HushHour

Privacy Policy

Last updated: May 2026

1. Controller

Robin Gutsche (Sole proprietorship)
Waldingstraße 30
22391 Hamburg, Germany
Email: hushhourcosmetics@gmail.com

2. Purpose of this statement

This Privacy Policy informs you in accordance with Articles 13 and 14 GDPR about which personal data we process when you visit our shop, place an order, or communicate with us.

3. Website access / server logs

When you visit the shop, technically necessary data is processed (IP address, date and time, page accessed, browser, referrer). The legal basis is Art. 6(1)(f) GDPR; our legitimate interest lies in stable operation and IT security. This data is deleted or anonymized after a short period.

4. Shopify shop platform

Our shop runs on the platform of Shopify International Limited (Victoria Buildings, 1–2 Haddington Road, Dublin 4, Ireland). Shopify processes the data necessary for providing the shop, processing orders, and payment on our behalf. Data transfer to the USA (Shopify Inc.) may occur and is protected on the basis of Standard Contractual Clauses and the EU–US Data Privacy Framework.

5. Order processing

For orders, we process the data you provide during ordering (name, delivery address, billing address, email, phone, payment data, order data). The legal basis is Art. 6(1)(b) GDPR (contract performance). We share this data with our shipping service providers, payment service providers, and, where applicable, tax advisors, to the extent necessary for order processing or legal retention obligations.

6. Payment providers

For payments we use external providers (e.g. Shopify Payments, Klarna, PayPal, SEPA providers). These process your payment data under their own responsibility. We recommend reading their privacy policies separately. Data is only transmitted to the provider whose payment method you choose.

7. Shipping partners

We transmit your name, address, and, where applicable, email/phone to the courier you select or one we appoint (e.g. DHL, DPD, UPS) to deliver your order. Legal basis: Art. 6(1)(b) GDPR.

8. Customer account

You can optionally create a customer account. We process your master data and order history on the basis of Art. 6(1)(b) GDPR. You can have your account deleted at any time.

9. Contact

If you write to us by email or contact form, we process the data you provide to answer your inquiry. Legal basis: Art. 6(1)(b) or (f) GDPR.

10. Newsletter

If you sign up for our newsletter, we process your email address on the basis of your consent (Art. 6(1)(a) GDPR). Sign-up is via double opt-in. You can withdraw your consent at any time using the unsubscribe link in the newsletter.

11. Cookies and tracking

We use technically necessary cookies to keep the shop and shopping cart functional (legal basis: § 25(2) TDDDG). For non-essential cookies (e.g. analytics or marketing), we obtain your consent via a cookie banner (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG). You can adjust or withdraw your consent at any time.

12. Retention period

We only store personal data as long as required for the stated purposes or as required by statutory retention periods (in particular § 257 HGB / § 147 AO — up to 10 years for accounting-relevant documents).

13. Your rights

Under the GDPR, you have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21). You can withdraw any consent given at any time with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22, 20459 Hamburg, Germany