Preamble

The following Privacy Policy and Cookie Guidelines (together the “Privacy Policy”) relate to the data used on www.lkesthetics.de (the “Website”).

The entity responsible for your personal data is LK Esthetics (Registered office: Friedrichstraße 36, 73033 Göppingen) (“we,” “our,” or “us”). You can contact us by email at datenschutz@lkesthetics.de.

This Privacy Policy informs you how we collect, store, and process data that can identify you—such as your email address, name, address, or other contact details you provide when using the Website (“Personal Information”)—and which cookies we use.

Please note: Data transmission over the internet carries risks and cannot be completely secured. Although LK Esthetics takes all reasonable steps to protect your personal data, we cannot guarantee complete security. Any data transmission to our website is done at your own risk.

It’s important that all information you provide to us during platform registration or use is truthful and up to date (e.g., correct contact details).

Structure of This Privacy Policy

  1. Information on data processing
  2. Purpose of processing personal data
  3. Withdrawal of consent
  4. Data sharing and transfer
  5. Your rights
  6. Contact
  7. Changes to this privacy policy
  8. Data transfers to third countries
  9. Data retention period
  10. Cookie policy

1. Information on Data Processing

Certain personal data is collected and processed when you visit or use the website or contact us. Examples include:

Applications

If you apply for a job at LK Esthetics, whether directly through our website, via an unsolicited application, recruitment agency, or third-party platform, the personal data you submit will be used only for recruitment purposes and deleted once a decision has been made.

User Account Creation & Login

When registering for an account, subscribing to newsletters, or interacting with the platform (e.g., reviews, survey responses), personal data may be provided, including potentially sensitive data relevant to the services booked or rated (e.g., health or ethnicity-related).

Do not provide third-party personal data unless that person has explicitly consented and been informed of how their data will be used.

Platform Usage

When visiting the website, data like device/browser info, location, IP address, advertising identifier, visit duration, and your activity on the site may be collected. This may be linked to your user account.

Contacting Us

When you contact us (e.g., via email or social media), the interaction is stored for 24 months, including content, contact info, and our reply.

Payments

When using our online payment options, encrypted credit/debit card data may be stored, processed either directly or via our payment provider, Stripe.

Legal Bases for Processing

Data is processed based on:

  • Your consent (Art. 6(1)(a) GDPR),
  • Contractual necessity (Art. 6(1)(b) GDPR),
  • Our legitimate interest (Art. 6(1)(f) GDPR), as long as your data protection rights are not overridden.

2. Purpose of Processing Personal Information

We use your data to:

  • Provide products and services,
  • Send marketing communications,
  • Offer customer support,
  • Process payments,
  • Display relevant advertising and platform updates.

2.1 Legal Obligations

Data may be disclosed to law enforcement or for enforcing our Terms of Use where legally required or justified.

2.2 Contractual Obligations

Data is used for communication, booking confirmations, reminders, payments, and account management.

2.3 Legitimate Interests

Data is also processed to:

  • Prevent fraud and ensure platform security,
  • Monitor terms compliance,
  • Exercise or defend legal claims,
  • Send personalized promotions (if no consent is required),
  • Analyze platform usage,
  • Publish user reviews,
  • Manage job applications (stored securely for one year unless deleted sooner).

2.4 Based on Consent

With your consent, we may:

  • Conduct surveys and market research,
  • Share data with third parties (e.g., beauty brands) for personalized messages,
  • Inform you about new services or offers,
  • Send push notifications and third-party ads,
  • Record support calls (with your permission).

3. Withdrawal of Consent

You may revoke consent at any time (Art. 7(3) GDPR). This means we must stop processing data that relied on that consent.

Marketing communications can also be opted out of by contacting datenschutz@lkesthetics.de or changing your app/device settings.

4. Data Sharing & Transfers

Your data is only shared with third parties when:

  • Legally required or permitted,
  • Necessary for service delivery (e.g., your name/profile photo to beauty providers),
  • Managed by our payment provider, Stripe (see: Stripe Privacy),
  • Needed for third-party service support (e.g., website hosting, analytics, social media),
  • Conducting marketing campaigns or business restructuring (mergers/acquisitions).

We currently work with:

  • HubSpot
  • Facebook
  • Google

Publicly posted content (e.g., reviews) may be accessed by third parties. We are not responsible for third-party sites or their privacy practices.

5. Your Rights Under GDPR

As a data subject, you have the right to:

5.1 Withdraw Consent

At any time (Art. 7(3) GDPR).

5.2 Access Your Data

Request access to all personal data we process about you (Art. 15 GDPR).

5.3 Correct Inaccurate Data

Update or correct your data (Art. 16 GDPR).

5.4 Request Deletion

Under certain conditions (Art. 17 GDPR), request deletion of your data.

5.5 Restrict Processing

Temporarily or permanently restrict processing under Art. 18 GDPR.

5.6 Notification Right

Request notification of rectification, deletion, or processing restrictions (Art. 19 GDPR).

5.7 Data Portability

Receive your data in a machine-readable format (Art. 20 GDPR).

5.8 Object to Processing

Object to data processing under Art. 21 GDPR, unless we demonstrate overriding legitimate grounds.

5.9 Lodge a Complaint

With the relevant data protection authority:
 State Commissioner for Data Protection in North Rhine-Westphalia
 Kavalleriestraße 2-4, 40213 Düsseldorf

Please contact us first if you suspect misuse of your data.

6. Contact

If you have any questions or wish to exercise your rights, contact:
 Lina Krhlikar
 📧 datenschutz@lkesthetics.de

7. Changes to This Privacy Policy

This policy is regularly updated. The current version is always available on the platform.

8. Data Transfers to Third Countries

We process data outside the EEA only where appropriate safeguards exist. Priority is given to countries with adequate protection (e.g., Germany, EU, Canada, Japan). If data is sent to countries without adequate protection, it is secured via EU Standard Contractual Clauses. You can request a copy at datenschutz@lkesthetics.de.

9. Data Retention Period

We delete or anonymize your data once it is no longer needed. Typically, we retain your data for the duration of your account + 7 days for backups, unless required for legal reasons.

Some data (e.g., for tax purposes) may be stored longer due to legal obligations.

Effective as of: May 2024