Privacy policy

1) Information on the collection of personal data and contact details of the responsible party

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data is any data that can be used to personally identify you.

1.2 The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Wahid Rahimi, Rahimi Beauty, Lange Reihe 113, 20099 Hamburg, Germany, Tel.: +491734614755, Email: shop@rahimi-beauty.de. The responsible party for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the responsible party). You can recognize an encrypted connection by the string "https://" and the padlock symbol in your browser bar.

2) Data collection when visiting our website

When using our website purely informatively, i.e. when you do not register or provide us with information in any other way, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/referral from which you came to the page
  • Used browser
  • Used operating system
  • Used IP address (possibly in anonymized form)

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. No transfer or further use of the data takes place. However, we reserve the right to review the server log files retrospectively if there are specific indications of illegal use.

3) Cookies

In order to make the visit to our website more attractive and to enable the use of certain features, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the browser session ends, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow your browser to be recognized during your next visit (so-called persistent cookies). When cookies are set, they collect and process specific user information, such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a predetermined period, which may vary depending on the cookie. You can find the duration of the respective cookie storage in the overview of your browser's cookie settings.

Some cookies are used to simplify the ordering process by saving settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If any of the cookies we use process personal data, the processing is carried out in accordance with Art. 6(1)(b) GDPR for the performance of the contract, Art. 6(1)(a) GDPR in the case of consent, or Art. 6(1)(f) GDPR to safeguard our legitimate interests in the optimal functionality of the website and a customer-friendly and effective design of the site visit.

Please note that you can set your browser to inform you about the setting of cookies and to individually decide whether to accept them or exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers at the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be restricted.

4) Contact

In the context of contacting us (e.g., via contact form or email), personal data is collected. The data collected in the case of a contact form is evident from the respective contact form. These data are stored and used solely for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after the final processing of your request. This is the case when it can be inferred from the circumstances that the matter has been conclusively clarified and provided no statutory retention requirements are in place.

5) Online Appointment Scheduling

Own functionality for online appointment scheduling
We process your personal data in the context of the online appointment scheduling provided. The data we collect for online appointment scheduling can be seen from the respective input form or appointment request. If certain data is necessary to carry out an online appointment booking, we will highlight this in the input form or appointment request accordingly. If we provide you with a free text field in the input form, you can use it to describe your request in more detail. You can also control which data you wish to enter additionally. The data you provide will be stored and used solely for the purpose of the appointment scheduling. When processing personal data that is necessary for the performance of a contract with you (this also applies to processing activities that are required for pre-contractual measures), Art. 6(1)(b) GDPR serves as the legal basis. If you have given us consent for processing your data, the processing is based on Art. 6(1)(a) GDPR. Any consent given can be withdrawn at any time by sending a message to the responsible party named at the beginning of this statement.

6) Data Processing upon Opening a Customer Account and Contract Execution

In accordance with Art. 6(1)(b) GDPR, personal data is also collected and processed when you provide it to us for the purpose of executing a contract or opening a customer account. The data collected is evident from the respective input forms. You can delete your customer account at any time by sending a message to the address of the responsible party mentioned above. We store and use the data you provide for contract execution. After full completion of the contract or deletion of your customer account, your data will be blocked in consideration of tax and commercial law retention periods and deleted after these periods expire, unless you have explicitly consented to further use of your data or further use is legally permissible and reserved by us.

7) Data Processing for Order Fulfillment

7.1 For processing your order, we work with the following service providers who support us either fully or partially in executing the contracts concluded. Certain personal data will be transferred to these service providers as detailed below.

The personal data we collect will be forwarded to the transport company commissioned with the delivery as part of the contract execution, as far as necessary for the delivery of goods. We will forward your payment data to the bank involved in the payment process, if necessary for payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for data transfer is Art. 6(1)(b) GDPR.

7.2 Use of Special Service Providers for Order Processing and Fulfillment

– SendCloud
Delivery is carried out via the shipping portal "SendCloud" (SendCloud GmbH, Kanalstr. 10, 80538 Munich). In accordance with Art. 6(1)(b) GDPR, we only share your data with SendCloud for the purpose of processing your online order. Data will only be shared as necessary for actual processing. Details regarding SendCloud's privacy policy can be found on SendCloud's website at www.sendcloud.de/datenschutz/.

7.3 Use of Payment Service Providers (Payment Services)

– PayPal
If you pay via PayPal, credit card via PayPal, direct debit via PayPal, or—if offered—"Purchase on Invoice" or "Installment Payment" via PayPal, we forward your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer occurs in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for the payment processing.
PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or—if offered—"Purchase on Invoice" or "Installment Payment" via PayPal. For this purpose, your payment data may be forwarded to credit agencies in accordance with Art. 6(1)(f) GDPR based on PayPal's legitimate interest in determining your creditworthiness. The result of the credit check, concerning the statistical probability of default, is used by PayPal to decide whether to provide the respective payment method. The credit report may include probability values (so-called score values). If score values are included in the credit report result, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things, but not exclusively, address data. Further privacy-related information, including the credit agencies used, can be found in PayPal's privacy policy at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contract-compliant payment processing.

8) Use of Social Media: Videos

Use of YouTube Videos

This website uses the YouTube embedding feature to display and play videos from the provider "YouTube," which is part of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

In this case, the extended privacy mode is used, which, according to the provider, only activates the storage of user information when the video(s) is/are played. When the playback of embedded YouTube videos starts, the provider "YouTube" sets cookies to collect information about user behavior. According to YouTube, these are used, among other things, to collect video statistics, improve user-friendliness, and prevent abusive actions. If you are logged into Google, your data will be directly linked to your account when you click on a video. If you do not wish for this association with your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such evaluation is carried out in particular according to Art. 6(1)(f) GDPR based on Google's legitimate interests in displaying personalized ads, market research, and/or the demand-driven design of its website. You have the right to object to the creation of these user profiles, and you must address YouTube to exercise this right. In the context of using YouTube, there may also be a transfer of personal data to the servers of Google LLC in the USA.

For more information on privacy at "YouTube," please refer to the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy

As far as legally required, we have obtained your consent for the above-mentioned processing of your data in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website.

9) Tools and Other

– Adobe Fonts (Typekit)
This website uses so-called web fonts provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA ("Adobe") for the uniform display of fonts. When you visit a page, your browser loads the required web fonts into its browser cache to display text and fonts correctly.
To do this, the browser you use must connect to Adobe's servers. This may also result in the transmission of personal data to Adobe's servers in the USA. In this way, Adobe learns that our website has been accessed via your IP address. The use of Adobe Fonts serves the purpose of uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If your browser does not support web fonts, a standard font from your computer will be used.
For more information about Adobe Fonts, visit https://fonts.adobe.com/ and Adobe's privacy policy: https://www.adobe.com/de/privacy.html
– FontAwesome
This website uses web fonts from "FontAwesome", a service of Fonticons, Inc., 710 Blackhorn Dr, Carl Junction, 64834, MO, USA ("FontAwesome") for the uniform display of fonts. When you visit a page, your browser loads the required web fonts into its browser cache to display text and fonts correctly.
To do this, the browser you use must connect to FontAwesome's servers. This may also result in the transmission of personal data to FontAwesome's servers in the USA. In this way, FontAwesome learns that our website has been accessed via your IP address. The use of FontAwesome Fonts serves the purpose of uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If your browser does not support web fonts, a standard font from your computer will be used.
For more information about FontAwesome, visit: https://fontawesome.com/privacy
– Google Web Fonts
This website uses web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the uniform display of fonts. When you visit a page, your browser loads the required web fonts into its browser cache to display text and fonts correctly.
To do this, the browser you use must connect to Google's servers. This may also result in the transmission of personal data to Google LLC's servers in the USA. In this way, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts serves the purpose of uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If your browser does not support web fonts, a standard font from your computer will be used.
For more information about Google Web Fonts, visit https://developers.google.com/fonts/faq and Google's privacy policy: https://www.google.com/policies/privacy/
– Monotype Web Fonts
This website uses web fonts provided by Monotype Imaging Holdings Inc., a Delaware corporation with its principal offices at 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA, for the uniform display of fonts. When you visit a page, your browser loads the required web fonts into its browser cache to display text and fonts correctly.
To do this, the browser you use must connect to Monotype's servers. This way, Monotype learns that our website has been accessed via your IP address. The use of Monotype Web Fonts serves the purpose of uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
If your browser does not support web fonts, a standard font from your computer will be used.
For more information about Monotype Web Fonts, visit https://www.fonts.com/info/legal and Monotype's privacy policy: https://www.fonts.com/info/legal/privacy
– MyFonts
This website uses the internet-based web design service MyFonts by Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA, for the customization and graphical design of texts and backgrounds (fonts). When you visit a page, your browser loads the required fonts into its browser cache to display text and fonts correctly.
Since MyFonts' compensation claim for providing the fonts is calculated based on the individual access volume to the website, we use a counting pixel, a one-pixel image file stored on our website. This pixel allows access count measurement and tracks page visits.
If personal data is processed during this described activity, this is done in accordance with Art. 6 para. 1 lit. f DSGVO based on our legitimate interest in determining access numbers for the proper determination of MyFonts' compensation claim.
For more information about MyFonts' privacy policy, visit: https://www.monotype.com/legal/privacy-policy/

10) Rights of the Data Subject

10.1 The applicable data protection law grants you extensive rights concerning the processing of your personal data by the controller, including rights to information and intervention. We will inform you about these rights below:

  • Right to Access according to Art. 15 GDPR: You have the right to request information about the personal data we process about you, including the purposes of processing, categories of personal data processed, recipients or categories of recipients to whom your data has been or will be disclosed, the planned retention period or the criteria for determining the retention period, the existence of the right to rectification, deletion, restriction of processing, objection to processing, filing a complaint with a supervisory authority, the origin of your data if it was not collected from you, the existence of automated decision-making including profiling, and, if applicable, meaningful information about the logic involved and the significance and consequences of such processing, as well as your right to be informed about the safeguards pursuant to Art. 46 GDPR when transferring your data to third countries;
  • Right to Rectification according to Art. 16 GDPR: You have the right to obtain the immediate rectification of incorrect data concerning you and/or the completion of incomplete data stored by us;
  • Right to Deletion according to Art. 17 GDPR: You have the right to request the deletion of your personal data when the conditions of Art. 17 para. 1 GDPR are met. However, this right does not apply if the processing is required for exercising the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
  • Right to Restriction of Processing according to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data is contested, if you refuse the deletion of your data due to unlawful data processing and instead request the restriction of processing, if you need your data for the establishment, exercise, or defense of legal claims after we no longer need the data for the purpose it was collected, or if you have objected to processing on grounds related to your particular situation, as long as it has not been determined whether our legitimate grounds override your interests;
  • Right to Notification according to Art. 19 GDPR: If you have asserted your right to rectification, deletion, or restriction of processing, the controller is required to inform all recipients to whom your personal data has been disclosed about the rectification or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
  • Right to Data Portability according to Art. 20 GDPR: You have the right to receive your personal data provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller, where technically feasible;
  • Right to Withdraw Consent according to Art. 7 para. 3 GDPR: You have the right to withdraw consent that has been given for the processing of data at any time with effect for the future. In the event of withdrawal, we will promptly delete the affected data unless further processing is based on another legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of the processing carried out based on consent before its withdrawal;
  • Right to Lodge a Complaint according to Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, particularly in the member state of your residence, workplace, or the place of the alleged infringement.

10.2 RIGHT TO OBJECT

If we process your personal data on the basis of our legitimate interests, you have the right to object to this processing at any time, on grounds related to your particular situation, with effect for the future. If you exercise your right to object, we will cease processing the affected data. However, further processing may be permitted if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. You can exercise this right as described above.

If you exercise your right to object, we will cease the processing of the affected data for direct marketing purposes.

11) Duration of Storage of Personal Data

The duration of the storage of personal data is based on the respective legal basis, the purpose of processing, and, if applicable, any statutory retention periods (e.g., commercial and tax retention periods).

When processing personal data based on explicit consent according to Art. 6 para. 1 lit. a GDPR, the data will be stored until the data subject withdraws their consent.

If there are statutory retention periods for data processed under legal obligations related to business transactions or similar obligations based on Art. 6 para. 1 lit. b GDPR, such data will be routinely deleted after the retention period expires, unless it is still necessary for contract fulfillment or pre-contractual measures and/or we have a legitimate interest in retaining it.

When processing personal data based on Art. 6 para. 1 lit. f GDPR, the data will be stored until the data subject exercises their right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate reasons for processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims.

When processing personal data for direct marketing purposes based on Art. 6 para. 1 lit. f GDPR, the data will be stored until the data subject exercises their right to object under Art. 21 para. 2 GDPR.

Unless otherwise specified in other sections of this statement regarding specific processing situations, stored personal data will be deleted once they are no longer necessary for the purposes for which they were collected or otherwise processed.