Niche Beauty

Privacy Policy

We, the NICHE-BEAUTY.COM GmbH (hereinafter "we" or "Niche-Beauty") are pleased about your interest in our company.

We take the protection of your personal data and its confidential treatment very seriously. Your personal data is processed exclusively within the framework of the legal provisions of the data protection law of the European Union, in particular the General Data Protection Regulation (hereinafter "GDPR") and the other applicable regulations.

With this privacy policy, we inform you about the processing of your personal data on our website (the "Website") and about your rights under the GDPR.

1. name and contact details of the controller.

This Privacy Policy applies to data processing by the following data controller:

Spitalerstraße 9
20095 Hamburg

phone: +49 (0)40 607 72 58 0

We have appointed a data protection officer for our company:

Leopoldstr. 21
80802 München


2. Subject of Data Protection, Definitions

The subject of data protection is "personal data". This is any information relating to an identified or identifiable natural person (so-called data subject). This includes, for example, details such as name, postal address, e-mail address or telephone number.

Specific information on the personal data processed by us in each case can be found below in the data processing operations listed in detail.

3. access to and storage of information in terminal equipment

By using our website, information (e.g. IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of § 25 Sec. 1 Cl. 1, Sec. 2 Nr. 2 TTDSG.

In cases where such a process serves other purposes (e.g. the needs-based design of our website), it will only be carried out on the basis of § 25 Sec. 1 TTDSG with your consent in accordance with Article 6 Sec. 1 lit. a GDPR. The consent can be revoked at any time for the future. The requirements of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.

For more information on the processing of your personal data and the relevant legal bases in this context, please refer to the following sections on the specific processing activities on our website.

4. Webhosting

This website is hosted by an external service provider (hoster). The hosting of this website takes place in Nuremberg and Falkenstein. Personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, website accesses and other data generated via a website.

We collect the listed data in order to be able to guarantee a smooth connection setup of the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to provide you with the website. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Article 6 Sec. 1 lit. f GDPR.

We have concluded an order processing contract with the provider in accordance with the requirements of Article 28 GDPR, in which we oblige the provider to protect our customers' data and not to pass it on to third parties.

5. Collection and storage of personal data and the nature and purpose of their processing:

a. When visiting the website

When you visit our website, the browser used on your terminal device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion after a few days:

  • IP address of the requesting computer,
  • Date and time of access,
  • Access status,
  • Name and URL of the accessed file,
  • Website from which the access is made (referrer URL),
  • Website that is accessed via our website,
  • browser used and, if applicable, the operating system of your computer as well as the name of your access provider

We collect the listed data in order to be able to guarantee a smooth connection setup of the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to provide you with the website. The log files are used to evaluate system security and stability as well as for administrative purposes. The legal basis for processing the data is our legitimate interest in the protection and functionality of our website in accordance with Article 6 (1) lit. f GDPR.

For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. After 240 days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user.

In addition, we use cookies when you visit our website and use service providers for marketing or analysis purposes. You can find more detailed explanations of this in sections 6 and 7 of this data protection declaration.

b. When ordering a newsletter

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail as mandatory information.

Additional data may be required in order to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, want to receive newsletters in the future. With the confirmation, you give us your consent in accordance with Article 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.

When registering for the newsletter, we store, in addition to the email address required for sending, the IP address through which you registered for the newsletter, as well as the date and time of registration and confirmation, in order to be able to track possible misuse at a later date. The legal basis for this is our legitimate interest according to Article 6 para. 1 lit. f GDPR.

You can unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an e-mail to to the responsible person named above. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the data collected or the continued processing is otherwise permitted by law.

c. When using our contact form and e-mail contact

If you send us inquiries via contact form or e-mail, your information from the inquiry form or your e-mail, including the personal data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. The specification of an e-mail address is required for contacting us, the specification of your first and last name and your telephone number is voluntary. Under no circumstances will we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Article 6 (1) lit. f GDPR and, if applicable, Article 6 (1) lit. b GDPR, if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, unless there is a statutory Storage obligations stand in the way. You can object to the processing of your personal data at any time in the case of Article 6 para. 1 lit. f GDPR.

The personal data collected from us will be deleted after the request you have made has been dealt with.

d. When ordering goods and services through our website (with customer account or as a guest)

You have the option of creating a customer account in our online store in order to order goods. In the course of registering and setting up your customer account, we collect and use the following personal data:

  • First name, last name and title
  • e-mail address
  • Your address

In addition, voluntary information may be provided (e.g. date of birth.). Mandatory information provided for the purpose of registration is marked with an asterisk in the input mask as a required field.

The legal basis for data required to provide the customer account and order goods is Article 6 (1) lit. b GDPR.

For the processing of voluntary information, the legal basis for data processing is your consent in accordance with Article 6 para. 1 lit. a GDPR Your data will be deleted as soon as the user account on our website is deleted and as long as there are no legal retention obligations. A change and / or deletion of their customer account, including the data provided by you, you can usually make after a login directly in your user account or by sending a message to the responsible person mentioned in the introduction.

6. Cookies

Our website uses so-called "cookies". Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or to display advertising.

The processing of data through the use of strictly necessary cookies is based on a legitimate interest pursuant to Article 6 (1) lit. f GDPR in the technically error-free provision of our services. For details on the processing purposes and legitimate interests, please refer to the explanations on the specific data processing.

The processing of personal data through the use of other cookies is based on consent pursuant to Article 6 (1) lit. a GDPR. The consent can be revoked at any time for the future. Insofar as such cookies are used for analysis and optimization purposes, we will inform you separately about this within the framework of this data protection declaration and obtain consent in accordance with Article 6 para. 1 lit. a GDPR.

You can set your browser so that you are:

  • be informed about the setting of cookies,
  • allow cookies only in individual cases,
  • exclude the acceptance of cookies for certain cases or in general,
  • activate the automatic deletion of cookies when closing the browser.

The cookie settings can be managed under the following links for the respective browsers:

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the corresponding user tools, available at or

Most browsers also offer a so-called "do-not-track" function. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be tracked for behavioral advertising and the like.

For information and instructions on how to edit this feature, depending on your browser provider, see the links below:

Additionally, you can prevent loading of so-called scripts by default. "NoScript allows JavaScripts, Java and other plug-ins to run only on trusted domains of your choice. For information and instructions on how to edit this feature, contact your browser vendor (e.g. for Mozilla Firefox at:

Please note that if you disable cookies, the functionality of our website may be limited. Change cookie settings

You can revoke or change your cookie settings at any time. To do so, call up the cookie settings again via the "Data setting" link. You can find this at any time at the bottom left of the website.

7. External service providers

We also use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with whom we have concluded order processing agreements in accordance with Article 28 GDPR, if necessary. These are used by us for marketing and analysis purposes.

a. Affiliate-Marketing - AWIN

As a so-called affiliate (sales partner, hereinafter: "Publisher"), we are integrated into the affiliate network of the operator AWIN (AWIN AG, Eichhornstraße 3, 10785 Berlin, "AWIN"). Affiliate marketing is an Internet-based form of distribution. It enables commercial operators of websites (advertisers) to display advertisements, which are usually remunerated via click or sale commissions, on websites of third parties, i.e. publishers, with the help of a so-called affiliate network (here: AWIN). The advertiser provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by a publisher on its own websites or advertised via other channels, such as keyword advertising or e-mail marketing. If a website visitor clicks on an advertising banner embedded with the publisher or performs a similar interaction, the advertiser can assign this visitor to a specific publisher. Information about when a particular advertising medium was clicked on by an end device is placed in a cookie. An individual sequence of digits is stored in the tracking cookies, with which the partner program of an advertiser, the publisher and the time of the user's action are documented. Information about the end device, e.g. the operating system, the visitor's IP address and the calling browser, is also recorded.

In addition, the following categories of personal data are processed or may be processed by AWIN: Geo-IP data for rough localization, country, information about the content of the respective advertising element, in each case in connection with the IP address of the website visitor, referrer and request URL, user-agent, device identifier. In pseudonymized form, this data can also be processed by the advertiser.

AWIN also passes on personal data to third parties in the affiliate network (so-called merchants) on a pseudonymized basis.

The processing of your personal data in connection with affiliate marketing is based on our legitimate interest or the legitimate interests of third parties with regard to direct marketing (Article 6 para. 1 sentence 1 lit. f GDPR).

In addition to us, AWIN and the respective advertiser involved are responsible for the processing of your personal data. For this purpose, all parties have concluded an agreement on joint responsibility for the processing of data within the meaning of Article 26 (1) GDPR. Your personal data will not be transferred to third countries.

You can find more information on affiliate marketing and AWIN at:

If you do not wish to participate in the tracking, you can deactivate this via the following objection options.

Cookies used in this context:

Cookie: Awin
Provider address: Awin AG, Eichhornstraße 3, 10785 Berlin
Opt-out from provider:
Runtime: Up to 12 month

b. Analysis tools

The tracking measures listed below and used by us are carried out on the basis of Article 6 para. 1 p. 1 lit. a GDPR. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you. These interests are considered legitimate in the sense of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools in this section.

Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies".

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, and compiling reports on website activity. Google will also use this information to provide the website operator with other services related to the use of the website and the Internet. The IP address sent by your browser as part of Google Analytics is not combined with other data from Google. The processing is carried out in accordance with Article 6 para. 1 lit. a GDPR on the basis of the consent given by you.

We use Google Analytics only with IP anonymization enabled. This means that your IP address is only processed by Google in a shortened form.

Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Article 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.

The terms of use of Google Analytics and information on data protection can be accessed via the following links:
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of user-level and event-level data linked to cookies, user identifiers (e.g., user ID), and advertising IDs (e.g., DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) takes place no later than 14 months after their collection.

You can prevent cookies from being stored by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website without restrictions. You can also prevent Google from collecting the data generated by the cookie and from analyzing your use of the website (including your IP address) and from processing this data by Google by using the browser plugin available at

8. Data sharing and recipients

We only pass on your personal data to third parties if we are entitled to do so in accordance with the provisions of data protection law. Below we inform you about the cases in which this may be the case. We may disclose your personal data to third parties (recipients) if:

  • you have given us your consent to do so for one or more specific purposes (Article 6 para. 1 p. 1 lit. a GDPR)
  • the processing is necessary for the performance of a contract with you, or for the implementation of pre-contractual measures, which are carried out at your request (Article 6 para. 1 p. 1 lit. b GDPR)
  • the processing is necessary for the fulfillment of a legal obligation to which we are subject (Article 6 para. 1 p. 1 lit. c GDPR)
  • the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Article 6 (1) p. 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data
  • We pass on details of your delivery address and your e-mail address to a logistics company commissioned by us for the purpose of processing the purchase contract. To ensure that the goods are delivered according to your wishes, we use your email address to contact you in advance of the delivery to inform you of the delivery time. Within this email, you also have the option to specify your desired delivery location or a drop-off location.
  • 9. Social Media

    We use shariff buttons of the social networks Facebook, Instagram, Pinterest and Youtube on our website. The buttons are simple HTML links. We proceed here within the framework of the Shariff solution. With the Shariff solution, a script retrieves how often, for example, the share button on a page has been clicked: For this, the script contacts the social network via the programming interfaces and retrieves the numbers. Personal data from you is not transmitted in this process. Instead of your IP address, only our server address is transmitted to Facebook, Google and Twitter. You are only directly connected with Facebook, Google or Twitter when you become active. Before that, the social networks cannot collect any data about you. As long as you don't press a link to share content, you remain invisible to the networks. If you click on the link, the obligation to inform about the data collection and processing no longer lies with us, but with the operator of the social network.

    10. Data subject rights

    You have the right:

    • request information about your personal data processed by us in accordance with Article15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making. including profiling and, if applicable, meaningful information about its details.
    • demand the correction of inaccurate or incomplete personal data stored by us without undue delay pursuant to Article 16 GDPR
    • pursuant to Article 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims
    • in accordance with Article 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Article 21 GDPR
    • pursuant to Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
    • to revoke consent given in accordance with Article 7 (3) GDPR: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
    • to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose

    11. Right of objection

    If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) p. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation.

    If you would like to exercise your right of revocation or objection, it is sufficient to send an e-mail to

    12. Further information

    We draw your attention to the following pursuant to Article 13 (2) e GDPRO:

    The provision of your personal data to us is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide us with the personal data. There are no negative consequences for you from not providing it.

    We draw your attention to the following pursuant to Article 13 (2) lit. f GDPR: We do not process your personal data for the purposes of automated decision making.

    13. Data security

    Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual website on our website is encrypted by the closed display of the key or lock symbol in the upper status bar of your browser.

    In accordance with Article 32 GDPR, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

    Actuality and change of this privacy policy

    This data protection declaration is currently valid and has the status May 2022.

    Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current data protection declaration can be viewed at any time on the website at