Data protection

Provider and Responsible Entity under Data Protection Law

GSG Hair
Owner: Yvonne Sövdsnes
Managing Director: Andreas Danler
Bahnhofstrasse 2
5700 Zell am See, Austria
Email: support@gsghair.com

Scope of Application

This privacy policy informs about the type, scope, and purpose of the collection and use of personal data by the provider "GSG Hair" on this website and within its services.
Personal data includes all information relating to an identified or identifiable natural person.

Providing your personal data is generally not legally or contractually required, nor is it necessary for the conclusion of a contract. You are not obliged to provide your data. Failure to provide data has no consequences unless explicitly stated otherwise.

Collection of General Information

Each time our website is accessed, general information is automatically collected by us or our web hosting provider. These server log files include:

Name of the website
File accessed
Date and time of access
IP address
Transferred data volume
Referrer URL (the page from which you accessed our site)
Web browser and operating system

This data is processed on the basis of Art. 6(1)(f) DSGVO to ensure smooth operation of our website and to improve our offerings.

Contact

GSG Hair
Bahnhofstrasse 2
5700 Zell am See, Austria
Email: support@gsghair.com

Contact via Contact Form or Email

When you contact us via the contact form or email, we process your personal data (e.g., name, email address, message content) only to the extent necessary to handle and respond to your request. The data processing is carried out:

For the performance of pre-contractual measures or to fulfill a contract (Art. 6(1)(b) DSGVO), or
Based on our legitimate interest (Art. 6(1)(f) DSGVO), if no contractual relationship exists.

Your data will be deleted once your request has been processed unless legal retention obligations prevent deletion.

Submission of Images via Email

If you send us images by email

your data will be processed solely to provide the requested service (e.g., production of personalized items).
The processing is carried out in accordance with Art. 6(1)(b) DSGVO. The data will be deleted after the statutory retention period.

Customer Account and Orders

Customer Account:
When you create a customer account, we process your personal data (name, address, email address, password) based on your consent (Art. 6(1)(a) GDPR).
You may revoke your consent at any time, in which case your customer account will be deleted.

Orders:
When placing an order on our website, we collect and process personal data (name, address, payment information) necessary for fulfilling the contract.
The processing is based on Art. 6(1)(b) GDPR. Data may be transferred to shipping companies, payment providers, or IT service providers as required for order processing.

Disclosure of Data

Your personal data will only be shared with third parties to the extent necessary for contract fulfillment or when we are legally obligated to do so.
Examples include:

Shipping providers: For the delivery of your ordered goods.
Payment providers: For processing your payment.
IT service providers: To ensure the technical functionality of our website.

All transfers are carried out in accordance with legal regulations, especially Art. 6(1)(b) DSGVO (contract performance) or Art. 6(1)(c) DSGVO (legal obligation).
Third parties may only use your data for the stated purposes.

Data Security

We implement technical and organizational measures to protect your personal data from loss, destruction, manipulation, and unauthorized access.
Our security measures are continually improved in line with technological advancements.
We use SSL encryption (Secure Socket Layer) with the highest level of encryption supported by your browser.
You can recognize an encrypted page by the lock icon in your browser’s address or status bar.

Despite our efforts, please note that data transmission over the internet can have security vulnerabilities (e.g., email communication). Full protection from third-party access is not possible.

Analytics and Tracking Tools

Google Analytics:
We use Google Analytics to analyze usage of our website and optimize our services. Google Analytics uses cookies that collect information about your use of the website.
These data are anonymized and processed based on your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time.

Meta Pixel:
We use the Meta Pixel to display interest-based advertising on Facebook, Instagram, YouTube, and TikTok.
Your data is processed based on your consent (Art. 6(1)(a) GDPR).

Cookies:

Our website uses cookies to ensure functionality and improve user experience.
Technically necessary cookies are stored based on Art. 6(1)(f) GDPR.
For all other cookies, we obtain your consent in accordance with Art. 6(1)(a) GDPR.
You can disable cookies at any time via your browser settings; however, this may impair the functionality of the website.

Payment Service Providers

We cooperate with various payment providers (credit/debit cards, Apple Pay, Google Pay, Klarna) to offer different payment options.
Depending on the chosen provider, necessary data will be transmitted to them. Processing is done in accordance with Art. 6(1)(b) GDPR.
For services such as Klarna or Ratepay, a credit check may be conducted. This is based on Art. 6(1)(f) GDPR to prevent payment defaults.
Please refer to the respective privacy policies of these providers for further details.

Your Rights

Under the DSGVO, you have the following rights:

Right of access (Art. 15 DSGVO): Information about the personal data we process.
Right to rectification (Art. 16 DSGVO): Correct inaccurate data.
Right to erasure (Art. 17 DSGVO): Delete your data unless retention obligations exist.
Right to restriction of processing (Art. 18 DSGVO).
Right to data portability (Art. 20 DSGVO).
Right to object (Art. 21 DSGVO): To the processing of your data based on legitimate interest.