Privacy policy
Effective Date: 25.04.2025
This Privacy Policy describes how Hairgenetix B.V. ("Hairgenetix", "we", "us", or "our") collects, uses, discloses, and safeguards your information when you visit or use our website (the "Site").
We are committed to complying with the EU General Data Protection Regulation (GDPR), Google’s EU User Consent Policy, and all other applicable privacy laws.
1. Data Controller Contact Information
Hairgenetix B.V.
Chamber of Commerce (KvK) Number: [Insert]
Contact: Contact Support
If you have any questions regarding this Privacy Policy or wish to exercise your data protection rights, please contact us using the information above.
2. Types of Data We Collect
We collect both Personal Data and Anonymous Data:
-
Personal Data: Information that identifies or can reasonably be used to identify you, such as your name, email, address, phone number, payment details, and other non-public information.
-
Anonymous Data: Information that does not identify you individually, including de-identified or aggregated data.
3. Information You Provide to Us
We collect Personal Data when you:
- Create an account: Name, email, password.
- Place an order: Shipping and billing address, payment information, IP address.
- Contact customer service or submit feedback: Name, email, message content.
- Post content (e.g., reviews): Public display of your first name and last initial along with your review.
- Participate in promotional activities: Any information provided during surveys, contests, or offers.
We may also collect additional Personal Data where explicitly stated on the Site.
4. Information From Social Networking Sites
You may register or log in through third-party social networking sites (SNS) such as Facebook or Google:
- By doing so, you grant us access to selected information from your SNS account, subject to your SNS privacy settings.
- We recommend reviewing the SNS privacy policies to understand how they share your data with us.
5. Information Collected Automatically
We automatically collect certain technical information to improve the Site:
5.1 Server Data
- Browser type and version
- Device information
- IP address
- Domain name
- Date and time of access
5.2 Log Files
- Referrer URLs
- Exit pages
- Operating system
- Internet Service Provider (ISP)
- Clickstream data
This helps us analyze trends, administer the Site, track user navigation, and gather demographic information.
6. Cookies and Tracking Technologies
We use the following technologies:
- Cookies: Session cookies (expire after browser closes) and persistent cookies (remain until deleted).
- Pixel Tags/Web Beacons: Embedded in pages and emails to track engagement.
- Flash Cookies: Used for video preferences, managed differently than regular cookies.
- Analytics Services: Google Analytics, Facebook Analytics, and others.
Note: We do not link cookies or tracking data directly to Personal Data unless necessary.
You can manage cookie preferences at any time via our cookie settings link in the Site footer.
7. Information From Third Parties
We may collect Personal or Anonymous Data about you from third parties:
- Marketing partners: e.g., demographic data.
- Third-party platforms: e.g., Shopify for e-commerce management.
- Referrals: If you invite others to use our Services, we collect their contact information to send invitations. You are responsible for obtaining their consent.
8. Use of Personal Data
We use your Personal Data to:
- Identify you as a user
- Fulfill and manage your orders
- Respond to customer service requests
- Improve our Site and Services
- Send administrative notifications (e.g., order updates)
- Send newsletters, surveys, and promotional content (with consent)
- Facilitate interactive features
- Create non-identifiable Anonymous Data for research and analysis
9. Personal Data We Collect and Purpose of Processing
| Purpose | Data Collected | Legal Basis |
|---|---|---|
| Website Analytics and Cookies | IP address, browser info, navigation data | Consent (GDPR Art. 6(1)(a)) |
| Purchases and Account Management | Name, address, email, phone, payment details, IP address, order history | Contractual necessity (Art. 6(1)(b)), Compliance (Art. 6(1)(c)), Legitimate Interests (Art. 6(1)(f)) |
| Newsletter and SMS Marketing | Name, email, phone, consent record, engagement data | Consent (Art. 6(1)(a)) |
| Customer Service and Feedback | Name, email, message content | Legitimate Interests (Art. 6(1)(f)) |
| User-Generated Content | Review content, first name and initial | Legitimate Interests (Art. 6(1)(f)) |
| Facebook Insights Data | Page visitor statistics | Joint controllership with Facebook |
10. Categories of Personal Data
We collect:
- Information you directly provide
- Automatically collected information (cookies, log files)
- Third-party provided data (only where lawful)
We do not collect sensitive personal data unless explicitly provided by you with consent.
11. Legitimate Interests
Where appropriate, we process Personal Data based on legitimate interests, including:
- Enhancing website functionality
- Marketing our services
- Preventing fraud and abuse
- Securing our systems
Such processing is balanced against your fundamental rights.
12. Data Sharing and Processors
We share Personal Data with trusted service providers for purposes including:
- Shipping partners: e.g., DHL, CoolRunner ApS
- Payment processors: Stripe, PayPal
- Marketing platforms: Google, Facebook, Klaviyo, Rakuten
- IT hosting providers: Shopify for web hosting and online sales infrastructure
All third parties must comply with GDPR and our strict data protection agreements.
13. International Data Transfers
Where Personal Data is transferred outside the EU/EEA (e.g., to the USA), we rely on:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Other lawful transfer mechanisms per GDPR Articles 44–49
14. Data Retention
We retain Personal Data according to the following schedules:
- Order records: 2 years post-calendar year (5 years for accounting compliance)
- Newsletter subscription data: Until you withdraw consent
- Reviews: 3 years
- Customer service inquiries: 1 year
- Cookies: As per your consent settings
15. Your Rights Under GDPR
You have the right to:
- Access your Personal Data
- Correct inaccurate or incomplete data
- Request erasure ("right to be forgotten")
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
To exercise any of these rights, please contact us.
16. Cookie Declaration
We use a consent-based cookie banner compliant with TCF v2.2 and Google Consent Mode.
Cookie categories:
- Strictly Necessary: Required for website operation.
- Performance: Analyze site traffic and optimize performance.
- Functional: Enable enhanced functionality and personalization.
- Targeting: Advertise and deliver personalized content.
- Unclassified: Being categorized.
You can update your cookie preferences at any time via the cookie settings link.
17. Disclosure of Your Personal Data
We may disclose Personal Data:
- When posting public content (e.g., reviews)
- To our Affiliates, under strict GDPR-compliant agreements
- In the event of business transfers (e.g., mergers, acquisitions)
- To social media services based on your actions
- For legal compliance or in response to legal obligations (e.g., subpoenas)
We do not sell your Personal Data.
18. Third-Party Services and Websites
Our Site contains links to external websites.
We are not responsible for their privacy practices or content.
Please review third-party privacy policies before submitting data.
19. Third-Party Payment Processing
We use payment providers such as Stripe and PayPal for online transactions:
- We do not process or store your payment card or banking information.
- Payment data is handled according to Stripe’s and PayPal’s own Privacy Policies.
20. Changes to This Policy
We reserve the right to modify this Privacy Policy at any time.
If changes are made, we will update the “Effective Date” and post the new version on our Site.
We encourage you to review this page periodically to stay informed.