Sect. 1 General Scope

We will process your personal data (e.g. title, name, address, e-mail address, phone number, bank details, credit card number) solely in accordance with the provisions of the German data protection law and the data protection law of the European Union (EU). The following provisions will inform you, besides the information about the processing purposes, recipients, legal bases and storage periods, also about your rights and the controller for your data processing. This privacy policy applies only to our websites. If you are directed to other sites via links on our pages, please pay attention and be sure to review their privacy practices.


Sect. 2 Inventory data

(1) Purpose of data processing

Your personal data you provide us during the ordering process are necessary for the conclusion of a contract with us. You are not obliged to provide your personal data. However, we would not be able to send you the goods without your address. For some payment methods we ask for the necessary payment data in order to pass them on to a payment service provider commissioned by us. Hence, the processing of your data collected during the ordering process is soley for the purpose of contract performance.

If you send us a request by e-mail or by using the contact form, etc. before concluding the contract, we process the obtained data to carry out pre-contractual measures and answer your questions about e.g. our products.

In the case of opening a customer account, your data (in particular name, address, payment method, e-mail and password) will be processed for registration and creation of a customer login. With the stored data, you are able to shop faster and view your previous orders at any time. By sending us a note or via a delete function you can delete the account again.

(2) Legal basis

The legal basis for such processing is set out in Article 6 (1) (b) of the GDPR.

(3) Recipient categories

Payment service provider, shipping service provider, hosting provider, if necessary merchandise management system, suppliers if necessary (drop-shipping).

(4) Duration of Storage

We store the data required for contract execution until the statutory warranty and, if applicable, contractual warranty periods expire.

We store the data required under commercial and tax law for the statutory periods, generally ten years (cf. § 257 German Commercial Code (HGB), § 147 Regulation of Taxation (AO)).

The data processed for the execution of pre-contractual measures will be deleted as soon as the measures have been carried out and the contract cannot be concluded.


Sect. 3 Comments

(1) Purpose of data processing

Adding comments is possible. Your personal data (e.g. name/pseudonym, email address, website) collected in this scope will be solely processed for the purpose of publishing your comments.

(2) Legal basis

The legal basis for such processing is set out in Article 6 (1) (f) of the GDPR.

(3) Legitimate interest

Our legitimate interest is the public exchange of user opinions on specific topics and products. The publication serves, among other things, the purpose of transparency and opinion-forming. Your interest in data protection is preserved, as you can publish your comment under a pseudonym.

(4) Duration of Storage

There is no provision for a certain storage period. You may request the deletion of your comment at any time.

(5) Right of objection

You have the right to object at any time to the processing of data which was performed according to Article 6 (1)(f) of GDPR and which does not serve direct marketing for reasons arising from your particular situation.

In the case of direct marketing, however, you may object to the processing at any time without stating any reasons.


Sect. 4 Further information

Facebook Pixel
This website is using the commercial remarketing function with "Custom Audiences" setting by Facebook Inc. ("Facebook"). This Function will help us to present visitors of our Website during their sessions in social network Facebook with interest related advertising ("Facebook-Ads"). The remarketing tag from Facebook was implemented on this webpage for this purpose. This tag will make a direct connection with the Facebook servers when visiting our website. Facebook servers will be informed that you visited this website and Facebook will save this information to your personal Facebook user account. More information regarding the processing and use of your data by Facebook, and your rights regarding this issue and the possibility to protect your privacy can be found in facebooks data protection information at You can also choose to disable the remarketing function "Custom Audiences" at For this you must be logged into your Facebook account. You can also deactivate or activate the Facebook-Pixel function just for our website right here.

To deactivate Facebook-Pixel for Headshot Hair Dye:

To activate Facebook-Pixel for Headshot Hair Dye:


The provider of this website uses the services of etracker GmbH in Hamburg, Germany ( to analyze your usage data. Cookies will be implemented, for the statistical analysis of this page by its visitors and will also help showing usage related content and advertisement. Cookies are little text files, that the internet browser will save on your device. Etracker cookies contain no information that will help to identify the user. Data generated by etracker will be used and saved on behalf of the provider of this webpage by etracker only in Germany, which means it is subject to the strict German and European data protection laws and standards. Etracker is independently audited and certified and carries the seal of approval ePrivacyseal.

Webbrowser notifications

If you activate browser notifications for this website through the "signalize" services, we will use a function inserted in your browser in order to supply those notifications. We only use anonymous or
pseudonymous data, when sending information. Depending on the websites configuration these can be:

? identification values: a randomly, anonymous or pseudonymous generated value (for example: 108bf9a85547edb1108bf9a85547edb1), this will be saved in a tracking cookie ID and allows the internet browser in use and its configuration settings for this notification to be identified and retrieved.

? pseudonymized indicator keys for the identification of a device or user: a randomly generated, anonymous or pseudonymous value

This data will only be used, to deliver the notifications you subscribed to and for settings used for those notifications. We are asking for your permission to use and safe this data. The legal basis upon which the processing of data usage is performed in this case is Art. 6 Abs. 1 lit. a DSGVO. At any given time, you can disagree to receiving these notifications. Information on how to unsubscribe to Web-Push notifications for various Browsers can be found here: Google Chrome, Mozilla Firefox, Opera & Microsoft Edge.
To keep browser notifications content related and useful we use a pseudonymous user profile via Tracking-Pixel that collects your preferences and solely for personalized notifications we use a notification-ID that we link to your user profile of this website. On our behalf the tracking Technology will also be used for statistical evaluations of our push notifications. It helps us tracking whether our notifications were received and maybe clicked on. Data generated by this process will be used & stored only within Germany by etracker GmbH on our behalf, which means it is subject to the strict German and European data protection laws and standards. For this etracker is independently audited and certified and carries the seal of approval ePrivacyseal.
The data usage for statistical purposes of push notifications and also our interest in customizing our notifications for its recipient are based upon our legitimate interest in personalized direct marketing in accordance with Art. 6 Abs. 1 lit. f DSGVO. Because we value the privacy of our visitors very much, any data will be anonymous or pseudonymous that could be connected to a single person, like IP-address, registration or device identification. This system does not allow direct recognition of individuals. Collected Data will not be used for other purposes or be disclosed to third parties.
At any given time, you can disagree to the above described data processing.


This website uses the plugin "Squarelovin" from Anchor Media GmbH, Budapester Straße 45, 20253 Hamburg. Its operating mode is to integrate Instagram Content. The integration will only take place after explicit consent of the pictures copyright owner.


Sect. 5 Web Analysis with Google Analytics

(1) Purpose of data processing

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland ("Google"). Google Analytics uses so-called “cookies”, small text files, which are placed on your computer to analyze how you use the website. The information generated by the cookie about your use of this website will be transmitted and saved on server in the United States by Google. If the anonymizeIP function is activated on this website, Google will shorten your IP address in advance within the member states of the European Union or in other states which are parties to the Agreement on the European Economic Area. Only in exceptional cases Google will transmit the full IP address on server in the United States and will shorten there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activities and providing other services related to website and internet usage for the website operators.

(2) Legal basis

The legal basis for such processing is set out in Article 6 (1) (a) of the GDPR.

(3) Recipient categories

Google and its partners.

(4) Transfer to a third country

Google Ireland Limited is an affiliate of Google LLC. Google LLC is based in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043).

(5) Duration of Storage


(6) Right of objection

You can prevent the installation of the cookies in your browser settings. If you choose to change your settings you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: optout

You may also generate blocking by setting an opt-out cookie. If you want to prevent the future collection of your data when you visit this website, please click here: Disable Google Analytics


Sect. 6 Web analysis



Sect. 7 PayPal-transactions

Please note that all PayPal transactions are subject to the PayPal Privacy Policy:


Sect. 8 Information about cookies

(1) Purpose of data processing

This website uses technically necessary cookies. These are small text files that are stored for a short period in or by your Internet browser on your computer system. These cookies are employed, for example, when several products must be inserted in a shopping cart.

Other cookies remain stored permanently and recognize your browser on your next visit. These cookies are employed, for example, to store permanently your passwords for a customer account.

(2) Legal basis

The legal basis for such processing is set out in Article 6 (1) (f) of the GDPR.

(3) Legitimate interest

Our legitimate interest is the functionality of our website. The user data collected by technically necessary cookies and long term cookies are not used to create user profiles to preserve your interest in data protection.

(4) Duration of Storage

The technically necessary cookies are usually deleted when the browser is closed. Permanently stored cookies remain stored from a few minutes to several years.

(5) Right of revocation

If you do not wish these cookies to be stored, please deactivate the use of cookies in your Internet browser. However, this may cause a functional limitation of our website.

Your consent to persistent cookies can be withdrawn at any time by deleting the cookies in your browser settings.


Sect. 9 Social plugins

Squarelovin: Diese Website nutzt das Plugin "Sqarelovin" der Anchor Media GmbH, Budapester Straße 45, 20253 Hamburg. Funktionsweise ist die Einbindung von Instagram Content. Die Einbindung erfolgt nur mit ausdrücklicher schriftlicher Einwilligung des Bildrechteinhabers.


Sect. 10 Newsletter

(1) Purpose of data processing

When registering for the newsletter, your e-mail address will be used for advertising purposes, i.e. the newsletter will inform you in particular about products from our product range. For statistical purposes we may evaluate which links are viewed in the newsletter. However, it is not recognizable for us, which concrete person has accessed the links. You have expressly given the following consent separately or, as the case may be, in the course of the ordering process: Subscribe to the newsletter

(2) Legal basis

The legal basis for such processing is set out in Article 6 (1) (a) of the GDPR.

(3) Recipient categories

if necessary: newsletter provider

(4) Duration of Storage

Your e-mail address will only be stored for the respective duration of your registration.

(5) Right of revocation

You may revoke your consent at any time with effect for the future. If you no longer wish to receive the newsletter, you may unsubscribe as follows: By a log-out link in the newsletter


Sect. 11 Your rights as a data subject

If your personal data is processed, you are the ‘data subject’ in terms of GDPR and you have the following rights towards us, the controller:

1. Right to information

You may request us to provide information about your personal data processed by us under Article 15 of the GDPR.

2. Right to rectification

If your personal data provided to us is not up to date or not accurate you have the right to ask for modifications to your personal data under Article 16 of the GDPR. You also have the right to request us to complete an incomplete data.

3. Right to erasure

You have the right to have your personal data erased and ask for deletion of your data under Article 17 of the GDPR.

4. Right to restriction of processing

You have the right to restrict the processing your personal data under Article 18 of the GDPR.

5. Right to data portability

You have the right referred to in Article 20 of the GDPR to receive your personal data provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

6. Right to revoke the consent given under data protection law

You have the right referred to in paragraph 3 of Article 7 to withdraw your given consent based on the data protection provisions at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.

7. Right to lodge a complaint with a supervisory authority

If you consider that the processing of personal data relating to you infringes the GDPR, you have the right referring to in Article 77 of the GDPR to complain to the supervisory authority against the processing of your personal data (in particular in the Member State of your habitual residence, place of work or place of the alleged infringement ).

Please also note your right of objection under Article 21 GDPR:

a) In general: reasonable objection required

If the processing of personal data concerning you takes place in order

- to perform our overriding legitimate interest (legal basis: Article 6 (1f) GDPR)


- to safeguard the public interest (legal basis: Article 6 (1e) GDPR),

you are entitled to object to the processing at any time for reasons arising from your particular situation; this also applies to profiling based on the provisions of the GDPR.

In the event of objection, we will no longer process the personal data concerning you unless we can prove compelling grounds for processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims;

b) Special case of direct marketing: simple objection is sufficient

If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing and without stating reasons; this includes profiling to the extent that it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.


Responsible for data processing:
Headshot GmbH
Am Markt 1
47229 Duisburg
Phone: 02065-98490 01

This document was created and is updated with technology from janolaw AG.

download Document as PDF