Datenschutz- und Cookie-Richtlinie
Datenschutz- und Cookie-Richtlinie
1. DSGVO & EU-basiert
2. Welche Daten wir sammeln
3. Warum wir Ihre Daten verwenden
4. Cookies und Tracking-Tools
5. Ihre DSGVO-Rechte
Datenschutz- und Cookie-Richtlinie
This Privacy & Cookie Policy explains how SIA iColor (“iColor”, “we”, “us”, “our”) collects, uses, stores and protects your personal data when you use https://eu.icolorpmu.com (the “Website”), purchase our products or courses, subscribe to our communications or otherwise interact with us.
We process your personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
By using the Website or providing us with your personal data, you acknowledge that you have read and understood this Policy.
Wenn Sie damit nicht einverstanden sind, nutzen Sie die Website bitte nicht und geben Sie keine personenbezogenen Daten weiter.
1. Datenverantwortlicher und Kontaktdaten
2. Welche personenbezogenen Daten wir sammeln
3. Zwecke und Rechtsgrundlagen der Verarbeitung
Wir verarbeiten Ihre personenbezogenen Daten nur, wenn wir über eine gültige Rechtsgrundlage im Rahmen der DSGVO verfügen.
3.1. To process and deliver your orders
• processing and confirming orders
• handling payment and invoicing
• arranging shipping and delivery
• customer service related to your order
Legal basis:
• performance of a contract (Art. 6(1)(b) GDPR)
• compliance with legal obligations (e.g. accounting and tax laws) (Art. 6(1)(c) GDPR)
3.2. To provide access to Courses and digital content
• creating and managing your training account
• providing access to video lessons and learning materials (via bunny.net and our platform)
• communicating about your course, progress and certificates (if applicable)
Legal basis:
• performance of a contract (Art. 6(1)(b) GDPR)
3.3. To respond to your inquiries and provide support
• answering questions sent via e-mail, contact forms, WhatsApp, Telegram
• helping you choose products or courses
• handling complaints and requests
Legal basis:
• performance of a contract or steps at your request before entering into a contract (Art. 6(1)(b) GDPR)
• our legitimate interest in providing good customer service (Art. 6(1)(f) DSGVO)
3.4. To send service and administrative messages
• order confirmations, shipping updates, invoices
• important information about your account or course access
• notices about changes to our terms or this Policy
Legal basis:
• performance of a contract (Art. 6(1)(b) GDPR)
• compliance with legal obligations (Art. 6(1)(c) GDPR)
These messages are not marketing and cannot be unsubscribed from while your order oder Konto ist aktiv.
3.5. To send marketing communications
• newsletters with news, promotions, product launches, course announcements
• educational content and tips related to permanent makeup
• invitations to webinars or events
Legal basis:
• your consent (Art. 6(1)(a) GDPR) where required (e.g. for new subscribers), and/or
• our legitimate interest in promoting our products and services to existing customers (Art. 6(1)(f) GDPR) where Ein solches Marketing ist gesetzlich zulässig.
Sie können sich jederzeit von Marketingmitteilungen abmelden (siehe Abschnitt 4).
3.6. To analyse and improve our Website and services
• understanding how visitors use the Website
• measuring the performance of pages, campaigns and content
• improving UX, product assortment and course offering
We use tools such as Google Analytics, Meta Pixel, Google Ads tag, TikTok, Pinterest, Hotjar and Facebook/Instagram tools for analytics and, where applicable, marketing, in compliance with GDPR (with consent where required).
Legal basis:
• our legitimate interest in improving our business and services (Art. 6(1)(f) GDPR) for strictly necessary analytics and statistics, and
• your consent (Art. 6(1)(a) GDPR) for non-essential analytics and marketing cookies.
3.7. To prevent fraud and ensure security
• protecting our Website and systems against misuse
• detecting and preventing fraudulent transactions
• enforcing our Terms & Conditions and protecting our rights
Legal basis:
• our legitimate interest in protecting our business and customers (Art. 6(1)(f) GDPR)
4. Marketingkommunikation und Ihre Entscheidungen
4.1. You can subscribe to our newsletters and marketing emails via:
• dedicated subscription forms (with a checkbox),
• opt-in when placing an order (soft opt-in for similar products/services),
• sign-up for free materials or lead magnets.
4.2. Normalerweise versenden wir etwa einmal pro Woche Newsletter (dies kann je nach Inhaltsplan und Kampagnen variieren).
4.3. Wir können unsere Mailingliste segmentieren (z. B. nach Erfahrungsgrad, Interessen, Kaufhistorie), um den Inhalt für Sie relevanter zu machen.
4.4. You can unsubscribe from marketing at any time by:
• clicking the “unsubscribe” link in any marketing e-mail, or
• contacting us at eu@icolorpmu.com and asking to be removed from the list.
4.5. Unsubscribing from marketing does not affect mandatory service messages (order confirmations, invoices, important information about your account or courses).
5. Cookies und ähnliche Technologien
5.1. Was sind Cookies?
Cookies sind kleine Textdateien, die auf Ihrem Gerät abgelegt werden, wenn Sie eine Website besuchen. They help us:
• make the Website work properly,
• remember your preferences,
• analyse usage and improve performance,
• show relevant ads (where applicable).
Wir verwenden auch ähnliche Technologien wie lokale Speicherung oder Tracking-Pixel (z. B. Meta Pixel, TikTok Pixel).
5.2. Types of cookies we use
• Strictly necessary cookies
Required for the basic functioning of the Website (e.g. shopping cart, checkout, security). These cookies do not require your consent and are always active.
• Functional / preference cookies
Help remember your choices (e.g. language, region). These may operate based on our legitimate interest or your consent, depending on local requirements.
• Analytics cookies
Help us understand how the Website is used, which pages are popular, and where we can improve. Wir nutzen Tools wie Google Analytics und Hotjar. These cookies are set only with your consent, where required.
• Marketing / advertising cookies
Used to show you relevant ads and measure the effectiveness of our campaigns (e.g. Meta Pixel, Google Ads tag, TikTok and Pinterest). Diese Cookies werden nur mit Ihrer Einwilligung gesetzt.
5.3. Cookie banner and consent
When you visit the Website for the first time (and regularly afterwards), we display a cookie banner which:
• informs you about our use of cookies;
• allows you to accept or reject non-essential cookies (analytics and marketing);
• may allow you to choose cookie categories.
You can change your cookie preferences at any time via the cookie settings [link/button on the Website], or by adjusting your browser settings.
5.4. Browser settings
Most browsers allow you to:
• view which cookies are stored on your device;
• delete cookies;
• block cookies or restrict them to certain websites.Please note that blocking or deleting certain cookies may affect the functionality of our Website (for example, the shopping cart or login may not work correctly).
6. Datenaufbewahrung
We store personal data only for as long as necessary for the purposes described above or as required by law.
In particular:
• Order and accounting data: kept for 5 years to comply with accounting and tax obligations.
• Customer accounts: kept for up to 5 years after the last activity or order, unless you request deletion earlier (subject to
legal obligations).
• Newsletter subscribers:
• active subscribers – while you remain subscribed;
• after you unsubscribe – we keep limited data (e.g. e-mail, unsubscribe date) for up to 3 years to document consent and withdrawal.
• Support communications (e-mails, messages): kept for up to 3 years after the last contact, depending on the nature of the issue.
• Photos of your work and other voluntary content: kept while relevant for the purpose for which you provided it
(e.g. testimonial, case study) or until you request deletion, unless we must keep aus rechtlichen Gründen länger.
Cookies werden je nach Art und Anbieter unterschiedlich lange gespeichert. Sie können diese Zeiträume über Ihren Browser oder unsere Cookie-Einstellungen einsehen bzw. steuern.
7. Datenweitergabe und Auftragsverarbeiter
We do not sell your personal data.
We may share personal data with the following categories of recipients, strictly on a need-to-know basis:
• IT and hosting providers
• Website and database hosting (e.g. Tilda / EU hosting)
• video streaming for courses (bunny.net)
• Payment service providers
• Stripe, PayPal, banks, Klarna and similar services that process your payments.
• Delivery and logistics partners
• UPS, Omniva and other carriers, to deliver your orders.
• E-mail sending system
• our e-mail sending infrastructure located in Latvia (EU) for newsletters and service e-mails.
• Analytics and marketing providers
• Google Analytics, Meta Pixel, Google Ads, TikTok, Pinterest, Hotjar and similar tools used strictly in line with GDPR, with consent where required.
• Professional advisers
• accountants, auditors, legal advisers, where access to data is necessary for their services.
These third parties act as data processors or independent controllers, depending on the context, and are bound by contracts and/or legal obligations to protect your personal data and process it only in accordance with our instructions and applicable law.
8. Internationale Datenübertragungen
Our infrastructure and main service providers are located within the European Union / European Economic Area (EU/EEA)
and we aim to store and process your data in the EU.
If, in the future, your personal data needs to be transferred to a country outside the EU/EEA that does not provide an equivalent level of data protection, we will ensure that appropriate safeguards are in place, such as:
• Standard Contractual Clauses (SCCs) approved by the European Commission, und/oder
• andere von der DSGVO geforderte Schutzmaßnahmen.
Gegebenenfalls können Sie sich an uns wenden, um weitere Informationen zu Schutzmaßnahmen für internationale Überweisungen zu erhalten.
9. Sicherheit Ihrer Daten
10. Ihre Rechte gemäß DSGVO
Nach der DSGVO haben Sie folgende Rechte (vorbehaltlich der Bedingungen und gesetzlichen Beschränkungen):
1. Auskunftsrecht Sie können fragen, ob wir Ihre personenbezogenen Daten verarbeiten und eine Kopie der Daten anfordern, die wir über Sie gespeichert haben.
2. Recht auf Berichtigung Sie können die Berichtigung unrichtiger oder unvollständiger personenbezogener Daten verlangen.
3. Right to erasure (“right to be forgotten”) You can request deletion of your personal data in certain circumstances (e.g. when it is no longer needed or you withdraw consent).
4. Right to restriction of processing
You can request that we limit the processing of your data in specific cases (e.g. while we verify its accuracy or consider your objection).
5. Right to data portability
You can request to receive the personal data you provided to us in a structured, commonly used and machine-readable format and have it transmitted to another controller, where processing is based on consent or contract and carried out by automated means.
6. Right to object
• You can object at any time to processing based on our legitimate interests, for reasons relating to your particular situation.
• You have an absolute right to object at any time to processing for direct marketing, including profiling related to such marketing. Wenn Sie dies tun, werden wir die Verarbeitung Ihrer Daten für diese Zwecke einstellen.
7. Recht auf Widerruf der EinwilligungWenn die Verarbeitung auf Ihrer Einwilligung beruht, können Sie diese Einwilligung jederzeit widerrufen. Die Rechtmäßigkeit der Verarbeitung vor dem Widerruf bleibt davon unberührt.
8. Right to lodge a complaint
You can lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.
In Latvia, the supervisory authority is:
Data State Inspectorate (Datu valsts inspekcija) – https://www.dvi.gov.lv
To exercise your rights, please contact us or our DPO using the details in Section 1. We may need to verify your identity before acting on your request.
11. Privatsphäre von Kindern
Die Website und unsere Dienste richten sich an Erwachsene (18+). Wir erfassen wissentlich keine personenbezogenen Daten von Kindern. Wenn Sie der Meinung sind, dass uns ein Kind personenbezogene Daten zur Verfügung gestellt hat, kontaktieren Sie uns bitte, damit wir diese gegebenenfalls löschen können.
12. Änderungen dieser Richtlinie
We may update this Privacy & Cookie Policy from time to time, for example when we introduce new services or when legal requirements change.
The most current version will always be available on the Website and will indicate the “Last updated” date at the top.
If we make significant changes that materially affect you, we will inform you by appropriate means (for example by e-mail or
a notice on the Website). Sofern gesetzlich erforderlich, werden wir Sie um Ihre Zustimmung zu den Änderungen bitten.