Privacy Policy

Introduction and Contact Information of the Data Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we provide information on how we handle your personal data when you use our website. Personal data refers to all information by which you can be personally identified.

1.2 The data controller for processing personal data on this website, according to the General Data Protection Regulation (GDPR), is CS Beauty Products Cologne, Owner: Christine Schneider, Alteburger Straße 306, 50968 Cologne, Germany, Tel.: +49 152 55274455, Email: contact@coilyandcare.com. The data controller is the natural or legal person who alone or jointly determines the purposes and means of processing personal data.

---

2) Data Collection During Website Visits

2.1 When you use our website for informational purposes only, i.e., without registering or otherwise providing information, we only collect data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following technically required data to display the website properly:

• Our visited website
• Date and time of access
• Amount of data transmitted in bytes
• Referring source/link from which you accessed the page
• Browser used
• Operating system used
• IP address (if applicable, in anonymized form)

The processing of this data is based on Article 6(1)(f) GDPR due to our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for other purposes. However, we reserve the right to retrospectively check server log files if there are specific indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the lock symbol in your browser.

---

3) Hosting and Content Delivery Network

Shopify

We use the system of the following provider for hosting our website and displaying its content:

• Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel (Wix)

All data collected on our website is processed on the provider's servers. We have a processing agreement with the provider, ensuring the protection of our visitors' data and prohibiting unauthorized sharing with third parties.

Data transfer to Canada complies with GDPR standards due to an adequacy decision by the European Commission. For data transfers to the USA, the provider relies on the European Commission's standard contractual clauses to ensure compliance with European data protection standards.

---

4) Cookies

We use cookies to make our website more attractive and enable certain functions. These are small text files stored on your device. Some cookies are deleted automatically after the browser is closed ("session cookies"), while others remain longer to save preferences ("persistent cookies"). You can view the storage duration in your browser's cookie settings.

If personal data is processed through cookies, this is done in accordance with Article 6(1)(b) GDPR (contract execution), Article 6(1)(a) GDPR (consent), or Article 6(1)(f) GDPR (legitimate interest in optimal website functionality and user experience).

You can configure your browser to notify you about cookie settings and decide whether to accept cookies individually, reject them entirely, or only for specific cases. Note that rejecting cookies may limit the functionality of our website.

---

5) Contacting Us

If you contact us (e.g., via contact form or email), we process your personal data solely to handle and respond to your inquiry. The legal basis is our legitimate interest in responding to your request under Article 6(1)(f) GDPR. If your contact is aimed at contract execution, Article 6(1)(b) GDPR also applies. Data will be deleted once the matter is resolved, unless legal retention obligations prevent deletion.

6) Data Processing When Opening a Customer Account
In accordance with Article 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary when you provide it to us when opening a customer account. The data required for account creation is specified in the input fields of the relevant form on our website.

You can delete your customer account at any time by sending a message to the contact address provided above. Upon deletion of your account, your data will be erased, provided all contracts concluded through it have been fully settled, no statutory retention periods apply, and we have no legitimate interest in further storage.

---

7) Use of Customer Data for Direct Advertising
Signing up for our email newsletter
If you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing additional data is voluntary and used to address you personally. We use the double opt-in process for sending newsletters. This ensures that you only receive newsletters after explicitly confirming your subscription by clicking on a verification link sent to your provided email address.

By activating the confirmation link, you consent to the use of your personal data in accordance with Article 6(1)(a) GDPR. We also store your IP address, as registered by the Internet Service Provider (ISP), and the date and time of registration to trace any potential misuse of your email address. The data collected during the newsletter subscription process is used strictly for this purpose.

You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by notifying the responsible party mentioned at the beginning. Upon successful unsubscription, your email address will be immediately removed from our newsletter mailing list, unless you have expressly consented to further use of your data or we are legally permitted to use the data for other purposes, which we inform you about in this statement.

---

8) Data Processing for Order Fulfillment
8.1 For the fulfillment of contracts, personal data collected by us will be shared with the commissioned transport company and financial institution to the extent necessary for delivery and payment, in accordance with Article 6(1)(b) GDPR.

If we owe you updates for goods with digital elements or for digital products under a relevant contract, the contact details you provided during the order process (name, address, email) will be processed to inform you about upcoming updates within the legally prescribed timeframe, in compliance with Article 6(1)(c) GDPR. This information will be communicated through appropriate channels (e.g., postal mail or email). Your contact data will be used strictly for the purpose of update notifications and only to the extent necessary for this purpose.

To process your order, we also work with the following service provider(s), who support us fully or partially in fulfilling contracts. Personal data is transmitted to these service providers as described below.

8.2 Wix App
For order processing, we use the following provider:
Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel (Wix)

Name, address, and other personal data, if necessary, are transmitted to this provider to process the online order in accordance with Article 6(1)(b) GDPR. Data transfer is limited to what is necessary for order fulfillment. The provider is also used for accounting purposes, processing invoices, and, where applicable, managing bank transactions to create financial records in a semi-automated process.

If personal data is processed during this process, it is based on our legitimate interest in efficient organization and documentation of business transactions under Article 6(1)(f) GDPR.

8.3 Use of Payment Service Providers

• PayPal
  This website offers one or more online payment options from the following provider:
  PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

When selecting a payment method from this provider requiring prepayment, your payment data (name, address, bank/card information, currency, transaction ID) and order details will be transmitted to PayPal in accordance with Article 6(1)(b) GDPR solely for payment processing purposes.

For payment methods requiring us to provide prepayment, we may request certain personal data (e.g., name, address, email, date of birth, phone number). To protect our legitimate interest in verifying your creditworthiness, we transmit this data to PayPal for a credit check under Article 6(1)(f) GDPR. PayPal evaluates whether the chosen payment option can be offered based on the risk of payment default.

Credit checks may include probability values (score values), which are calculated using scientifically recognized mathematical and statistical methods, with address data being a key factor.

You can object to this data processing by notifying us or PayPal, but PayPal may still process your personal data if necessary for contractual payment processing.

---

9) Tools and Miscellaneous
Cookie-Consent Tool
This website uses a "cookie-consent tool" to obtain valid user consent for cookies requiring approval. The tool is displayed as an interactive user interface where users can grant consent for specific cookies or cookie-based applications by checking a box. Cookies requiring approval are only loaded if the user gives explicit consent.

Technically necessary cookies are used to store your preferences. Personal data is generally not processed unless necessary for storing, assigning, or logging cookie settings.

In such cases, data processing is based on our legitimate interest in legally compliant and user-friendly cookie management under Article 6(1)(f) GDPR or our obligation under Article 6(1)(c) GDPR to ensure the lawful use of non-essential cookies.

We have entered into a data processing agreement with the tool provider to protect user data and prevent unauthorized sharing with third parties. Further details can be found directly in the tool's user interface on our website.