Privacy policy

Last Updated: June 20, 2025

This Privacy Policy describes how barau.bio (the "Site," "we," "us," or "our") collects, uses, and shares your personal data when you visit www.barau.bio (the "Site"), use our services, make a purchase, or otherwise communicate with us regarding the Site (collectively, the "Services"). Throughout this Privacy Policy, "you" and "your" refer to you as a user of the Services, whether you are a customer, website visitor, or any other person whose information we collect under this Privacy Policy.

Please read this Privacy Policy carefully.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last Updated" date, and take any other steps required by law.

How We Collect and Use Your Personal Data

To provide the Services, we collect information as described below. The information we collect and use varies depending on how you interact with us.

Beyond the specific uses described below, we may use information collected about you to communicate with you, provide or improve the Services, fulfill all applicable legal obligations, enforce all applicable Terms of Service, and protect or defend the Services, our rights, and the rights of our users or others.

For security and to protect the transmission of personal data and other confidential information (such as orders or inquiries), this website uses SSL/TLS encryption. You can identify an encrypted connection by the "https://" in the URL and the padlock symbol in your browser's address bar.

What Personal Data We Collect

The type of personal data we collect depends on how you interact with our Site and use our Services. When we use the term "personal information," we refer to information that identifies you, relates to you, describes you, or can be connected to you. The following sections describe the categories and specific types of personal data we collect.

Information We Collect Directly From You

Information you provide directly to us through our Services may include:

Contact Data — including your name, address, phone number, and email address
Order Information — including your name, billing address, shipping address, payment confirmation, email address, and phone number
Account Information — including your username, password, security questions, and other information used to secure your customer account
Customer Support Information — including information you include in your communications with us, such as when you send us a message through the Services
Comments and Reviews — When you use the comments or review function on our Site (such as on our blog), we collect and publish your comment, the date and time of posting, and your chosen commenter name. We also log and store your IP address for security purposes and to address cases where comments or reviews violate third-party rights or contain unlawful content. We use your email address to contact you if a third party reports your published content as unlawful. The legal basis for collecting and storing this data is Articles 6(1)(b) and 6(1)(f) of the GDPR. We reserve the right to delete comments, including when reported as unlawful by third parties.

For some features of the Services, it may be necessary that you provide certain information about yourself directly to us. You can choose not to provide this information. However, this may result in you being unable to use or access certain features.

Information We Automatically Collect About Your Usage

We may also automatically collect certain information about your interaction with the Services ("Usage Data"). For this purpose, we may use cookies, pixels, and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and account, including device information, browser information, network connection information, your IP address, and other information about your interaction with the Services.

Information We Receive From Third Parties

Finally, we may receive information about you from third parties, including from vendors and service providers who collect information on our behalf, such as:

HOSTING AND PLATFORM SERVICES

Companies that support our Site and Services, such as Shopify. For hosting our website and displaying site content, we use the services of: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data may also be transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada; Shopify Data Processing (USA) Inc.; Shopify Payments (USA) Inc.; or Shopify (USA) Inc.

All data collected on our website is processed on the provider's servers. We have entered into a Data Processing Agreement with the provider that ensures protection of our website visitors' data and prohibits unauthorized sharing with third parties.

For data transfers to Canada, an adequate level of data protection is ensured through a European Commission adequacy decision.

For data transfers to the USA, the provider relies on European Commission Standard Contractual Clauses, which are intended to ensure compliance with European data protection standards.

PAYMENT PROCESSORS

Our payment processors (including Apple Pay, Klarna, PayPal, and Shopify Payments) collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payments, execute your orders, and provide you with requested products or services to fulfill our contract with you.

FULFILLMENT AND LOGISTICS

Our fulfillment center is responsible for order processing, shipment, returns handling, and logistics communication. This is Logiful GmbH, located at Ketziner Str. 122, 14476 Potsdam, Germany.

We have entered into a Data Processing Agreement with this provider that ensures protection of our website visitors' data and prohibits unauthorized sharing with third parties.

Your name, address, and other personal data are shared with the provider solely for the purposes stated above, in accordance with Article 6(1)(b) of the GDPR, and only to the extent necessary for these purposes.

TRACKING AND MARKETING TECHNOLOGIES

When you visit our Site, open emails we send to you, or interact with our Services or advertisements, we or third parties we work with may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

All information received from third parties is treated in accordance with this Privacy Policy.

How We Use Your Personal Data

Providing Products and Services

We use your personal data to provide the Services and fulfill our contract with you, including processing your payments, executing your orders, sending order confirmations and notifications about your account, purchases, returns, exchanges, and other transactions, creating and maintaining your customer account, organizing shipping, facilitating returns and exchanges, and other functions related to your account. We may also improve your shopping experience by enabling Shopify to match your account with other Shopify Services you may use. In such cases, Shopify processes your data according to its Privacy Policy and Consumer Data Privacy Policy.

Marketing and Advertising

We may use your personal data for marketing and advertising purposes, including sending marketing and promotional messages via email, SMS, or mail, and displaying advertisements for products or services. This may include using your personal data to better customize the Services and advertisements on our Site and other websites. If you are located in the EEA, the legal basis for this data processing activity is our legitimate interest in selling our products, as specified in Article 6(1)(f) of the GDPR.

Direct Marketing Via Email (Klaviyo)

We use Klaviyo (225 Franklin St, Boston, MA 02110, USA) to send our email newsletters. Based on our legitimate interest in effective and user-friendly newsletter marketing, we share the data you provide during newsletter signup with this provider in accordance with Article 6(1)(f) of the GDPR so they can send newsletters on our behalf.

With your explicit consent under Article 6(1)(a) of the GDPR, the provider also performs statistical evaluation of newsletter campaigns using web beacons and tracking pixels in sent emails, which can measure open rates and specific interactions with newsletter content. Device information (such as access time, IP address, browser type, and operating system) is also collected and evaluated but is not merged with other data. You can withdraw your consent to newsletter tracking at any time.

Product Availability Notifications

For temporarily unavailable items, you may register to receive email product availability notifications. We send you a one-time email notification about the availability of your selected item. Only your email address is required; other information is optional and used to personalize communication. We use the double opt-in procedure to ensure you receive notifications only after you confirm your consent via a verification link sent to your email. By activating the confirmation link, you consent to our use of your personal data under Article 6(1)(a) of the GDPR. We store your ISP-registered IP address and the date and time of signup to prevent misuse. Data collected is strictly used for this purpose. You can unsubscribe from availability notifications at any time. After unsubscribing, your email address is immediately deleted from the distribution list unless you explicitly consent to further use.

Security and Fraud Prevention

We use your personal data to detect, investigate, and take action against potentially fraudulent, illegal, or malicious activities. If you register a customer account, you are responsible for keeping your login information secure. We strongly recommend not sharing your username, password, or other access credentials with third parties. If you believe your account has been compromised, contact us immediately. If you are located in the EEA, the legal basis for this processing is our legitimate interest in ensuring the security of our website for you and other customers, as specified in Article 6(1)(f) of the GDPR.

Communication and Service Improvement

We use your personal data to provide customer support and improve our Services. This is in our legitimate interest to respond to you, provide effective services, and maintain our business relationship with you, as specified in Article 6(1)(f) of the GDPR.

Cookies and Tracking Technologies

Like many other websites, we use cookies to make your visit to our Site attractive and enable the use of certain functions. Cookies are small text files placed on your device. Some cookies are automatically deleted when you close your browser (session cookies), while others remain on your device for longer periods and allow us to save your Site preferences (persistent cookies). The duration of storage can be found in your web browser's cookie settings. For more information about cookies we use in connection with our Shop via Shopify, visit https://www.shopify.com/legal/cookies.

Through cookies, we can operate and improve our Site and Services (including storing your actions and preferences), perform analytics, and better understand user interaction with the Services.

Where cookies process personal data, we process them either under Article 6(1)(b) GDPR for contract performance, Article 6(1)(a) GDPR when you provide explicit consent, or Article 6(1)(f) GDPR to protect our legitimate interest in the best possible functionality of the website and customer-friendly Site design.

Most browsers accept cookies by default. However, you can configure your browser to remove or reject cookies through browser settings. Please note that removing or blocking cookies may impair your user experience and cause some Services, including certain functions and general functionality, to not work properly or be unavailable. Additionally, blocking cookies cannot fully prevent us from sharing information with third parties, such as our advertising partners.

How We Share Personal Data

Under certain circumstances, we may share your personal data with third parties for contract fulfillment, legitimate purposes, and other reasons covered by this Privacy Policy. These circumstances include:

With vendors and other third parties who provide services on our behalf (e.g., IT management, payment processing, data analysis, customer support, cloud storage, order fulfillment, and shipping)
With business and marketing partners to provide Services and advertise to you. Our business and marketing partners use your data according to their own privacy policies
If you instruct, request, or otherwise authorize us to share certain information with third parties, for example to ship products or through your use of social media widgets or login integrations
In connection with a business transaction such as a merger or bankruptcy, to comply with all applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce all applicable Terms of Service, and to protect or defend the Services, our rights, and the rights of our users or others

We share the following categories of personal data about users for the stated purposes:

Identifiers: Basic contact data and certain order and account information
Commercial Information: Order information, purchase information, and customer support information
Internet/Network Activity: Usage data
Geolocation Data: Locations determined via IP address or other technical means

RECIPIENTS:

Vendors and third parties providing services on our behalf (internet service providers, payment processors, fulfillment partners, customer support partners, data analytics providers)
Business and marketing partners
Affiliates

Without your consent, we do not use or disclose personal data for purposes beyond those stated. With your consent, we share personal data for marketing and advertising purposes as described above.

Payment Processors

Apple Pay

If you select the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing occurs through the "Apple Pay" function on your iOS, watchOS, or macOS device by charging a payment card stored in "Apple Pay." Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. To authorize a payment, you must enter a code you previously set and verify using "Face ID" or "Touch ID."

For payment processing, your information provided during checkout and order details are transmitted in encrypted form to Apple. Apple re-encrypts this data with a developer-specific key before transmitting it to the payment processor of your stored payment card. Encryption ensures that only the website where the purchase was made can access payment data. After payment is completed, Apple sends your device account number and a transaction-specific, dynamic security code to the original website for payment confirmation.

When personal data is processed in these transmissions, processing occurs solely for payment processing purposes under Article 6(1)(b) GDPR.

Apple retains anonymized transaction data, including approximate purchase amount, approximate date and time, and whether the transaction was successful. This anonymization eliminates any personal reference. Apple uses anonymized data to improve "Apple Pay" and other Apple products and services.

When using Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and authorization device communicate over an encrypted channel on Apple servers. Apple does not process or store this information in a format that identifies you. You can disable Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac."

For further privacy information about Apple Pay, visit: https://support.apple.com/de-de/HT203027

Klarna

One or more online payment methods of the following provider are available on our Site: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

When you select a payment method where you pay in advance (similar to credit card payment), we transmit your payment data provided during checkout (including name, address, bank and card information, currency, and transaction number) and information about your order contents to this provider under Article 6(1)(b) GDPR. Your data is transmitted solely for payment processing with the provider and only to the extent necessary.

When you select a payment method where the provider pays in advance (such as invoice, installment, or direct debit), you will be asked during checkout to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and potentially alternative payment method information).

To protect our legitimate interest in determining our customers' creditworthiness, we transmit this data to the provider under Article 6(1)(f) GDPR for credit checking purposes. The provider evaluates whether your selected payment method can be approved based on your provided personal data and other information (such as shopping cart, invoice amount, order history, payment experience).

In making this assessment decision, the provider may include identity and creditworthiness information from the following credit agencies under Article 6(1)(f) GDPR:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

Credit reports may contain probability values (score values). Where score values are included in credit assessment results, they are based on scientifically recognized mathematical-statistical methods. Score value calculations include, among other factors, address data.

You can object to this processing of your data at any time by contacting us or the provider. However, the provider may continue to process your personal data if necessary for contract-compliant payment processing.

PayPal

One or more online payment methods of the following provider are available on our Site: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

When you select a payment method where you pay in advance, we transmit your payment data provided during checkout (including name, address, bank and card information, currency, and transaction number) and information about your order contents to this provider under Article 6(1)(b) GDPR. Your data is transmitted solely for payment processing with the provider and only to the extent necessary.

When you select a payment method where we pay in advance, you will be asked during checkout to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and potentially alternative payment method information).

To protect our legitimate interest in determining your creditworthiness, we transmit this data to the provider under Article 6(1)(f) GDPR for credit checking purposes. The provider evaluates whether your selected payment method can be approved based on your provided personal data and other information (such as shopping cart, invoice amount, order history, payment experience).

Shopify Payments

One or more online payment methods of the following provider are available on our Site: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

When you select a payment method where you pay in advance (such as credit card payment), we transmit your payment data provided during checkout (including name, address, bank and card information, currency, and transaction number) and information about your order contents to this provider under Article 6(1)(b) GDPR. Your data is transmitted solely for payment processing with the provider and only to the extent necessary.

Third-Party Websites and Links

Our Site may contain links to websites or other online platforms operated by third parties. When you follow links to websites that are not affiliated with or controlled by us, you should review their privacy and security policies and other terms of service. We make no warranty and assume no responsibility for the privacy or security of such websites, including the accuracy, completeness, or reliability of information found on such websites. Information you provide in public or semi-public places, including information you share on third-party social networking platforms, may be viewed by other users of the Services and/or users of these platforms without restriction on our or third parties' use. Our inclusion of such links does not constitute automatic endorsement of such platforms' content or their owners/operators, except as disclosed in the Services.

Web Analytics Services

Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables analysis of your use of our website.

By default, when visiting the website, Google (Universal) Analytics sets cookies that are stored as small text files on your device and collect certain information. This information includes your IP address, which Google shortens by removing the last digits to exclude direct personal identification.

The information is transmitted to Google servers for further processing. This may include transmissions to Google LLC located in the USA.

Google uses the collected information on our behalf to evaluate your Site usage, compile reports on website activities for us, and provide other services related to website usage and internet usage. The shortened IP address transmitted by your browser in Google Analytics is not merged with other Google data. Data collected through Google (Universal) Analytics is stored for two months and then deleted.

All processing described above, particularly the setting of cookies on your device, occurs only if you have given us explicit consent under Article 6(1)(a) GDPR.

Without your consent, Google (Universal) Analytics is not used during your Site visit. You can withdraw your consent at any time. To exercise your withdrawal right, please disable this service using the "Cookie Consent Tool" provided on our Site.

We have entered into a Data Processing Agreement with Google that ensures protection of our website visitors' data and prohibits unauthorized sharing with third parties.

Further legal information about Google (Universal) Analytics can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de, and https://policies.google.com/technologies/partner-sites

Demographic Features

Google (Universal) Analytics uses the special "Demographic Features" function to create statistics about the age, gender, and interests of Site visitors. This occurs through analysis of third-party advertising and information. This allows target audiences to be identified for marketing activities. Collected data cannot be assigned to any specific person and is deleted after storage for two months.

Google Signals

As an extension to Google (Universal) Analytics, Google Signals may be used on our Site to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may, subject to your consent to use Google Analytics under Article 6(1)(a) GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the "Personalized Ads" function in your Google account settings. Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de. Further information about Google Signals can be found at: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs

As an extension to Google (Universal) Analytics, the "UserIDs" feature may be used on our Site. If you consent to Google (Universal) Analytics use under Article 6(1)(a) GDPR, have set up an account on our Site, and log in to that account from various devices, your activities, including conversions, can be analyzed across devices.

For data transmissions to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on a European Commission adequacy decision.

Retargeting/Remarketing and Conversion Tracking

Meta Pixel

Within our online offering, we use the service "Meta Pixel" of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta")

When a user clicks on an advertisement we place on Facebook and/or Instagram, the URL of our linked page is extended with a parameter using "Meta Pixel." This URL parameter is then entered into the user's browser as a cookie set by our linked page itself.

On one hand, this enables Meta to determine visitors to our online offering as a target audience for displaying advertisements (so-called "Ads"). Accordingly, we use this service to display Facebook and/or Instagram ads only to users who have shown interest in our online offering or who have certain characteristics (e.g., interests in specific topics or products determined from visited websites) that we transmit to Meta (so-called "Custom Audiences").

On the other hand, "Meta Pixel" can track whether users are redirected to our website after clicking an advertisement and what actions they perform there (so-called "Conversion Tracking").

The data collected is anonymous to us, providing no insights into user identity. However, Meta stores and processes the data such that connection to the respective user profile is possible, and Meta may use the data for its own advertising purposes.

All processing described above, particularly the setting of cookies to read information from your device, is performed only when you have given us explicit consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time, effective for the future, by disabling this service in the "Cookie Consent Tool" provided on our website.

We have entered into a Data Processing Agreement with the provider that ensures protection of our website visitors' data and prohibits unauthorized sharing with third parties.

Information generated by Meta is typically transmitted to a Meta server and stored there; this may also include transmission to Meta Platforms Inc. servers in the USA.

Google Ads Conversion Tracking

This website uses the online advertising program "Google Ads" and the Conversion Tracking feature of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

We use Google Ads to draw attention to our attractive offers on external websites through advertising media (so-called Google Adwords). Regarding advertising campaign data, we can determine how successful individual advertising measures are. We aim to display advertising of interest to you, make our Site more interesting for you, and ensure fair calculation of advertising costs.

The conversion tracking cookie is set when a user clicks on an advertisement placed by Google. Cookies are small text files stored on your device. These cookies typically expire after 30 days and do not serve personal identification. When the user visits certain sections of our Site and the cookie has not expired, Google and we can recognize that the user clicked the advertisement and was directed to this section. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across Google Ads customer websites. Information obtained through the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked their advertisement and were directed to a page tagged with a conversion tracking tag. However, they do not receive information that allows users to be personally identified.

As part of Google Ads use, personal data may be transmitted to Google LLC servers in the USA.

Details on processing triggered by Google Ads Conversion Tracking and Google's handling of website data can be found at: https://policies.google.com/technologies/partner-sites

All processing described above, particularly the setting of cookies to read information from your device, occurs only if you have given us explicit consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time, effective for the future, by disabling this service in the "Cookie Consent Tool" provided on our Site.

You can also permanently object to setting cookies through Google Ads Conversion Tracking by downloading and installing the Google browser plugin available at the following link: https://www.google.com/settings/ads/plugin?hl=de

To address users whose data we have received in the course of business or business-like relationships with more targeted advertising, we use a customer matching function within Google Ads. To do this, we transmit one or more files with aggregated customer data (particularly email addresses and phone numbers) electronically to Google. Google does not receive access to clear data; instead, it automatically encrypts information in customer files during transmission using a special algorithm. Google can then only use the encrypted information to assign it to existing Google accounts that the individuals have established. This enables personalized advertising to be delivered across all Google services linked to the respective Google account.

Customer data is transmitted to Google only if you have given us explicit consent under Article 6(1)(a) GDPR. You can withdraw this consent from us at any time, effective for the future. Further information about Google's data protection measures regarding the customer matching function can be found here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182

Google's privacy policies can be viewed at: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

Google Marketing Platform

Our Site uses the online marketing tool Google Marketing Platform of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("GMP").

GMP uses cookies to display relevant ads for users, improve campaign performance reports, or prevent a user from seeing the same ad multiple times. Using a cookie ID, Google tracks which ads are displayed in which browser and can prevent multiple displays. Additionally, GMP can use cookie IDs to capture so-called conversions related to ad requests. This occurs, for example, when a user sees a GMP ad and later uses the same browser to visit the advertiser's website and makes a purchase. According to Google, GMP cookies contain no personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google's servers.

We have no control over the scope and further use of data collected through this tool by Google and inform you accordingly to the best of our knowledge: Through GMP integration, Google receives information that you accessed the corresponding part of our website or clicked one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, the provider may obtain and store your IP address. As part of GMP use, personal data may be transmitted to Google LLC servers in the USA.

All processing described above, particularly the setting of cookies to read information from your device, occurs only if you have given us explicit consent under Article 6(1)(a) GDPR. You can withdraw this consent at any time, effective for the future, by disabling this service in the "Cookie Consent Tool" provided on our Site.

GMP's privacy policies can be found at: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

Site Functionality

Facebook Plugins

Our Site uses plugins of the social network of the following provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

These plugins enable direct interaction with content on the social network.

To enhance protection of your data when visiting our website, the plugins are initially deactivated using so-called "2-Click" or "Shariff" solutions.

This integration ensures that when you access a page of our website containing such plugins, no connection is established with the provider's servers.

Only when you activate the plugins and, pursuant to Article 6(1)(a) GDPR, give your consent to data transmission, does your browser establish a direct connection to the provider's servers. In doing so, certain information about your device (including your IP address), your browser, and your page history is transmitted to the provider, regardless of whether you are logged into an existing user profile, and may be further processed.

If you are logged into an existing user profile on the provider's social network, information about interactions performed through the plugins is also published and displayed to your contacts.

You can withdraw your consent at any time by deactivating the activated plugin by clicking again. However, this withdrawal has no effect on data already transmitted to the provider.

Data may also be transmitted to: Meta Platforms Inc., USA

We have entered into a Data Processing Agreement with the provider that ensures protection of our website visitors' data and prohibits unauthorized sharing with third parties.

Instagram Plugins

Our Site uses plugins of the social network of the following provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

These plugins enable direct interaction with content on the social network.

To enhance protection of your data when visiting our website, the plugins are initially deactivated using so-called "2-Click" or "Shariff" solutions.

This integration ensures that when you access a page of our website containing such plugins, no connection is established with the provider's servers.

If you are logged into an existing user profile on the provider's social network, information about interactions performed through the plugins is also published and displayed to your contacts.

You can withdraw your consent at any time by deactivating the activated plugin by clicking again. However, this withdrawal has no effect on data already transmitted to the provider.

Data may also be transmitted to: Meta Platforms Inc., USA

We have entered into a Data Processing Agreement with the provider that ensures protection of our website visitors' data and prohibits unauthorized sharing with third parties.

Google Web Fonts

Our Site uses web fonts for uniform display of typefaces from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

When you visit a page, your browser loads the required web fonts into your browser cache to display text and typefaces correctly and establishes a direct connection to the provider's servers. Certain browser information, including your IP address, is transmitted to the provider.

Data may also be transmitted to: Google LLC, USA

The processing of personal data in the course of connecting with the font provider occurs only if you have given us explicit consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time, effective for the future, by disabling this service through the "Cookie Consent Tool" provided on our Site. If your browser does not support web fonts, a standard font from your computer will be used.

Further privacy information from Google can be found at: https://business.safety.google/intl/de/privacy/

Google Customer Reviews

We work with Google as part of the "Google Customer Reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This program enables us to obtain customer reviews from users of our Site. After a purchase on our Site, you are asked whether you would like to participate in an email survey from Google.

If you give your consent pursuant to Article 6(1)(a) GDPR, we transmit your email address to Google. You receive an email from Google Customer Reviews asking you to rate your purchase experience on our Site. Your submitted rating is then combined with our other ratings and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. Your rating is also used for Google Seller Ratings. As part of Google Customer Reviews use, personal data may be transmitted to Google LLC servers in the USA.

You can withdraw your consent at any time by contacting the data controller or Google.

Further privacy information from Google can be found at: https://business.safety.google/intl/de/privacy/

Children's Data

The Services are not intended for use by children, and we do not knowingly collect personal data from children. If you are a parent or guardian of a child who has provided us with personal data, you can contact us using the contact information below and request deletion of this data.

As of the effective date of this Privacy Policy, we have no actual knowledge that we "share" or "sell" personal data of persons under 16 years (as these terms are defined in applicable law).

Security and Retention of Your Data

Please note that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." Additionally, information you send to us may not be secure during transmission. We recommend that you do not use unsecured channels to send us sensitive or confidential information.

How long we retain your personal data depends on various factors, such as whether we need the data to manage your customer account, provide the Services, comply with legal obligations, resolve disputes, or enforce applicable agreements and policies.

When processing personal data for direct marketing purposes under Article 6(1)(f) GDPR, data is stored until you exercise your right to object under Article 21(2) GDPR.

Your Rights

Depending on where you live, you may have some or all of the following rights regarding your personal data. However, these rights are not absolute and apply only under certain circumstances. In certain cases, we may decline your request within the scope permitted by law.

Right of Access/Information — You may have the right to request access to the personal data we have stored about you, including details about how we use and share your data.
Right to Deletion — You may have the right to request deletion of the personal data we have stored about you.
Right to Correction — You may have the right to request correction of inaccurate personal data we have stored about you.
Right to Data Portability — You may have the right to receive a copy of the personal data we have stored about you and, under certain circumstances and with certain exceptions, request transfer of this data to third parties.
Right to Object to Sale, Sharing, or Targeted Advertising — If we process your personal data based on our legitimate interest assessment, you have the right to object to this processing at any time based on reasons arising from your particular situation. If we process your personal data for direct marketing purposes, you have the right to object at any time to processing of your data for such purposes. You can exercise this right by contacting us using the contact information below. If you object, we will cease processing the affected data. A further processing is reserved if we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if processing serves to establish, exercise, or defend legal claims.
Right to Restrict Processing — You may have the right to request that we stop or limit the processing of your personal data.
Right to Withdraw Consent — If we rely on your consent to process your personal data, you may have the right to withdraw this consent at any time.
Right to Appeal — If we reject your request, you may have the right to appeal our decision. You can appeal by responding to our rejection or contacting us using the contact information below.
Managing Communication Preferences — We may send you promotional emails, and you can opt out of receiving these at any time by using the unsubscribe option displayed in our emails. If you unsubscribe, we may still send you non-promotional emails, such as those regarding your account or orders.

You can exercise these rights as specified on our Site or by contacting us using the contact information below.

We will not discriminate against you for exercising these rights. We may need to collect information from you, such as your email address or customer account information, to verify your identity before providing a substantive response. Under applicable law, you may designate an authorized representative to make requests on your behalf. Before we accept such a request, we must receive proof from the representative that you have authorized them to act on your behalf. We may also need to confirm your identity directly with you. We will respond to your request as promptly as required by applicable law.

Complaints

If you have complaints about how we process your personal data, please contact us using the contact information below. If you are not satisfied with our response, depending on where you live, you may have the right to lodge a complaint with your local data protection authority. For the EEA, you can find a list of supervisory authorities here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

International Users

Please note that we may transfer, store, and process your personal data outside the country where you reside. Your personal data is processed by staff and external service providers and partners in these countries.

When we transfer personal data outside Europe, we rely on recognized transfer mechanisms such as the European Commission's Standard Contractual Clauses or equivalent agreements from the relevant UK authorities, unless the transfer is to a country determined to provide an adequate level of protection.

Contact

If you have questions about our data protection practices or this Privacy Policy, or wish to exercise any of your rights, please contact us by email at info@barau.bio or by mail at:

Barau by Bibi GmbH
Landshuter Straße 55
84030 Ergolding
Germany

Under applicable data protection laws and unless expressly stated otherwise, we are the controller responsible for your personal data.