6.3 Additionally, we use external service providers bound by data processing agreements to meet data protection requirements (e.g., IT and infrastructure providers).
7. Are there international data transfers?
7.1 No. We do not transfer your personal data outside of Europe and/or the European Economic Area.
8. What data protection rights do you have?
8.1 You have the right to access the data we hold about you (Art. 15 GDPR). You may also request correction or deletion of your data (Art. 16, 17 GDPR). You may have the right to restrict processing and to receive your data in a structured, commonly used, machine-readable format, provided this does not infringe the rights and freedoms of others (Art. 18, 20 GDPR).
8.2 If you have given us consent to process your data, you may withdraw it at any time without formalities and without adverse consequences. Please note that withdrawal does not affect the lawfulness of processing carried out before withdrawal and does not extend to processing that relies on another legal basis and thus may continue.
8.3 To exercise your rights, please contact the Data Protection Officer named in section 2.
8.4 You also have the right to object, as explained at the end of this statement.
8.5 You have the right to lodge a complaint with a data protection authority (Art. 77 GDPR) without prejudice to other administrative or judicial remedies.
The supervisory authority for us is:
The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI)
Ludwig-Erhard-Str. 22, 7th floor
20459 Hamburg
Tel: 040/428 54-40 40
Fax: 040/428 54-40 00
mailbox@datenschutz.hamburg.de
poststelle@ldi.nrw.de
Information on your right to object (Art. 21 GDPR)
You have the right, for reasons arising from your particular situation, to object at any time to processing of personal data concerning you based on Art. 6(1)(f) GDPR (processing based on a balancing of interests), including profiling based on that provision. If you object, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
Objections should be sent to the Data Protection Officer named in section 2 of this privacy statement.
Date: June 2025
