Privacy Policy

1) Introduction and Controller’s Contact Information
1.1
We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how your personal data is handled when using our website. Personal data refers to all data that can be used to personally identify you.

1.2
The data controller responsible for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is:

Gerhard Sistig
Chiwacosmetics
Postfach 1, 82216 Maisach, Germany
Phone: +49 1736830176
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3
The controller has appointed a data protection officer, who can be contacted at:

Gerhard Sistig
Bruder Konrad Straße 10, 82216 Maisach, Germany
Phone: +49 1736830176
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

2) Data Collection When Visiting Our Website
2.1
When you use our website purely for informational purposes, without registering or otherwise transmitting information, we collect only the data that your browser transmits to our server (so-called "server log files"). This includes:

Visited website
Date and time of access
Amount of data sent in bytes
Source/referrer URL
Browser used
Operating system used
IP address (possibly in anonymized form)
The processing is carried out pursuant to Art. 6(1)(f) GDPR, based on our legitimate interest in ensuring the stability and functionality of the website. The data is not transferred or otherwise used. However, we reserve the right to retrospectively check the server log files if there is specific evidence of unlawful use.

2.2
For security reasons and to protect the transmission of personal and confidential content (e.g. inquiries or orders), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the lock symbol in your browser's address bar.

3) Hosting & Content Delivery Network (CDN)
We use a hosting provider that operates servers exclusively within the European Union, either directly or via subcontractors.

All data collected on this website is processed on these servers. We have concluded a data processing agreement with the provider to ensure the protection of our visitors’ data and to prevent unauthorized disclosure to third parties.

4) Cookies
To enhance your experience on our website and enable certain features, we use cookies—small text files stored on your device.

Some cookies are deleted after you close your browser (“session cookies”), while others remain on your device to remember settings ("persistent cookies"). You can check your browser settings for cookie duration.

Where cookies process personal data, the legal basis is:

Art. 6(1)(b) GDPR (contract fulfillment),
Art. 6(1)(a) GDPR (consent), or
Art. 6(1)(f) GDPR (legitimate interest in optimal functionality).
You can configure your browser to notify you about cookies, accept them selectively, or block them entirely. Please note that disabling cookies may affect website functionality.

5) Contact
When you contact us (e.g., via contact form or email), your personal data is processed only to respond to your request.

The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest). If your inquiry relates to a contract, the legal basis is Art. 6(1)(b) GDPR. Your data will be deleted once your request is resolved, unless legal retention obligations apply.

6) Account Creation
When creating a customer account, we collect and process personal data pursuant to Art. 6(1)(b) GDPR to fulfill a contract.

You can delete your account at any time by contacting the controller. After deletion, data is erased unless legally required to be retained or if a legitimate interest exists.

7) Order Processing
7.1
To fulfill orders, we may share your personal data (name, address, payment data) with shipping and payment service providers pursuant to Art. 6(1)(b) GDPR.

If legally required to inform you about updates (e.g. for digital products), we use your contact details under Art. 6(1)(c) GDPR solely for this purpose.

7.2 Shipping Providers
We use:

DHL Home Delivery GmbH
DHL Paket GmbH
DHL Express Germany GmbH
DPD Deutschland GmbH
We share your contact data with these providers only to the extent necessary for delivery. If you consent (Art. 6(1)(a) GDPR), your email/phone number is used to coordinate delivery.

Consent may be revoked at any time.

7.4 Payment Providers
PayPal and PayPal Checkout
We offer payment via:

PayPal
Credit Card / Direct Debit via PayPal
Pay Later via PayPal
Your data is shared with PayPal (Europe) S.a.r.l., 22-24 Boulevard Royal, L-2449 Luxembourg, according to Art. 6(1)(b) GDPR for payment processing. For risk assessment and credit checks, Art. 6(1)(f) GDPR applies. See PayPal's privacy policy:
👉 https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Other integrated methods via PayPal may include:

Apple Pay, Google Pay, iDeal, Bancontact, EPS, Przelewy24, etc.

8) Web Analytics
Google Tag Manager
This site uses Google Tag Manager (Google Ireland Ltd.). The tool itself does not collect personal data but may trigger other tags that do.

Usage only occurs with your explicit consent (Art. 6(1)(a) GDPR). Data may be transferred to the USA. Google is certified under the EU-U.S. Data Privacy Framework.

More:
👉 https://business.safety.google/intl/en/privacy/
👉 https://policies.google.com/privacy

9) Third-Party Features
9.1 Facebook Plugins
9.2 Instagram Plugins
(Provider: Meta Platforms Ireland Ltd.)

Plugins are integrated using a “2-click” or “Shariff” method for data protection. When activated (Art. 6(1)(a) GDPR), data may be transferred to Meta Inc. in the U.S.

9.3 YouTube Videos
(Provider: Google Ireland Ltd.)
Upon playback, cookies may be set and your IP address transmitted. Consent is required (Art. 6(1)(a) GDPR). More: Google Privacy Policy

9.4 Google Web Fonts
Fonts are loaded from Google servers to display text correctly. Your IP address may be transmitted (Art. 6(1)(a) GDPR). More:
👉 https://business.safety.google/intl/en/privacy/

10) Cookie Consent Tool
We use a cookie consent tool to manage user permissions for cookies and third-party tools.

Technically necessary cookies are always set. Consent-based cookies are loaded only after your approval (Art. 6(1)(a), Art. 6(1)(f), and Art. 6(1)(c) GDPR). IP addresses may be stored for logging purposes.

11) Your Rights
You have the following rights under GDPR:

Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restriction of processing (Art. 18)
Right to be informed (Art. 19)
Right to data portability (Art. 20)
Right to withdraw consent (Art. 7(3))
Right to lodge a complaint (Art. 77), e.g. with your local data protection authority.
Right to Object (Art. 21 GDPR)
You may object to processing based on legitimate interests at any time for reasons arising from your situation. If we process data for direct marketing, you may object at any time without giving reasons. In both cases, we will stop processing the data unless compelling legitimate grounds exist.

12) Data Retention
The storage period depends on:

The legal basis for processing,
The purpose of processing, and
Legal retention periods (e.g. commercial or tax law).
Data processed based on consent is stored until consent is revoked. Data under contractual or legitimate interest is deleted when no longer needed or after legal retention periods expire.