Privacy Policy

I. Name and Address of the Data Controller

The data controller in the sense of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU member states, as well as other data protection regulations, is:

BelCos Cosmetic GmbH
Wodanstr. 12
D-38106 Braunschweig

II. Contact Details of the Data Protection Officer

The data protection officer of the controller is:

dsb@kunte.de.com
or via the address of the controller mentioned above.

III. General Information on Data Processing

  1. Scope of Processing Personal Data
    We collect and use personal data of our users generally only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users usually occur only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal provisions.

  2. Legal Basis for the Processing of Personal Data
    If we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
    When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
    If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
    In cases where the processing is required to protect vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
    If the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, Article 6(1)(f) of the GDPR serves as the legal basis.

  3. Data Deletion and Retention Period
    Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage may occur if required by European or national law in union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted once the storage period required by the aforementioned regulations expires, unless further storage of the data is necessary for the conclusion of a contract or for fulfilling a contract.

IV. Provision of the Website and Creation of Log Files

  1. Description and Scope of Data Processing

  1. Whenever our website is accessed, our system automatically collects data and information from the computer system of the requesting device. The following data are collected:
  • Information about the browser type and version used
  • The operating system of the user
  • The Internet service provider of the user
  • The IP address of the user
  • Date and time of access
  • Websites from which the system of the user reaches our website
  • Websites that are accessed by the user’s system via our website

The data is stored in the log files of our system. A combination of this data with other personal data of the user does not occur.

  1. Legal Basis for Data Processing
    The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

  2. Purpose of Data Processing
    The temporary storage of the IP address by the system is necessary to deliver the website to the user’s device. For this, the user’s IP address must remain stored for the duration of the session.
    Storage in log files is done to ensure the functionality of the website. Additionally, the data helps us to optimize the website and ensure the security of our information technology systems. There is no analysis of the data for marketing purposes.
    These purposes represent our legitimate interest in data processing according to Article 6(1)(f) GDPR.

  3. Duration of Storage
    The data will be deleted as soon as it is no longer required for the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the session ends.
    In the case of data stored in log files, this happens after a maximum of seven days. Extended storage is possible; in such cases, the user’s IP addresses will be deleted or anonymized so that the identifying of the requesting client is no longer possible.

  4. Right to Object and Erasure
    The collection of data to provide the website and the storage of data in log files is essential for the operation of the website. There is consequently no possibility for users to object.

V. Use of Cookies and Pixels

  1. Description and Scope of Data Processing

  1. We use cookies and pixels on various parts of our website.
  1. Cookies are small identifiers stored on the device you use to access our website or services. They contain information that can be retrieved when accessing our services, enabling more efficient and better use of our offers.

We use both permanent and so-called session cookies. Session cookies are deleted when you close your web browser. Permanent cookies remain on your device until they are no longer necessary for their purpose and are deleted.

Cookies serve to improve our services and the use of specific features. For example, the order process on our website is only made possible with the help of cookies. Additionally, cookies are used to collect statistical data on our web offerings, such as the number of visitors.

You can prevent the setting of cookies at any time by adjusting the settings in your web browser, thereby objecting to the permanent setting of cookies. Moreover, already set cookies can be deleted anytime via a web browser or other software programs. This is possible in all common web browsers. If you disable cookies in your browser, some functions of our website may not be fully usable.

Pixels are small graphics on websites that enable log file recording and log file analysis, often used for statistical evaluations.

The following data may be transmitted:

  • Entered search terms
  • Frequency of page views
  • Use of website features

The data collected through these methods is pseudonymized, so it is no longer possible to associate the data with the user. The data is not stored together with other personal data of the user.

When accessing our website, users are informed via a banner about the use of cookies for analysis purposes and referred to this privacy policy. The banner also explains how the storage of cookies can be blocked in the browser settings.

  1. Legal Basis for Data Processing
    The legal basis for processing personal data using technically necessary cookies is Article 6(1)(f) GDPR.
    The legal basis for processing personal data using cookies for analysis purposes is the user’s consent, as provided for in Article 6(1)(a) GDPR.

  2. Purpose of Data Processing
    The use of analysis cookies is intended to improve the quality of our website and its content. By using the analysis cookies, we learn how the website is used, allowing us to continuously optimize our offerings.
    These purposes also constitute our legitimate interest in processing personal data according to Article 6(1)(f) GDPR.

  3. Duration of Storage, Right to Object and Erasure
    Cookies are stored on the user’s device and transmitted to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your web browser, you can deactivate or limit the transmission of cookies. Already stored cookies can be deleted anytime. This can also be done automatically. If cookies are deactivated for our website, some features may no longer be fully usable.


This text includes detailed explanations of data processing practices, rights, and privacy policy for users. Let me know if you need further adjustments or clarifications!


VI. Use and Application of Tracking Tools

  1. Google Analytics (with anonymization function)

The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics collects, gathers, and analyzes data about visitors' behavior on websites, such as the origin of visitors (referrers), pages visited, duration of visit, and frequency of page views. These data primarily serve the purpose of optimizing the website and analyzing advertising campaigns.

  • Operator: Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

  • Use of anonymization function: The IP address is shortened and anonymized by the addition of "_gat._anonymizeIp" if access occurs from within the EU or European Economic Area (EEA).

  • Purpose of data processing: Analysis of visitor flows, website improvement, and generation of online reports for the operator.
  • Opt-out options: Users can prevent the storage of cookies via their browser or install a browser add-on to deactivate Google Analytics.

For more information and Google’s privacy policy:
Google Privacy
Google Analytics Terms

  1. Facebook Pixel

To enable audience-targeted marketing, a tracking pixel from Facebook Inc. is embedded on the website. It collects pseudonymized data on website usage to measure and optimize the effectiveness of advertising campaigns.

  • Purpose: Marketing and analysis of user interactions with Facebook ads.

  1. Google AdWords Conversion Tracking

Google AdWords uses a conversion cookie to track whether users visit certain pages, such as the shopping cart in an online store, after clicking on an AdWords ad.

  • Purpose: Measurement of ad campaign success and optimization of future ad campaigns.
  • Opt-out options: Users can opt-out of interest-based advertising by visiting Google Ads Settings.

For more information on Google's privacy policy:
Google Privacy


This section provides an overview of the use of tracking tools on your website, including Google Analytics, Facebook Pixel, and Google AdWords.


  1. Google Remarketing

Google Remarketing is a feature of Google AdWords. The integration of Google Remarketing allows a company to create user-specific ads and show relevant ads to the internet user based on their interests. The service is operated by Google Inc.

Google Remarketing places a cookie in your internet browser. By setting this cookie, Google enables the recognition of the visitor to our website when they subsequently visit other websites that are also part of the Google advertising network. With each visit to a page that integrates the Google Remarketing service, the browser automatically identifies itself to Google. No personal data is transmitted to Google during this process. The IP address we collect is anonymized before being sent to Google.

You have the option to opt out of interest-based advertising by Google. To do so, you must visit Google Ads Settings and adjust the settings there.

For more information and Google's privacy policy, please visit:
Google Privacy

  1. Social Media

On the pages of our blog, we use icons from the social networks "Facebook," "Instagram," and "Google+". These services are provided by Facebook Inc., Google Inc., and Instagram Inc. (providers).

To enhance the protection of your data when visiting our website, the redirects are implemented as static links through the "Shariff" project. This prevents your data from being sent to social networks when visiting our website. A connection between you and the social network is only established when you actively click on the button. For more information, please visit:
Shariff Project.

  1. Newsletter2Go

If you wish to subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter.

To ensure newsletter distribution with your consent, we use the so-called double opt-in procedure. In this process, the potential recipient is added to a distribution list. They then receive a confirmation email, allowing them to confirm the registration legally. Only after confirmation is the address actively added to the distribution list.

We use this data exclusively for sending the requested information and offers.

The newsletter software used is Newsletter2Go. Your data is transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data or using it for purposes other than sending our newsletters. Newsletter2Go is a German, certified provider selected according to the requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act.

For more information, please visit:
Newsletter2Go Information

You can withdraw your consent to store the data and the email address and their use for sending the newsletter at any time, for example, through the "unsubscribe" link in the newsletter.

The data protection measures are subject to ongoing changes in data protection regulations, and we encourage you to regularly check our privacy policy for updates.

Email Advertising Without Newsletter Subscription and Your Right to Object

If we receive your email address in connection with the sale of a product or service, and you have not objected to this, we reserve the right to send you offers for similar products, such as those already purchased, from our range via email, based on § 7 para. 3 UWG. This serves to protect our legitimate interest in sending marketing communications to our customers.

You can object to the use of your email address at any time by sending a message to the contact option described below or by using the designated link in the marketing email, without incurring any costs other than the transmission costs at basic rates.


VII. Contact Form and Email Contact

  1. Description and Scope of Data Processing On our website, there is a contact form that can be used for electronic contact. If a user utilizes this option, the data entered in the input mask will be transmitted to and stored by us. This data includes:

(1) First name, last name
(2) Email address
(3) Phone number
(4) Street, ZIP code, city (optional)
(5) Message

At the time of submission, the following data is also stored:
(1) The user's IP address
(2) Date and time of submission

Your consent will be obtained for the processing of the data as part of the submission process, and reference will be made to this privacy policy.

Alternatively, contact can also be made via the provided email address. In this case, the personal data transmitted via email will be stored.

There is no intention to disclose the data to third parties. The data will be used solely for processing the conversation.

  1. Legal Basis for Data Processing The legal basis for processing the data is the user's consent under Art. 6 para. 1 lit. a GDPR.

The legal basis for processing data transmitted via email is Art. 6 para. 1 lit. f GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

  1. Purpose of Data Processing The processing of personal data from the input mask serves only to process the contact request. In the case of contact via email, there is also a legitimate interest in processing the data.

The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

  1. Duration of Storage The data will be deleted once it is no longer necessary for the purpose for which it was collected. For personal data from the contact form and those transmitted by email, this is the case when the respective conversation with the user has ended. The conversation is considered concluded when the circumstances indicate that the matter has been fully resolved.

The personal data collected during the submission process will be deleted no later than seven days after the submission.

  1. Right to Object and Removal The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in connection with the contact will be deleted in this case.


VIII. Rights of the Data Subject

If your personal data is processed, you are considered the data subject under the GDPR and have the following rights against the responsible party:


  1. Right of Access

  1. You have the right to request information from the controller regarding whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the controller:

(1) The purposes for which the personal data is processed;
(2) The categories of personal data being processed;
(3) The recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) The intended duration for which the personal data concerning you will be stored or, if specific periods are not possible, the criteria used to determine the retention period;
(5) The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
(6) The existence of a right to lodge a complaint with a supervisory authority;
(7) All available information regarding the source of the data if the personal data was not collected from the data subject;
(8) The existence of automated decision-making, including profiling, according to Art. 22 para. 1 and 4 GDPR, and – at least in these cases – meaningful information about the logic involved, as well as the scope and intended effects of such processing for the data subject.

You have the right to request information on whether personal data concerning you is transferred to a third country or an international organization. In this regard, you can request to be informed about the appropriate safeguards according to Art. 46 GDPR in connection with the transfer.

  1. Right to Rectification
    You have the right to request the rectification and/or completion of personal data concerning you if the processed data is inaccurate or incomplete. The controller must rectify the data without undue delay.

  2. Right to Restriction of Processing
    You can request the restriction of processing of personal data concerning you under the following conditions:

(1) If you contest the accuracy of the personal data concerning you, for a period that enables the controller to verify the accuracy of the data;
(2) The processing is unlawful and you oppose the erasure of personal data and instead request the restriction of its use;
(3) The controller no longer needs the personal data for the purposes of processing, but you require the data for the establishment, exercise, or defense of legal claims, or
(4) If you have objected to the processing according to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller override your reasons.

If the processing of personal data concerning you has been restricted, the data – except for storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been lifted, the controller will notify you prior to this.

  1. Right to Erasure
    a) Obligation to Erase

  1. You can request the controller to erase personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) You withdraw your consent on which the processing was based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing;
(3) You object to the processing according to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing according to Art. 21 para. 2 GDPR;
(4) The personal data concerning you has been unlawfully processed;
(5) The erasure of personal data concerning you is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject;
(6) The personal data concerning you was collected in relation to services of the information society offered under Art. 8 para. 1 GDPR.

b) Notification to Third Parties
If the controller has made personal data concerning you public and is obliged to erase it according to Art. 17 para. 1 GDPR, the controller will take reasonable steps, including technical measures, to inform data processors who process personal data about your request for the erasure of all links to, copies, or replications of such personal data, taking into account the available technology and the implementation costs.

c) Exceptions
The right to erasure does not apply if the processing is necessary:

(1) For the exercise of the right to freedom of expression and information;
(2) For compliance with a legal obligation that requires processing under Union or Member State law, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) For reasons of public interest in the area of public health according to Art. 9 para. 2 lit. h and i, as well as Art. 9 para. 3 GDPR;
(4) For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes according to Art. 89 para. 1 GDPR, where the right to erasure is likely to impair or seriously hinder the achievement of the objectives of that processing; or
(5) For the establishment, exercise, or defense of legal claims.

  1. Right to Notification

  1. If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obliged to inform all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about these recipients by the controller.


  1. Right to Data Portability

  1. You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit these data to another controller without hindrance from the controller to whom the personal data was provided, provided that:

(1) the processing is based on consent according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, or on a contract according to Art. 6 para. 1 lit. b GDPR, and
(2) the processing is carried out by automated means.

In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly from one controller to another, where technically feasible. This must not affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  1. Right to Object

  1. You have the right to object to the processing of personal data concerning you based on Art. 6 para. 1 lit. e or f GDPR at any time, on grounds relating to your particular situation; this also applies to profiling based on these provisions.
  1. The controller will no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for such marketing purposes at any time; this includes profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

You also have the option to exercise your right to object in connection with the use of information society services, regardless of Directive 2002/58/EC, through automated processes where technical specifications are used.

  1. Right to Withdraw Consent
    You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.

  2. Automated Individual Decision-Making, Including Profiling
    You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject, and such laws include appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is based on your explicit consent.

However, such decisions must not be based on special categories of personal data under Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In cases referred to in (1) and (3), the controller takes appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention from the controller, to express your point of view, and to contest the decision.

  1. Right to Lodge a Complaint with a Supervisory Authority

  1. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you violates the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.