Privacy policy

1. scope of application

This privacy policy applies to the website laduti.de (including all subpages) and the online services offered via it (store, customer account, contact).

2. Principles of data processing

We only process personal data to the extent permitted by law. Legal basis according to Art. 6 para. 1 GDPR:

b - Contract fulfillment and pre-contractual measures (e.g. orders, customer account, support)
c - legal obligation (e.g. retention obligations)
f - legitimate interests (e.g. secure, economical and user-friendly provision of the website, prevention of abuse/fraud)
a - Consent (e.g. statistics/marketing cookies, Google Ads measurement)

3. Categories of processed data

Master data (name, address), contact data (e-mail, telephone number)
Contract and order data (products, prices, payment and shipping information, invoice data)
Account and login data (if customer account is created)
Usage, log and device data (IP address, access time, user agent, referrer, cookies/consent status)
Geodata at country level for price/dispatch determination (see section 11)

4. Hosting, security & content delivery

We use professional hosting and security services for secure and efficient provision. Among other things, IP addresses, time stamps, retrieved content and error logs are processed to ensure the operation, availability and security of the website. The legal basis is Art. 6 para. 1 lit. f GDPR.

5. Server log files

Server log files (IP address in abbreviated or complete form, date/time, retrieved file/URL, amount of data transferred, notification of successful retrieval, browser type and version, operating system) are automatically saved each time a page is accessed. The log files are stored for a short period of time for security reasons (e.g. to investigate misuse or fraud) and then deleted. Legal basis: Art. 6 para. 1 lit. f GDPR.

6. Cookies, consent management & revocation

We use cookies and similar technologies. Necessary cookies are essential for operation (Art. 6 para. 1 lit. f GDPR). For statistics/marketing technologies, we obtain your consent in advance (Art. 6 para. 1 lit. a GDPR).

You can change or revoke your consent at any time with effect for the future (e.g. via the cookie settings in the footer or your browser/device configuration menu).

7. Web analytics (Google Analytics 4) & consent mode

If you consent, we use Google Analytics 4 to measure reach. Usage data (e.g. page views, interactions) is processed; IP addresses are truncated. We use Google Consent Mode, which only sends aggregated, cookie-free pings in the absence of consent. Legal basis: Art. 6 para. 1 lit. a GDPR.

Recipient: Google Ireland Limited (processing in the EU) and, if applicable, Google LLC (USA). Transfers to third countries take place on the basis of suitable guarantees (e.g. standard contractual clauses). Storage duration of event data in GA4: generally 2-14 months (depending on configuration).

8. Tag management (Google Tag Manager)

The Google Tag Manager is used for the central administration of scripts/tags. The GTM itself does not process any user data for its own purposes; downstream services are only triggered in accordance with your consent. Legal basis: Art. 6 para. 1 lit. f or lit. a GDPR (depending on the tag).

9. Marketing/conversion measurement (Google Ads)

With your consent, we use Google Ads conversion measurement and - if applicable - remarketing. Interaction data is processed in order to measure the effectiveness of ads and (if activated) to display targeted advertising. Legal basis: Art. 6 para. 1 lit. a GDPR.

Enhanced Conversions: If you give your consent as part of the purchase, hashed contact details (e.g. email, hashed with SHA-256) can be transmitted to Google in order to assign orders with advertising clicks. This improves the accuracy of measurement without transmitting plain text. Legal basis: Art. 6 para. 1 lit. a GDPR.

10. Store functions (WooCommerce) & country prices

We use WooCommerce to process orders. We process the data you enter to fulfill the contract (Art. 6 para. 1 lit. b GDPR).

For a correct price/tax/shipping display, we use country detection based on the IP address and/or browser/checkout details (e.g. "Price Based on Country"). No exact movement profile is created; geolocalization takes place at country level. Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in correct presentation of offers).

11. Customer account

You can voluntarily create a customer account. The processing of the data required for this serves the purpose of convenient order processing and administration of your data. Legal basis: Art. 6 para. 1 lit. b GDPR. You can delete the account at any time; statutory retention obligations remain unaffected.

12. Payment processing (Stripe)

Depending on the method selected, payments are processed via the payment service provider Stripe. For this purpose, payment data, name, billing address and, if applicable, e-mail/telephone are transmitted to Stripe. Legal basis: Art. 6 para. 1 lit. b (contract), lit. f (fraud prevention), possibly lit. c (legal obligations) GDPR.

Recipient: Stripe Payments Europe, Ltd (EU) and, if applicable, affiliated Stripe companies (including USA). Transfers outside the EEA are made on the basis of suitable guarantees (e.g. standard contractual clauses).

13. Shipping, fulfillment & tracking

In order to fulfill the contract, we transmit the data required for shipping (name, address, e-mail/telephone for delivery information if applicable) to transport/logistics companies (e.g. DHL, DPD, UPS). Legal basis: Art. 6 para. 1 lit. b GDPR.

A fulfillment/back-office service provider may be used for order processing/automation (e.g. Billbee GmbH) and a shipment tracking service (e.g. "Parcel Panel"). Processing takes place within the framework of order processing in accordance with Art. 28 GDPR.

14. Product reviews & trust services (Trusted Shops)

A trust badge/widget from Trusted Shops may be integrated on our site to display ratings/trust signals and, if applicable, to send invitations to submit ratings (after purchase). Pseudonymous data (e.g. order/email hash) may be used for verification purposes. The legal basis is our legitimate interest (Art. 6 para. 1 lit. f GDPR) in a trustworthy presentation and - for rating invitations - Art. 6 para. 1 lit. a/b GDPR.

15. Languages & translation (TranslatePress)

We use a translation plugin for multilingual provision. It can store a functional cookie (e.g. language preference) to display the website in the language you have selected. Legal basis: Art. 6 para. 1 lit. f GDPR.

16. Communication (e-mail support)

If you contact us by e-mail, the data you provide will be processed for the purpose of processing your request. Legal basis: Art. 6 para. 1 lit. b or lit. f GDPR.

17. Data recipients, processors & third country transfers

We use carefully selected service providers (processors) for hosting, security, shipping, payment processing, shop/analytics/marketing functions. We have contracts with all service providers in accordance with Art. 28 GDPR.

If data is processed outside the EEA (e.g. USA, UAE), this only takes place if an adequacy decision exists or suitable guarantees are in place (e.g. EU standard contractual clauses) and additional protective measures are taken.

18. Storage period

Contract/order data: statutory commercial/tax periods (generally up to 10 years)
Customer account: until the account is deleted (provided there are no longer legal obligations to the contrary)
Contact requests: until final processing, then regular check for deletion requirements
Analysis/marketing data: in accordance with the respective tool configuration and until you withdraw your consent
Server logs: short-term (security/error analysis) and subsequent deletion/anonymization

19. Obligation to provide

The provision of personal data is necessary for the conclusion of a contract/order. Without this data, an order/contract processing is not possible. There is no obligation for optional analytics/marketing; these are only carried out with consent.

20. Your Rights

You have the following rights under the GDPR: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection to processing based on Art. 6 (1) (e) or (f) (Art. 21). If the processing is based on consent, you can withdraw this consent at any time with effect for the future (Art. 7 para. 3).

To exercise your rights, simply send an informal message to [email protected]. You also have the right to lodge a complaint with a data protection supervisory authority.

21. Minors

Our offer is not aimed at children. If we become aware of the processing of personal data of minors without the required consent, we will delete this data immediately.

22. Data Security

We take technical and organizational measures to protect personal data against loss, destruction, access, modification or dissemination by unauthorized persons (e.g. TLS encryption, access restrictions, backups).

23. Responsible party

Lazru Cosmetics Trading L.L.C
NGI Building, Office 902-34
Port Saeed, Dubai, VAE (UAE)
PO Box 12887
E-Mail: [email protected]

24. Changes to this privacy policy

We will adapt this declaration if the legal situation, services or processing changes. The current version is available on this page.

Status: August 27, 2025

Cookie	Duration	Description
__stripe_mid	1 year	Stripe sets this cookie to process payments.
__stripe_sid	1 hour	Stripe sets this cookie to process payments.
_wpfuuid	1 year 1 month 4 days	This cookie is used by the WPForms WordPress plugin. The cookie is used to allows the paid version of the plugin to connect entries by the same user and is used for some additional features like the Form Abandonment addon.
ad_personalization	11 months	Sets consent for personalized advertising.
ad_storage	11 months	Enables storage (such as cookies) related to advertising.
ad_user_data	11 months	Sets consent for sending user data related to advertising to Google.
analytics_storage	11 months	Enables storage (such as cookies) related to analytics e.g. visit duration.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
functionality_storage	11 months	Enables storage that supports the functionality of the website or app e.g. language settings.
personalization_storage	11 months	Enables storage related to personalization e.g. video recommendations
security_storage	11 months	Enables storage related to security such as authentication functionality, fraud prevention, and other user protection.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
sbjs_current	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie is used to enhance the visitor experience on the website.
sbjs_current_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie is used to enhance the visitor experience on the website.
sbjs_first	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie is used to enhance the visitor experience on the website.
sbjs_first_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie is used to enhance the visitor experience on the website.
sbjs_migrations	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie is used to enhance the visitor experience on the website.
sbjs_session	1 hour	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie is used to enhance the visitor experience on the website.
sbjs_udata	6 months	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioral cookie is used to enhance the visitor experience on the website.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
m	1 year 1 month 4 days	No description available.
woocommerce_recently_viewed	session	WooCommerce sets this cookie to store performed actions on the website.