Data Protection Policy

Overview

Welcome to www.labelhair.co.uk! According to Art 13, Art 14 DSGVO as well as § 165 Abs 3 TKG, we'll comprehensively inform you about how your data is processed in this section. Please familiarise yourself with how your personal data (hereinafter referred to as "data") is processed and why, when you:

  1. Visit our website
  2. Subscribe to our newsletter email
  3. Contact us
  4. Use our webshop
  5. Have a business relationship with us, as well as:
  6. How long your data will be stored
  7. Which data we collect from other sources (Art 14 DSGVO)
  8. Whether automated decision-making takes place
  9. What rights you have in regard to data processing and
  10. Who the data controller is, the contact details of our Data Protection Officer, and how you can contact us.

1) What data do we process when you visit our website?

When you visit our website, the following categories of your data may be processed:

  • Selected language
  • Browser type
  • Operating system
  • Country
  • Date, time and duration of access
  • Partially masked IP address
  • Pages visited on our website, including entry and exit pages
  • Data that you enter via a contact form

These categories of data are processed only to the extent necessary in each case. The processing of this data is justified by our legitimate interest in operating our website (Art 6 Para 1 lit f DSGVO).

To operate of our website, it may be necessary for us to transmit your data to the following recipients:

Service provider and data protection information of the provider Description Place of processing Legal bases for data transmission
Hetzner Online Ltd Website hosting including backup storage EU/EEA Order processing according to Art. 28 GDPR

Cookies and "Advertising Services"

The above categories of data are processed by so-called "cookies". Cookies are text files that are stored on your device.

"Technical" cookies exclusively ensure the functioning of our website and do not require your consent. These cookies recognise and store temporary data from website visitors. We use these technical cookies exclusively to the extent necessary to communicate with your device via the website.

In addition to these technical cookies, we may also use "advertising services" (e.g. "advertising cookies", "non-required cookies", "pixels" or similar technologies). These services enable us to better understand and evaluate your interests. With the help of these services, we can merge your surfing behaviour beyond the boundaries of our website with data from other websites. This data allows us to better understand the interest of visitors to our websites and to address them in a more targeted manner. For this purpose, the respective categories of your required data will also be transmitted to the respective service provider. We respect that not every visitor to our website wants this. Therefore, we only process your data through these advertising services if you give us your consent to do so.

Your consent to the processing of your data by services that process your data within the EU or the EEA is based on Art 6 Para 1 lit a DSGVO.

Your consent to the processing of your data by services that process your data in the USA is based on Art 49(1)(a) of the GDPR (exceptions for specific cases). The reason for this legal basis is that there is currently no valid adequacy for the USA pursuant to Art 45 GDPR. This means that your rights in connection with the processing of your data in the USA cannot be guaranteed, which we expressly point out. This applies exclusively until we can offer you a technical solution to prevent any data transfer to the USA or until a new adequacy decision is adopted.

You can revoke your consent at any time by deleting the activated services from the browser of your device, whereby the data processing that took place until the time of revocation remains justified.

The following advertising services will only be activated once you have consented to them via our "cookie banner" (the pop-up window that appears when you first visit our website):

Service Description Duration of storage Place of processing Legal Basis for Data Transfer Service provider and data protection information of the provider
Google Tag Manager Integration of Google Tag Manager for easy reloading of services (The provider can use the data collected to contextualise and personalise the ads of its own advertising network, especially if you are logged into an existing account of the service) 24 Months EU/EEA, US Order processing in accordance with Art. 28 GDPR under conclusion of the final standard data protection clauses in accordance with Art. 46 Para. 3 lit a GDPR Google LLC
Google Analytics Analysis and statistical evaluation of the website (The provider may use the data collected to contextualise and personalise the ads of its own advertising network, especially if you are logged into an existing account of the service) 24 Months EU/EEA, US Order processing in accordance with Art. 28 GDPR under conclusion of the final standard data protection clauses in accordance with Art. 46 Para. 3 lit a GDPR Google LLC
Google Ads Targeted display of online advertising (The provider may use the data collected to contextualise and personalise the ads of its own advertising network, especially if you are logged into an existing account of the service) 3 months EU/EEA, US Order processing in accordance with Art. 28 GDPR under conclusion of the final standard data protection clauses in accordance with Art. 46 Para. 3 lit a GDPR Google LLC
Google Optimize Optimisation of our online offers and website presentation (The provider can use the data collected to contextualise and personalise the ads of its own advertising network, especially if you are logged into an existing account of the service) 18 months EU/EEA, US Order processing in accordance with Art. 28 GDPR under conclusion of the final standard data protection clauses in accordance with Art. 46 Para. 3 lit a GDPR Google LLC
Facebook pixels Measuring the success and optimisation of online advertising (The provider may use the data collected to contextualise and personalise the ads of its own advertising network, especially if you are logged into an existing account of the service) 3 months EU/EEA, US Order processing in accordance with Art. 28 GDPR under conclusion of the final standard data protection clauses in accordance with Art. 46 Para. 3 lit a GDPR MetaPlatforms, Inc.
TikTok pixels Measuring the success and optimisation of online advertising (The provider may use the data collected to contextualise and personalise the ads of its own advertising network, especially if you are logged into an existing account of the service) 13 months EU/EEA, China, US Order processing in accordance with Art. 28 GDPR under conclusion of the final standard data protection clauses in accordance with Art. 46 Para. 3 lit a GDPR TikTok Technology Limited
Microsoft Advertising Targeted display of online advertising (The provider may use the data collected to contextualise and personalise the ads of its own advertising network, especially if you are logged into an existing account of the service) 13 months EU/EEA, US Order processing in accordance with Art. 28 GDPR under conclusion of the final standard data protection clauses in accordance with Art. 46 Para. 3 lit a GDPR Microsoft Corporation
Criteo Creation of personalised advertising offers 13 months EU/EEA Order processing according to Art. 28 GDPR Criteo SA
AWIN Targeted display of online advertising 30 days EU/EEA Joint responsibility according to Art 26 GDPR AWIN AG
RTB House Creation of personalised advertising offers 12 months EU/EEA Order processing according to Art. 28 GDPR RTB House SA
Hotjar Optimisation of our online offers and website presentation 12 months EU/EEA Order processing according to Art. 28 GDPR Hotjar Ltd.
Commerce Connector Optimisation of our online offers 14 days EU/EEA Order processing according to Art. 28 GDPR Commerce Connector GmbH
Hubspot Optimisation of our online offers 6 months EU/EEA, US Order processing in accordance with Art. 28 GDPR under conclusion of the final standard data protection clauses in accordance with Art. 46 Para. 3 lit a GDPR HubSpot, Inc.
Omniconvert Optimisation of our online offers and website presentation 6 months EU/EEA Order processing according to Art. 28 GDPR Omniconvert SRL
Vimeo Playing Vimeo video services 24 Months USA Order processing in accordance with Art. 28 GDPR under conclusion of the final standard data protection clauses in accordance with Art. 46 Para. 3 lit a GDPR Vimeo LLC
SendinBlue Analysis and statistical evaluation of the website 24 Months EU/EEA Order processing according to Art. 28 GDPR SendinBlue GmbH
Flashtalking Targeted display of online advertising 60 months EU/EEA Order processing according to Art. 28 GDPR

Simplicity Marketing Ltd

twiago Optimising our online offer 30 days EU/EEA Order processing according to Art. 28 GDPR twiago GmbH
Outbrain Optimising our advertising campaigns 3 months EU/EWR, USA Order processing according to Art. 28 GDPR

Outbrain Inc.

AdUp Establishing personal advertising offers 12 months EU/EWR Order processing according to Art. 28 GDPR Axel Springer Teaser Ad GmbH

2) What data do we process when you sign up for our email newsletter?

The following categories of data may be processed (in addition to the data processed during your visit to our website) when you subscribe to our newsletters over e-mail:

  • E-mail address

The processing of this data is based on your voluntary consent (Art 6 Para 1 lit a DSGVO). You can revoke this consent at any time by unsubscribing via the link provided in each newsletter or via your existing customer account, whereby the data processed up to the time of revocation remains justified. You are not obliged to provide this data, but we cannot provide you with a newsletter subscription without it.

In order to send our e-mail newsletters, it may be necessary for us to transmit your data to the following recipients:

Service provider and data protection information of the provider Description Place of processing Legal bases for data transmission
AWS EMEA SARL Sending the e-mail newsletter EU/EEA Order processing according to Art. 28 GDPR
SendinBlue GmbH Sending the e-mail newsletter EU/EEA Order processing according to Art. 28 GDPR

3) What data do we process when you contact us?

When you contact us, the following categories of your data may be processed (in addition to the data processed during your visit to our website):

  • Contact details
  • E-mail address
  • Telephone number
  • Any order data
  • Correspondence data, including any data you provide to us during communication

We process this data for the following purposes:

  • Handling customer enquiries, customer care and other customer support services via e-mail, chat or telephone.

These categories of data are processed to the extent necessary for each case. The processing of this data is justified by our overriding legitimate interest in efficient and satisfactory communication (Art 6 Para 1 lit f DSGVO).

For this purpose, it may be necessary for us to transmit your data to the following recipients:

Service provider and data protection information of the provider Description Place of processing Legal bases for data transmission
Freshworks GmbH Germany Customer inquiries and customer care services via email, chat or telephone EU/EEA, occasionally USA if you contact us via social media platforms Order processing in accordance with Art. 28 GDPR under conclusion of the final standard data protection clauses in accordance with Art. 46 Para. 3 lit a GDPR

4) What data do we process when you use our webshop?

When you use our webshop, the following categories of your data may be processed (in addition to the data processed during your visit to our website):

  • Contact details
  • Billing and shipping address
  • E-mail address
  • Telephone number
  • Order and delivery data
  • Account and payment data
  • Data that you enter via a contact form
  • Correspondence data, including all data you provide in connection with your order
  • Date of birth (in the case of legally required proof of age)

We process this data for the following purposes:

  • Processing the entire contractual relationship with you
  • Transfer of orders to payment service providers
  • Commissioning shipping or forwarding services, including drop-shipping
  • Communication for processing orders
  • Legally required storage as defined by the § 132 BAO (Federal Fiscal Code)
  • Legally permitted direct advertising (e.g.: per mail, e-mail, satisfaction surveys, congratulatory letters, statistical evaluations); We would like to expressly inform you that you can object to the processing of your data for the purpose of direct advertising
  • Prevention and clarification of cases of fraud or attempted fraud
  • Assertion and defence of legal claims

Processing these categories of data occurs to the extent necessary in each case and is required for the fulfilment of the contract (Art 6 para 1 lit b DSGVO) or is justified by our overriding legitimate interest in smoothly running our business (Art 6 para 1 lit f DSGVO).

It may be necessary for us to transmit your data to the following recipients as required for the use in our webshop:

Service provider and data protection information of the provider Description Place of processing Legal bases for data processing and data transmission
Logistics service provider
(Data protection information according to the website of the selected provider)
Transportation of orders Usually EU/EEA – but also third countries in exceptional cases Fulfilment of contract (Art 6 Para 1 lit b GDPR). If the recipient is in a third country without a valid adequacy decision – Art 49 Para 1 b and e GDPR
Drop-shipping/Drop-shipping Service Provider
(Data protection information according to the website of the selected provider)
Execution of orders for products that are not in stock and transfer to logistics service providers for transport Usually EU/EEA – but also third countries in exceptional cases Fulfilment of contract (Art 6 Para 1 lit b GDPR). If the recipient is in a third country without a valid adequacy decision – Art 49 Para 1 b and e GDPR
AWS EMEA SARL Sending automated emails EU/EEA Overriding legitimate interests (Art 6 Para 1 lit f GDPR), order processing in accordance with Art 28 GDPR
Adyen NV Payment Service Provider: Processing of online transactions EU/EEA Overriding legitimate interests (Art 6 Para 1 lit f GDPR)
Klarna Bank AB (publ) Payment Service Provider: Processing of online transactions EU/EEA Overriding legitimate interests (Art 6 Para 1 lit f GDPR)
SIX Payment Services Ltd Payment Service Provider: Processing of online transactions for customers from Switzerland Switzerland Overriding legitimate interests (Art 6 Para 1 lit f GDPR) Switzerland: valid adequacy decision in accordance with Art 45 GDPR
Amazon Payments Europe sca Payment Service Provider: Processing of online transactions EU/EEA Overriding legitimate interests (Art 6 Para 1 lit f GDPR)
PayPal (Europe) S.à rl et Cie, SCA Payment Service Provider: Processing of online transactions EU/EEA Overriding legitimate interests (Art 6 Para 1 lit f GDPR)
Current iDEAL BV Payment Service Provider: Processing of online transactions for customers from the Netherlands EU/EEA Overriding legitimate interests (Art 6 Para 1 lit f GDPR)

Customer Account

You have the option of registering for a customer account. If you do so, the following categories of your data may also be processed:

  • Order history and wish lists
  • Product data (ratings, testimonials, questions and answers about products)
  • Assigned customer number
  • Customer segmentation

We process this data for the following purposes:

  • Storage of your information in your customer account, including the publication of your ratings, reviews, questions and answers about products, insofar as you do this independently
  • Customer segmentation carried out to offer benefits.

This data is processed based on your voluntary consent (Art 6 para 1 lit a DSGVO). You can revoke this consent at any time, whereby the data processed up to the time of revocation remains justified. You are not obliged to register for a customer account, but we cannot provide you with the additional services mentioned above without a customer account.

5) Which data do we process if you have a business relationship with us?

In the course of our business relationship with partners or suppliers, we process the following categories of your data:

  • Company data
  • Contact details
  • E-mail address
  • Telephone number
  • Business data, order, delivery and invoice data
  • Correspondence data, including all data that you provide to us in connection with our business relationship.

We process this data for the following purposes:

  • The initiation, maintenance and processing of our entire business relationship with you (e.g. pre-contractual obligations, invoicing of services, dispatch of documents, communication for processing the contract).
  • Legally required storage as defined by the § 132 BAO (Federal Fiscal Code)
  • Internal administration and management of our business relationship to the extent required (e.g.: Processing your business case, forwarding business cases to various departments, filing, archiving purposes, correspondence with you).
  • Assertion and defence of legal claims

These categories of data are processed to the extent necessary in each case. If you do not provide us with this data, we will unfortunately not be able to process your business transaction.

Processing this data is necessary for the contractual fulfilment of our business relationship (Art 6 Para 1 lit b DSGVO), necessary for the fulfilment of our legal obligations in connection with retention periods (Art 6 para 1 lit c DSGVO) or justified by our overriding legitimate interest smoothly running our business (Art 6 Para 1 lit f DSGVO).

6) How long will your data be stored?

We only store your data for as long as is necessary for the purposes for which we collected your data. In this context, statutory retention obligations must be taken into account (for example, for reasons of tax law, contracts, order data or other documents from a contractual relationship must generally be retained for a period of seven years (§ 132 BAO)). In justified individual cases, such as for the assertion and defence of legal claims, we may also store your data for up to 30 years after the termination of the business relationship.

We store the data that we process in the context of contacting you for up to three years from the time you last contacted us.

7) Collection of data from other sources (Art 14 GDPR)

Data is only collected from other sources if you wish to enter into a business relationship with us as a partner or supplier in accordance with point 5. For this purpose, it may be necessary to carry out research on the business partner. This will only be done to the extent required. In this context, data may be retrieved and processed from the following sources:

Source Public? Affected Data Purpose/Justification
Company website Yes Contact/structure data Contact for business purposes
Contractor No Name, address, phone no. Contract fulfilment, delivery

8) Does automated decision-making or profiling take place (Art 13 (2) (f) of the GDPR)?

No automated decision-making takes place on our website. However, over the order process, it is possible that the respective payment service provider uses profiling for fraud detection.

9) What rights do you have in regard to data processing?

We would like to inform you that, provided that the legal requirements are met, you have the right to:

  • request information about what personal data we're processing (see Art 15 DSGVO for more details)
  • demand the correction or completion of incorrect or incomplete data concerning you (see Art 16 DSGVO for more details)
  • delete your data (see Art 17 DSGVO for more details), insofar as this does not conflict with any retention obligations
  • restrict the processing of your data (see Art. 18 DSGVO for more details)
  • data portability - receipt of the data you have provided in a structured, common and machine-readable format (see Art. 20 of the GDPR).
  • object to the processing of your data based on Article 6(1)(e) or (f) of the GDPR (see Art 21 of the GDPR). This applies particularly to the processing of your data for advertising purposes.

If we process your data on the basis of your consent, you have the right to revoke this consent at any time. This will not affect the lawfulness of the data processed up to that point (Art 7 (3) DSGVO).

If, contrary to expectations, your right to lawful processing of your data is violated, please contact us. We will endeavour to deal with your request promptly, at the latest within the statutory period of one month. You also always have the right to lodge a complaint with the supervisory authority responsible for data protection matters.

10) Who is responsible for data protection and how can you contact us?

The person responsible within the meaning of Art 4 Z 7 DSGVO is:

niceshops GmbH
Saaz 99
8341 Paldau
uk@labelhair.com
(+43) 720 710740 9000
ATU63964918
FN302888z
Managing Directors Roland Fink, Christoph Schreiner, Barbara Unterkofler, Dr. Günther Helm

Regional Court for ZRS Graz
District Administration Südoststeiermark
Member of the Trade Division of the Styrian Chamber of Commerce.

Contact details of the Data Protection Officer:
E-mail: privacy@niceshops.com
Post: niceshops GmbH, Attn: Data Protection Officer, Annenstraße 23, 8020 Graz, Austria.

Any use of this privacy policy, or parts thereof, without the consent of the author constitutes an infringement of copyright.