Legal

Privacy Policy

We are committed to protecting your personal data and being transparent about how we collect, use and store it. This policy explains everything clearly.

Last UpdatedMay 2026
JurisdictionGermany / EU
RegulationGDPR Compliant
01 � Introduction

Who We Are

OlivHairSupply is a professional hair extension brand based in Berlin, Germany. We operate two salon locations and an online store through which we supply BiziLuxe premium hair products and professional services to clients across Europe and internationally.

This Privacy Policy explains how OlivHairSupply collects, uses, stores and protects your personal data when you visit our website, purchase products, book appointments or communicate with us. We are committed to full compliance with the General Data Protection Regulation (GDPR) and applicable German data protection law.

Data Controller: OlivHairSupply, Berlin, Germany. For all data-related enquiries contact us at info@olivhairsupply.de

02 � Information We Collect

What We Collect

We collect personal data only when it is necessary to provide our services or fulfil a legal obligation. The information we may collect includes:

Full name, email address and phone number when you make a purchase, book an appointment or contact us
Delivery and billing address for order fulfilment
Payment information processed securely via our payment providers � we never store card details
Appointment preferences, service history and stylist notes when you book with us
Business details including VAT number and company name when you apply for a wholesale account
Website usage data including IP address, browser type and pages visited via cookies and analytics tools
Communications you send us via contact forms, email or WhatsApp
03 � How We Use Your Information

How We Use Your Data

We use your personal data only for the purposes it was collected for. We never use your data for purposes that are incompatible with the original reason it was provided.

PurposeData UsedLegal Basis
Processing and fulfilling your ordersName, address, email, payment infoContract performance
Booking and managing appointmentsName, email, phone, service preferencesContract performance
Customer service and supportName, email, order historyLegitimate interest
Sending order and appointment confirmationsEmail, booking detailsContract performance
Marketing communications (with consent)Email, nameConsent
Wholesale account managementBusiness details, order historyContract performance
Website analytics and improvementUsage data, cookiesLegitimate interest
Legal and regulatory complianceAs required by lawLegal obligation
04 � Legal Basis for Processing

Our Legal Basis

Under the GDPR we are required to have a lawful basis for processing your personal data. We rely on the following legal bases:

Contract performance � processing is necessary to fulfil your order or appointment booking
Legitimate interests � processing supports our business operations in a way that does not override your rights
Consent � where you have explicitly opted in, such as for marketing emails
Legal obligation � where we are required by law to retain or share your data

Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time by contacting us or clicking unsubscribe in any email we send.

05 � Data Sharing

Who We Share With

We do not sell, rent or trade your personal data. We share it only with trusted third parties who are necessary for us to deliver our services, and only to the extent required.

Payment processors such as Stripe and PayPal to handle secure transactions
Shopify as our e-commerce platform provider who hosts and processes order data on our behalf
Shipping and logistics partners to fulfil and deliver your orders
Email marketing platforms where you have consented to receive communications from us
Analytics providers such as Google Analytics to help us understand how our website is used
Regulatory authorities or law enforcement where we are legally required to disclose information

All third-party processors we work with are required to handle your data in accordance with GDPR and applicable data protection law. We do not authorise them to use your data for their own purposes.

06 � Data Retention

How Long We Keep It

We retain your personal data only for as long as is necessary for the purposes it was collected or as required by law.

Order and transaction records are retained for a minimum of 10 years in accordance with German commercial law
Appointment records are retained for up to 3 years after your last appointment
Marketing consent records are retained until you withdraw consent
Website usage and analytics data is retained in aggregated form and not linked to individual identities
Wholesale account data is retained for the duration of the account and up to 5 years after closure

When data is no longer required, we delete or anonymise it securely. You may request earlier deletion of your personal data subject to any legal retention requirements.

07 � Your Rights

Your Rights

Under the GDPR you have the following rights regarding your personal data. We will respond to all requests within 30 days.

Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we use it.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request that we delete your personal data where there is no legitimate reason for us to continue holding it.

Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transfer it to another organisation.

Right to Object

You have the right to object to our processing of your personal data where we rely on legitimate interests or where we use it for direct marketing.

To exercise any of these rights, contact us at info@olivhairsupply.de. You also have the right to lodge a complaint with the relevant data protection authority in Germany: Berliner Beauftragte fur Datenschutz und Informationsfreiheit.

08 � Cookies

Cookies and Tracking

Our website uses cookies and similar tracking technologies to improve your experience, understand how our site is used and support our marketing efforts.

Essential cookies are necessary for the website to function and cannot be disabled
Analytics cookies help us understand traffic and usage patterns to improve the site
Marketing cookies are used to deliver relevant advertising and track campaign performance
Preference cookies remember your settings and choices to personalise your experience

You can manage or withdraw your cookie consent at any time through your browser settings or our cookie preference centre. Disabling certain cookies may affect the functionality of the site.

09 � Third Party Links

External Links

Our website may contain links to third party websites including social media platforms, payment providers and partner services. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before providing any personal data.

The inclusion of a link on our website does not constitute an endorsement of that website or its content.

10 � Security

How We Protect Your Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction or disclosure.

All data transmission is encrypted using SSL/TLS technology
Payment processing is handled exclusively by PCI-DSS compliant providers
Access to personal data is restricted to authorised staff members only
We regularly review and update our security practices

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform you where required by law.

11 � International Transfers

International Data Transfers

Some of our third party service providers operate outside the European Economic Area. Where we transfer personal data internationally, we ensure appropriate safeguards are in place including Standard Contractual Clauses approved by the European Commission or transfers to countries with an adequate level of protection as determined by the European Commission.

Shopify, our e-commerce platform, is headquartered in Canada which has been recognised by the European Commission as providing an adequate level of data protection.

12 � Children

Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.

13 � Changes to This Policy

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make material changes we will update the date at the top of this page and notify you by email where appropriate.

We encourage you to review this policy periodically. Continued use of our website or services following any update constitutes acceptance of the revised policy.

14 � Contact Us

Questions About Your Privacy

If you have any questions about this Privacy Policy, wish to exercise your data rights or have a concern about how we handle your personal data, please contact us directly.

Email: info@olivhairsupply.de
WhatsApp: +49 157 862 83439
Location: Berlin, Germany

We aim to respond to all privacy-related enquiries within 5 business days. For formal data subject access requests we will respond within 30 days as required by law.

We Are Here

We are always available to clarify

If anything in this policy is unclear or you have questions about your personal data, our team is available to help.

Contact Us
The OlivHairSupply Edit

Join the OlivHairSupply Edit

Exclusive drops, expert hair tips, and luxury updates � straight to your inbox.

No spam. Unsubscribe at any time.