Privacy policy

Controller Responsible for Data Processing

The controller responsible for data processing is:

Barva Naturkosmetik UG
Ulmenstr. 12
45133 Essen
Germany
Email: info@barva.info

Represented by:
Ms. Tina Husemann & Mr. Sourabh Kulkarni

We are pleased about your interest in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your personal data.

1. Access Data and Hosting

You may visit our website without providing any personal information. Each time a webpage is accessed, the web server automatically stores a so-called server log file, which may include:

  • Name of the requested file
  • IP address
  • Date and time of access
  • Amount of data transferred
  • Requesting provider

This data is used exclusively to ensure the smooth operation of the website and to improve our offering. This constitutes a legitimate interest pursuant to Art. 6 (1) lit. f GDPR.
All access data is deleted no later than seven days after the end of your visit.

Hosting by a Third-Party Provider

As part of processing on our behalf, a third-party provider provides hosting and website display services. All data collected through use of this website or via forms in the online shop is processed on its servers.
The hosting provider is located within the EU or EEA.

2. Data Collection and Use for Contract Processing, Contact, and Customer Accounts

We collect personal data when you voluntarily provide it to us as part of an order, when contacting us (e.g. via contact form or email), or when creating a customer account.

Mandatory fields are marked as such because this data is required for contract processing or handling your inquiry.

Typical data includes:

  • Name
  • Address
  • Email address
  • Phone number
  • Order and payment details

We process this data pursuant to Art. 6 (1) lit. b GDPR to fulfill contracts and respond to inquiries.

If you consent to creating a customer account (Art. 6 (1) lit. a GDPR), we use your data for account creation.

After full contract completion or deletion of your customer account, your data will be restricted and deleted after the expiration of statutory retention periods unless further use is legally permitted or consented to.
Customer accounts can be deleted at any time.

3. Data Sharing

Shipping & Payment Providers

To fulfill contracts, we share data with shipping providers and payment service providers as required for delivery and payment processing.

Depending on the payment method chosen, payment data may be transmitted to banks or payment service providers. Their own privacy policies apply.

We also use an external merchandise management (ERP) system for order processing.

Some shipping or payment providers may be located outside the EU, but data transfer occurs only where necessary for contract fulfillment.

Shipping Notifications

If you give explicit consent, we may share your email address and phone number with the selected shipping provider to enable delivery notifications.
You may withdraw consent at any time.

4. Age Verification

If your order includes age-restricted products, we use SCHUFA IdentitätsCheck to verify the required minimum age.

Data shared may include:

  • Name
  • Address
  • Date of birth

This is solely for age verification; no credit check is performed.

5. Debt Collection

If payment remains outstanding despite reminders, we may transfer your data to a debt collection agency to enforce our payment claims, pursuant to Art. 6 (1) lit. b and f GDPR.

6. Email Newsletter and Postal Advertising

Newsletter

If you subscribe to our newsletter, we use your email address to send regular newsletters based on your consent (Art. 6 (1) lit. a GDPR).
You may unsubscribe at any time.

Postal Advertising

We may use your name and postal address for promotional mailings based on legitimate interest (Art. 6 (1) lit. f GDPR). You may object at any time.

7. Payment Processing & Credit Checks

For purchases on account, identity and credit checks may be performed via:

  • SCHUFA Holding AG

  • Creditreform Boniversum GmbH

Data is deleted after completion unless legal retention applies.

8. Cookies and Consent Management

We use cookies to enable website functionality, analytics, and marketing, subject to your consent (Art. 6 (1) lit. a GDPR).

You can manage cookie settings in your browser at any time.

Usercentrics

We use Usercentrics Consent Management Platform to manage and document user consent.

Data processed includes:

  • Anonymized IP address
  • Consent status
  • Date and time
  • Browser and device information

Data is stored for up to three years.

9. Web Analytics

Google Analytics & Google Signals

With your consent, we use Google Analytics to analyze website usage.

Data includes:

  • Anonymized IP address
  • Usage behavior
  • Device and browser data

Data may be transferred to servers in the USA. IP anonymization is enabled.

10. Online Marketing & Advertising

Google Ads Remarketing

Used to display interest-based advertising via cookies, subject to consent.

Affiliate Programs

We participate in affiliate programs including:

  • AWIN (Affilinet)

  • Amazon Partner Program

These use cookies to track referrals and purchases.

11. Additional Technologies

We may use additional tools (analytics, marketing, plugins). Full details and legal bases are available via the Usercentrics consent interface.

12. Maps, Security & Fonts

We use:

  • Google Maps (location display)
  • Google reCAPTCHA (spam protection)
  • Google Fonts (consistent typography)

These services may process IP address and usage data.

13. Social Media

We use social media buttons and maintain presences on:

  • Facebook
  • Instagram
  • Twitter
  • Pinterest
  • WhatsApp

Data processing is governed by the respective platforms’ privacy policies.

14. Review Reminder Emails

With your consent, we may send review reminder emails after purchase. You may withdraw consent at any time.

15. Your Rights

You have the right to:

  • Access your data (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Deletion (Art. 17 GDPR)
  • Restriction (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)
  • Object to processing (Art. 21 GDPR)

For questions or requests, please contact us using the details in our imprint.

Privacy Policy created using the Trusted Shops legal text generator in cooperation with FÖHLISCH Attorneys at Law.