top of page

Data protection.

1. Information about the collection of personal data and contact details of the controller

2. Data collection when visiting our website

3. Contacting us

4. Cookies

5. Data processing for order processing

6. Data processing when opening a customer account and for contract processing

7. Use of your data for direct marketing

8. Rights of the data subject

9. Duration of storage of personal data

1. Information about the collection of personal data and contact details of the controller

1.1 Thank you for visiting our website. Below, we would like to inform you about how we handle your

personal data when you use our website. Personal data is

basically any data that can be used to identify you personally.

 

1.2 The controller responsible for data processing on our website within the meaning of the General Data Protection Regulation

(GDPR) is:

Fulanis Hair

Weselerstraße 120

45478 Mülheim an der Ruhr

Email: info@fulanishair.de

 

1.3 To protect the security of your data during transmission, we use state-of-the-art

encryption methods (e.g., SSL or TSL) via HTTPS.

 

 

2. Data collection when visiting our website

Each time you visit our website, our system automatically collects data and information that your browser

transmits to our server (so-called “server log files”). The following data, which is technically necessary for us, is collected

in the process:

 

  • The website you visited

  • Date and time of access

  • Amount of data sent in bytes

  • Source/reference from which you accessed the site

  • Operating system used

  • Browser used

  • IP address used (if applicable: in anonymized form)

 

The legal basis for processing is Art. 6 (1) lit. f GDPR due to our legitimate interest in

improving the stability and maintaining the functionality of our website. The data will not be passed on or

used for any other purpose. The temporary storage of the IP address by

the system is necessary to enable the website to be delivered to the user's computer.

For this purpose, the user's IP address must remain stored for the duration of the session.

We reserve the right to check the server log files retrospectively if there are concrete indications of

 

illegal use.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collection for the provision of the website, this is

the case when the respective session has ended.

In the case of storage of the data in log files, this is the case after seven days at the latest.

Further storage is possible. In this case, the IP addresses of the users are deleted or

alienated so that an assignment of the calling client is no longer possible. The collection of data for the

provision of the website and the storage of data in log files is essential for the operation of the website.

Consequently, there is no possibility for the user to object.

 

3. Contact

If you contact us via the contact form, the data entered in the input mask will be

transmitted to us and stored. The data collected can be seen in the respective input mask. When

contacting us by email, only the data you enter there will be transmitted to us

.

The data will be used exclusively for processing the conversation and your request.

The legal basis for processing the data is Art. 6 (1) lit.

a) GDPR, provided the user has given their consent.

The legal basis for processing the data transmitted in the course of sending an email

is Art. 6 (1) lit. f) GDPR. If the email contact is aimed at concluding a contract,

the additional legal basis for processing is Art. 6 (1) lit. b) GDPR. The data will be deleted

as soon as it is no longer necessary for the purpose for which it was collected and provided that there are no

statutory retention obligations. For personal data from the input mask

of the contact form and that sent by email, this is the case when the respective

conversation with the user has ended. The conversation is ended when it can be

inferred from the circumstances that the matter in question has been conclusively clarified. The user has the

option of revoking their consent to the processing of personal data at any time. If the user contacts us

by email, they can object to the storage of their personal data at any time

.

In such a case, the conversation cannot be continued.

 

3.1 WhatsApp Business

Visitors to our website have the option of communicating with us via WhatsApp (a service provided by Meta Inc., 1 Hacker

Way, Menlo Park, CA 94025, USA).

We use the so-called “business version” of WhatsApp for this purpose. If you contact us via WhatsApp in connection with a specific

contract, we will store and use the mobile phone number you use for WhatsApp

and, if published and/or transmitted, your first and last name (Art. 6 (1) (b)

GDPR) for the purpose of processing your request.

If necessary, you will be asked to provide further data if this is required to process your request

(Art. 6 (1) (b) GDPR).

If WhatsApp Business is used for general inquiries that do not relate to a specific contract

, we will store and use the mobile phone number you use on WhatsApp and – if

published and/or provided – your first and last name (in accordance with Art. 6 (1) (f) GDPR) for the

purpose of processing your request.

Our legitimate interest here lies in responding to questions from our customers or

prospective customers at short notice.

The data will not be passed on to third parties.

WhatsApp Business has access to the address book of the mobile device used for this purpose.

Telephone numbers stored there are automatically transferred to a Facebook server in the USA.

 

The mobile device we use for WhatsApp Business only contains the WhatsApp

contact details of those users who have already contacted us via WhatsApp.

 

For data transfers from the European Economic Area to the USA, WhatsApp relies on

standard contractual clauses of the EU Commission. For further details on how WhatsApp handles data,

please refer to WhatsApp's privacy policy:

https://www.whatsapp.com/legal/?eea=1#privacy-policy

 

 

4. Cookies

 

Our website uses cookies.

Cookies are text files that are stored on the user's device. When a user visits a website,

a cookie may be stored on the user's operating system. Some functions of our

website cannot be offered without the use of cookies. This requires that the

browser is recognized even after a page change. The user data collected by technically necessary cookies

is not used to create user profiles. The above-mentioned purposes also constitute

our legitimate interest in the processing of personal data in accordance with Art. 6 (1) lit. f) GDPR.

In addition, our website may use cookies that enable analysis of the surfing behavior of

users (so-called third-party cookies). For more information on the scope, purpose, legal basis, and

options for objection, please refer to the respective sections of the relevant chapter of this

privacy policy.

As a user, you have full control over the use of cookies. By changing the

settings in your internet browser, you can deactivate, restrict, or

delete the transfer of cookies. If you deactivate cookies for our website, you may no longer be able to use all the functions

of the website to their full extent. You can prevent the transfer of Flash cookies by changing

the settings of the Flash Player.

Help with the settings can be found in the respective help menu of your browser or under the following links:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

 

Some of the cookies used here are deleted after you close your browser (so-called session cookies).

Other cookies remain on your device and enable us or our partner companies

 

(third-party cookies) to recognize your browser the next time you visit (persistent cookies). If

cookies are set, they collect and process certain user information to an individual extent, such as

browser and location data as well as IP address values. Persistent cookies are automatically deleted after a

specified period of time, which may vary depending on the cookie.

 

 

5. Data processing for order processing

 

5.1 If you would like to place an order in our web shop, it is necessary for the conclusion of the contract that you

provide your personal data, which we need to process your order. We process the data you

provide to process your order.

In some cases, we work with external service providers to process your order. For this purpose, we must

pass on the necessary personal data.

If we commission transport companies to deliver your goods, we will pass on the data required for the delivery of the

 

goods to the respective transport company. For the processing of payments,

we will pass on your data to the commissioned credit institution to the extent necessary. If we

use payment service providers, you will also be informed of this below.

The legal basis for the transfer of your data is Art. 6 (1) lit. b GDPR.

 

5.2 Transfer of your personal data to shipping service providers

 

  • DHL

If the goods are delivered to you by the transport service provider DHL (Deutsche Post AG, Charles-

de-Gaulle-Straße 20,

53113 Bonn), we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery and within the scope of the 

necessity in accordance with Art. 6 (1) lit. b GDPR.

 

Only if you have given your express consent during the ordering process will we pass on your e-

email address to DHL before the goods are delivered for the purpose of coordinating

 

a delivery date or to announce the delivery. Your consent can be revoked at any time with effect

for the future by contacting the controller named above or the

transport service provider DHL.

 

5.3 Use of payment service providers

 

5.4 bancontact

When paying via “bancontact” through PayPal Checkout, payment is processed by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-

2449 Luxembourg (hereinafter: “PayPal”).

 

For more information about PayPal Checkout, please refer to the relevant section below.

 

5.5 blik

When paying via “blik” through PayPal Checkout, payment is processed by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-

2449 Luxembourg (hereinafter: “PayPal”).

 

For more information about PayPal checkout, please refer to the relevant section below.

5.6 giropay

When paying via “giropay” through PayPal checkout, payment is processed by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-

2449 Luxembourg (hereinafter: “PayPal”).

 

For more information about PayPal checkout, please refer to the relevant section below.

 

5.7 mybank

When paying via “mybank” through PayPal Checkout, payment is processed by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-

2449 Luxembourg (hereinafter: “PayPal”).

 

For more information about PayPal checkout, please see the relevant section below.

- PayPal

If you select PayPal, credit card via PayPal, direct debit via PayPal or – if offered –

“purchase on account” via PayPal as your payment method, payment will be processed by PayPal (Europe) S.a.r.l. et Cie,

S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).

We will pass on your personal data to PayPal in accordance with Art. 6 (1) (b) GDPR within the scope of

necessity. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal,

direct debit via PayPal or – if offered – “purchase on account” via PayPal.

For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your creditworthiness.

For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) lit. f GDPR on the basis of PayPal's legitimate

interest in determining your solvency.

PayPal uses the result of the credit check in relation to the statistical probability of default

for the purpose of deciding on the provision of the respective payment method.

The credit check may contain probability values (so-called score values). Insofar as score values are included in

the result of the credit check, these are based on a scientifically

recognized mathematical-statistical procedure. The calculation of the score values includes, among

other things, but not exclusively, address data.

The additional data collected by PayPal can be found in PayPal's privacy policy.

This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal.

However, PayPal may still be entitled to process your personal data if this is necessary for

contractual payment processing.

 

5.8 PayPal Checkout

We use PayPal Checkout (PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard

Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).

PayPal Checkout is an online payment solution from PayPal that supports both PayPal payment methods and

local payment methods from third-party providers.

If you select (where offered) the payment methods PayPal, credit card via PayPal, direct debit via PayPal, or

“Pay Later” via PayPal, we will pass on your necessary payment details to PayPal for the purpose of

processing the payment. This transfer is permitted in accordance with Art. 6 (1) (b) GDPR.

For the payment methods credit card via PayPal, direct debit via PayPal, or “Pay Later” via PayPal,

PayPal reserves the right to carry out a credit check. For this purpose, PayPal may pass on your necessary

payment data to credit agencies. The processing is carried out on the legal basis of Art.

6 (1) (f) GDPR. PayPal has a legitimate interest in determining your creditworthiness. You

can object to this processing of your data at any time by sending a message to PayPal, whereby

further processing of your personal data by PayPal may still be justified if it is

necessary for contractual payment processing.

'

If you select the PayPal purchase on account payment method, we will initially transfer your payment data to PayPal in accordance with Art. 6

(1) (b) GDPR. PayPal will then forward your data to

 

Ratepay GmbH, Ritterstr. 12-14, 10969 Berlin, for the purpose of executing the payment. RatePay then carries out an identity 

and credit check in its own name. The legal basis for this is Art. 6 (1) lit. f GDPR, the legitimate interest in

 

determining solvency. For this purpose, RatePay passes on your payment data to credit agencies in accordance with Art. 6 (1) lit. f GDPR

.

Ratepay can access the following credit agencies: https://www.ratepay.com/legal-payment-creditagencies/

If you choose the payment method of a local third-party provider, we will first pass on your payment data to PayPal in accordance with

Art. 6 (1) lit. b GDPR. PayPal then passes on your payment data to the provider you have selected in order to execute the payment (6

(1) (b) GDPR) to the provider you have selected:

  • iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)

  • giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main

  • Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany) 

  • bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)

  • eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2,1200 Vienna, Austria)

  • blik (Polski Standard P?atno?ci sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland) 

  • Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

  • MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)

 

For more information, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

 

 

6. Data processing when opening a customer account and for contract processing

 

When you open a customer account with us, personal data is collected and processed in accordance with Art. 6 (1) (b) GDPR

. The scope of the data can be seen in the input form

. The data you enter will be stored and used by us for contract processing.

You

You can delete your customer account at any time. This can be done by sending a message to the address of the

controller or, if offered, directly in the customer account. In this case, we will also block your data

in accordance with tax and commercial law retention periods and delete it after these periods have expired

. This can only be prevented by your consent to permanent storage or further

use of your data by us as permitted by law.

 

 

7. Use of your data for direct marketing

 

Sendinblue

We send our newsletters via Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (hereinafter

referred to as “Sendinblue”).

We pass on the data you enter when registering for the newsletter to Sendinblue in accordance with Art. 6 (1) lit. f GDPR in order to

safeguard our legitimate interest in the use of an effective, secure, and

user-friendly newsletter system.

The data entered when subscribing to the newsletter (e.g., email address) is stored on the servers of

Sendinblue in Germany. Your data is used by Sendinblue on our behalf for the purpose of sending and statistically evaluating the newsletter.

For this purpose, the newsletter emails contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. 

This allows us to track whether a newsletter email has been opened and which

links have been clicked on. With the help of this conversion tracking, we can also track whether

an action (such as purchasing an item from our

shop) was taken after opening a link from the newsletter.

Technical information is also collected (e.g., the time of retrieval, your IP address, browser type, and/or operating system). This data is collected exclusively

in pseudonymized form and is not linked to your other personal data. If you do not want the data analysis described here,

you must unsubscribe from the newsletter. There is a data processing agreement with Sendinblue

.

Details on Sendinblue's data protection policy can be found at:

https://de.sendinblue.com/legal/privacypolicy/

 

8. Rights of the data subject

 

8.1 The applicable data protection law grants you comprehensive rights as a data subject (rights of access and intervention) vis-à-vis the controller with regard to the processing

of your personal data, about which we

inform you below:

- Right of access pursuant to Art. 15 GDPR:

You may request confirmation from the controller as to whether personal data concerning you is being processed by the controller. In addition, you have the right to obtain information about the purpose, the categories of personal data, the recipients, the planned duration of storage, and the existence of further rights such as the correction of data or the existence of a right of appeal to a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the significance and intended effects of such processing, as well as your right to be informed of the guarantees in accordance with Art. 46 GDPR when your data is transferred to third countries;

 

- Right to rectification pursuant to Art. 16 GDPR:

You have the right to have inaccurate data concerning you rectified without delay and/or to have

incomplete data stored by us completed; the rectification or

completion must be carried out without delay.

 

- Right to restriction of processing pursuant to Art. 18 GDPR:

You have the right to request the restriction of the processing of your personal data

while the accuracy of your data is being verified, if you object to the deletion of your

data due to unlawful data processing and instead request the restriction of

processing of your data, if you need your data to assert, exercise, or

defend legal claims, after we no longer need this data for the purpose for which it was collected,

or if you have lodged an objection on grounds relating to your particular situation, as long as

it is not yet clear whether our legitimate reasons prevail;

If the processing of personal data concerning you has been restricted, this data

 

– apart from its storage – only be processed with your consent or for the assertion, exercise, or

defense of legal claims or for the protection of the rights of another natural or

legal person or for reasons of important public interest of the Union or a

Member State. If the restriction of processing has been restricted, you will be

informed by the controller before the restriction is lifted.

 

- Right to erasure pursuant to Art. 17 GDPR:

You have the right to have your personal data erased without undue delay if the

conditions of Art. 17 (1) GDPR are met. However, this right to erasure does not apply

in particular - but not exclusively - if the processing is necessary for exercising the right of freedom of

expression and information, for compliance with a legal obligation, for reasons of

public interest, or for the establishment, exercise, or defense of legal claims

.

- Right to be informed pursuant to Art. 19 GDPR:

If you have exercised your right to rectification, erasure, or restriction of processing,

the controller is obliged to notify all recipients to whom your personal data has been disclosed

of this rectification or erasure of the data or restriction of processing,

unless this is impossible or involves disproportionate effort. You also have

the right to be informed about these recipients.

 

- Right to data portability pursuant to Art. 20 GDPR:

You have the right to receive your personal data that you have provided to us in a structured, commonly used, and

machine-readable format or to request that it be transferred to another controller,

insofar as this is technically possible.

 

- Right to withdraw consent pursuant to Art. 7 (3) GDPR:

You have the right to object at any time to the processing of personal data concerning you

on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on

these provisions.

You also have the right to revoke your declaration of consent under data protection law at any time with effect for the

future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the

consent until revocation.

 

- Right to lodge a complaint pursuant to Art. 77 GDPR:

Without prejudice to any other administrative or judicial remedy, you have the

right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence,

your place of work or the place of the alleged infringement, if you consider that the

processing of personal data concerning you infringes the GDPR.

 

8.2 Right to object

You have the right to object to the processing of your data at any time with effect for the future if

we process your data on the basis of our overriding legitimate interest after weighing up the interests

.

 

If you exercise this right to object, we will stop processing your data

unless there are demonstrable compelling legitimate grounds for the processing that override your interests, or

if the further processing serves to assert or defend legal claims.

 

9. Duration of storage of personal data

The duration of the storage of personal data depends on the statutory retention periods.

After these have expired, we routinely delete the data if it is no longer required for the fulfillment or initiation of a contract

and/or if we no longer have a legitimate interest in its continued storage.

bottom of page