1. Data Controller

Esta Beauty GmbH
Hans-Böckler-Platz 1
45468 Mülheim an der Ruhr
Germany
Email: info@nop.bio

2. General Information

We appreciate your interest in our online shop. The protection of your personal data is very important to us. Your data is processed in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

3. Access Data and Hosting

3.1 Server Log Files

When you visit our website, the following data is automatically collected:

  • IP address

  • Date and time of access

  • Amount of data transferred

  • Browser type and operating system

  • Referrer URL

This data is used to ensure the smooth operation of the website and to improve our services (Art. 6(1)(f) GDPR).

The data is stored for a maximum of 7 days.

3.2 Hosting

Our website is hosted by external service providers. All data is processed on their servers based on a data processing agreement in accordance with Art. 28 GDPR.

4. Data Processing for Contract Fulfilment and Contact

4.1 Contract Processing

To process orders, we collect and process personal data such as:

  • Name

  • Address

  • Email address

  • Payment details

Processing is carried out in accordance with Art. 6(1)(b) GDPR.

After contract completion, data is stored in accordance with legal retention periods (e.g. up to 10 years under commercial and tax law).

4.2 Customer Account

If you create a customer account, your data is processed based on your consent (Art. 6(1)(a) GDPR).

You can delete your account at any time.

4.3 Contact

When you contact us (e.g. via email or contact form), your data is processed to handle your request (Art. 6(1)(b) GDPR).

5. Shipping Processing

To deliver your order, your data is shared with shipping service providers (Art. 6(1)(b) GDPR).

6. Payment Processing

We work with external payment service providers.

6.1 Transaction Processing

Necessary data is shared with payment providers to process transactions.

6.2 Fraud Prevention

Additional data may be processed to prevent fraud (Art. 6(1)(f) GDPR).

6.3 Klarna

If Klarna is selected, a credit check may be carried out.

6.4 PayPal / Ratepay

Credit checks may be performed when using invoice payment options.

7. Email Marketing

Newsletter

If you subscribe, we use your email address to send newsletters based on your consent (Art. 6(1)(a) GDPR).

You can unsubscribe at any time.

8. Cookies and Technologies

Our website uses cookies for:

  • technical functionality

  • analytics

  • marketing

Non-essential cookies are only used with your consent.

You can disable cookies at any time in your browser settings.

9. Use of Third-Party Services

Google Services

We use services provided by Google Ireland Ltd., including:

  • Google Analytics

  • Google Ads

Data may be transferred to the USA based on standard contractual clauses.

10. Social Media

We maintain profiles on:

  • Meta Platforms Ireland Ltd. (Facebook & Instagram)

  • Google LLC (YouTube)

Personal data may be processed when using these platforms.

11. Your Rights

You have the following rights:

  • Access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Right to lodge a complaint with a supervisory authority

Right to Object

You may object to the processing of your personal data at any time.

12. Contact

For any data protection inquiries:
Email: info@nop.bio