PearlSmile Logo. Link to home page.

Privacy Policy

Last updated: 14.11.2025

1. Introduction

We are pleased that you are visiting our website and thank you for your interest in our products. In this privacy policy we inform you about the processing of personal data when you use our website and our online services.
Personal data means any information relating to an identified or identifiable natural person.
This privacy policy applies to the website of Pearl Smile GmbH (including all subpages) and, where explicitly stated, to our social media pages.

Phone: +49 (0) 211 416 670 89
Email: info@pearlsmile.de
Website: www.pearlsmile.de

2. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Pearl Smile GmbH
Adersstraße 21
D-40215 Düsseldorf
Germany

Phone: +49 (0)211 416 670 89
E-mail: inquiries@pearlsmile.de

Website: www.pearlsmile.de / www.pearlsmile.com

We have not appointed a separate data protection officer. For all questions regarding data protection and the exercise of your rights, you can contact us using the above contact details (keyword: “Data protection”).

3. Data protection officer

You can contact our data protection officer at:

Pearl Smile GmbH – Data protection officer
Adersstraße 21
D-40215 Düsseldorf
Germany

E-mail: inquiries@pearlsmile.de

4. Scope, data sources and categories of data

We process personal data that you provide to us yourself, for example
  • when visiting our website
  • when you contact us
  • when you create a customer account
  • when you place an order
  • when you subscribe to a newsletter (if offered)
  • when you interact with us on social media
In addition, we may process personal data that is automatically collected when you visit our website (for example server log files, cookies, tracking data) or which we receive from third parties in a permissible manner (for example payment service providers, shipping companies, technical service providers).
Depending on the situation, the following categories of personal data may be processed in particular:
  • master data (for example name, address, contact details)
  • contract and order data (for example ordered products, amounts, invoices, payment status)
  • communication data (for example content of contact requests, correspondence)
  • usage data (for example pages visited, access times, clicks, interactions)
  • technical data (for example IP address, browser type, operating system, device information, referrer URL)
  • marketing and consent data (for example newsletter consent, cookie consent, opt-outs)

5. Legal bases for processing

We process personal data on the basis of the following legal grounds:

  • Article 6(1)(a) GDPR – consent
    For example for the use of non-essential cookies and tracking technologies (Google Analytics 4, Meta/Facebook Pixel, Google Ads Remarketing, TikTok Pixel, Pinterest Tag, Snapchat Pixel, embedded third-party content where consent is required) and for newsletter registration.
  • Article 6(1)(b) GDPR – performance of a contract or pre-contractual measures
    For example for processing orders, customer account management, responding to enquiries about our products and services.
  • Article 6(1)(c) GDPR – compliance with a legal obligation
    For example for tax and commercial law retention obligations.
  • Article 6(1)(f) GDPR – legitimate interests
    For example for ensuring the security and stability of the website, for fraud prevention, for basic reach measurement of the website where this can be done without intrusive tracking, and for certain direct marketing activities by post or to existing customers, where permitted.
Where processing is based on your consent, you may withdraw your consent at any time with effect for the future.
Where processing is based on legitimate interests, you have the right to object to the processing on grounds relating to your particular situation (see section “Your rights as data subject”).

6. Hosting, domain and technical service providers

Our website is hosted on servers of external service providers.
  • Current hosting provider:
    Host Europe GmbH
    (hereinafter “HostEurope”)
  • Domain provider / registrar (and possible additional hosting in future):
    IONOS SE
    (hereinafter “IONOS”)
In connection with hosting and technical provision of the website, HostEurope (and possibly IONOS in the future) process the data that is generated when you use the website (for example server log files). These service providers act as processors on our behalf and are contractually obliged to process the data only in accordance with our instructions (Article 28 GDPR).
Legal basis: Article 6(1)(f) GDPR (our legitimate interest in secure and efficient provision of our website) and, where necessary, Article 6(1)(b) GDPR (performance of contract, for example when you use our online shop).

7. Data processing when visiting our website (server log files)

When you visit our website for purely informational purposes, i.e. if you do not register or otherwise actively transmit information, we automatically collect and store the following data in so-called server log files, which your browser automatically transmits to us or to our hosting provider:
  • website visited
  • date and time of access
  • amount of data sent in bytes
  • source or referrer from which you accessed the page
  • browser type and version
  • operating system used
  • IP address (in log files usually shortened or otherwise restricted where possible)
This data is processed in order to display the website correctly, ensure the stability and security of the website, detect and prevent misuse, and for basic administrative purposes.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in secure provision of our website and defence against attacks).
The data in the server log files is generally stored for a limited period and then deleted or anonymised, unless longer storage is required for evidentiary purposes in the event of specific incidents (for example suspicion of abuse or cyber attacks).

8. Cookies and consent management

Our website uses cookies and similar technologies (for example local storage, pixels) in order to provide website functions, to make our offer more user-friendly, and – subject to your consent – for analytical and marketing purposes.
We use a consent management tool (for example Complianz) to obtain and document your consent for the use of non-essential cookies and third-party tools.
When you first visit our website, a cookie banner is displayed. There you can:
  • accept all cookies and tools,
  • select only certain categories (for example “statistics”, “marketing”), or
  • reject all non-essential cookies.
Your settings are stored by means of a consent cookie so that they can be recognised on subsequent visits.
You can change or withdraw your consent at any time with effect for the future by using the “Cookie settings” / “Cookie preferences” link in the footer of our website (wording may differ slightly on the live site).

8.1 Necessary cookies and similar technologies

We use cookies and similar technologies that are technically necessary to operate the website. These include, for example:
  • cookies to store your privacy and cookie settings
  • session cookies for the shopping cart and checkout
  • login cookies for customer accounts (if you log in)
  • security-related cookies (for example CSRF tokens, load balancing)
Legal basis: Section 25(2) no. 2 TTDSG (Germany) in conjunction with Article 6(1)(b) and (f) GDPR.
You cannot deactivate these cookies via the cookie banner, as the website cannot function correctly without them. However, you can generally block cookies in your browser; this may limit the functionality of the website.

8.2 Non-essential cookies and similar technologies (statistics, marketing)

In addition, we may use cookies and similar technologies for the following purposes, subject to your consent:

Legal basis: Section 25(1) TTDSG in conjunction with Article 6(1)(a) GDPR (your consent).
Details on the specific tools used, the data processed, storage periods, and possible transfers to third countries can be found in the sections below.

9. Contact options and communication

If you contact us (for example by e-mail, telephone, contact form or via social media), we process the personal data that you provide to us:
  • name, contact details (for example e-mail address, telephone number)
  • content of the message
  • if applicable, further information that you provide voluntarily
We use this data to process your enquiry and, where applicable, to respond to you.
Legal basis:
  • Article 6(1)(b) GDPR where the communication is related to the conclusion or performance of a contract (for example questions about orders, products, services),
  • otherwise Article 6(1)(f) GDPR (our legitimate interest in effective communication with customers and interested parties).
We store these data for as long as necessary to process your enquiry and for any subsequent questions. In addition, legal retention periods may apply.

10. Customer account and orders

If our website offers the option to create a customer account, you may register by providing the required data (for example name, address, e-mail address, password). The required fields are marked as such in the form.
We process the data you enter to create and manage your customer account, to authenticate you on login, and to enable you to view and manage your orders and stored data.
If you place orders via our online shop, we process the data required for order processing, in particular:
  • name, billing and shipping address
  • contact details (for example e-mail, phone)
  • ordered products, quantities, prices
  • payment information (depending on the payment method, in part via payment service providers)
  • transaction and invoice data
Legal basis: Article 6(1)(b) GDPR (performance of contract and pre-contractual measures).
We may share your data with third parties where necessary for the execution of the contract, for example with:
  • technical providers that operate the shop system and hosting
  • shipping and logistics service providers (see section “Shipping and logistics”)
  • payment service providers (see section “Payment processing”)
  • tax consultants and authorities, where required by law

Customer account data is stored until you request deletion of your account or there is no longer any contractual or legal reason to retain it. Order-related data is stored for the duration of legal retention periods (usually 6 to 10 years under German commercial and tax law).

11. Payment processing

When you make purchases via our website, payments are usually processed via external payment service providers that are indicated to you during checkout (for example PayPal, credit card providers, other payment services). Which providers are actually used depends on the payment options provided in the shop at the time of your order.
We forward to the relevant payment service provider only those data which are necessary for payment processing (for example payment amount, order reference, basic identity and contact data). Depending on the payment method, the payment service provider may additionally collect data directly from you (for example your account or credit card details).
Legal basis: Article 6(1)(b) GDPR (performance of contract).

Further details on data processing by the individual payment service providers can be found in the privacy policies of the respective providers. There you will also find information on any data transfers to third countries.

12. Shipping and logistics

For the delivery of ordered goods, we transmit your address data and, where necessary for coordination of deliveries, your e-mail address and/or telephone number to the shipping and logistics service providers we use (for example parcel services, postal providers).
The specific logistics service provider will be displayed to you in the ordering process or shipment confirmation (for example DHL, Deutsche Post or other providers).
Legal basis: Article 6(1)(b) GDPR (performance of contract).

13. Newsletter and direct marketing

If we offer a newsletter and you register for it, we use your e-mail address to send you information about our products, offers and promotions.
Registration for the newsletter usually takes place using the double opt-in procedure: after registering, you will receive an e-mail in which you must confirm your registration by clicking a link. Only then will you be added to the newsletter distribution list.
We may log your registration and confirmation with time stamp and IP address to be able to prove the registration process.
Legal basis: Article 6(1)(a) GDPR (consent).
You can unsubscribe from the newsletter at any time with effect for the future, for example via a link at the end of each newsletter or by contacting us using the contact details above.
If you are an existing customer, we may send you information about similar products by e-mail, even without explicit newsletter registration, provided this is permitted by law and you have not objected. Legal basis: our legitimate interest in direct marketing (Article 6(1)(f) GDPR in conjunction with section 7(3) UWG). You can object to this use of your e-mail address at any time.
We may also use your postal address to send you information and offers by mail. Legal basis: Article 6(1)(f) GDPR (legitimate interest in direct marketing). You may object at any time.

14. Web analytics with Google Analytics 4

We use Google Analytics 4 (“Google Analytics”) for statistical analysis of the use of our website and to improve our online offer.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Google Analytics uses cookies or similar technologies to analyse how you use our website. The information generated about your use of the website is usually transferred to a server of Google and stored there. As part of Google Analytics 4, it may happen that information is transmitted to servers of Google LLC in the USA and processed there.
The following categories of data may be processed, among others:
  • IP address (shortened)
  • date and time of visit
  • pages viewed and click paths
  • information about browser and device (for example browser type, version, operating system, device type)
  • referrer URL (the previously visited page)
  • approximate location (based on shortened IP address)
  • interaction data (for example scrolls, clicks, downloads, time spent on pages)
We have activated IP anonymisation in Google Analytics 4. This means that your IP address is shortened within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser is not merged with other Google data unless you have configured this in your Google account (for example web and app activity).
We use Google Analytics via our consent management tool. This means:
  • Google Analytics is only activated if you have given your consent to “statistics” or a comparable category in the cookie banner.
  • If you do not give your consent, no Google Analytics cookies will be set and no data will be processed by Google Analytics.
Legal basis: section 25(1) TTDSG and Article 6(1)(a) GDPR (your consent); for any data transfers to the USA additionally Article 49(1)(a) GDPR (explicit consent).
We have concluded a data processing agreement with Google in accordance with Article 28 GDPR and use the standard contractual clauses of the European Commission in accordance with Article 46 GDPR for transfers to the USA. Nevertheless, the level of data protection in the USA may not fully correspond to that in the EU (see section “Data transfers to third countries”).
You can withdraw your consent at any time with effect for the future via the cookie settings on our website.
You can also install a browser add-on to deactivate Google Analytics across websites: https://tools.google.com/dlpage/gaoptout
Further information on Google Analytics can be found in Google’s privacy policy and in the Google Analytics help.

15. Online marketing and remarketing

We may use various online marketing tools to display interest-based advertising and to measure the effectiveness of our campaigns. These tools are only activated if you give your consent via the cookie banner (category “marketing” or similar).
At the time of drafting this privacy policy, not all of the tools described below are necessarily active on our website. However, as they may be activated in the future, we already provide information about them here. Where a tool is not active, no data is processed by that tool.

15.1 Meta/Facebook Pixel

We may use the “Meta Pixel” (formerly “Facebook Pixel”) of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (parent company: Meta Platforms Inc., USA).
The Meta Pixel enables Meta to determine visitors to our website as a target group for displaying ads (“Facebook Ads” / “Meta Ads”). We use the Meta Pixel to display our ads only to users who are potentially interested in our products and to analyse the effectiveness of our ads (conversion tracking).
When you visit our website and the Meta Pixel is activated (after your consent), a direct connection to Meta’s servers is established. The following data may be processed, among others:
  • IP address
  • user agent (browser, operating system)
  • visited pages and interactions (for example page views, purchases)
  • referrer URL
  • technical information about the browser and device
If you are logged in to Facebook or Instagram, Meta can assign this information to your account. Even if you are not logged in, Meta may be able to associate or create a profile.
Legal basis: section 25(1) TTDSG and Article 6(1)(a) GDPR (consent); for any data transfers to the USA additionally Article 49(1)(a) GDPR (explicit consent).
You can control the display of interest-based advertisements in the settings of your Meta account or via the cookie settings on our website. Further information on data processing by Meta can be found in Meta’s privacy policy.

15.2 Google Ads and Google Ads Remarketing

We may use Google Ads and the associated remarketing functions of Google.
Google Ads allows us to display advertisements in Google search results and on websites of third parties. When you click on an ad placed by Google and are redirected to our website, a cookie for conversion tracking may be placed on your device. With the help of this cookie, we and Google can recognise that you have clicked on an ad and were redirected to our website.
The remarketing function allows us to show users of our website targeted advertising on other websites within the Google advertising network. For this purpose, Google analyses your usage behaviour on our website to display interest-based advertising.

Legal basis: section 25(1) TTDSG and Article 6(1)(a) GDPR (consent); for any data transfers to the USA additionally Article 49(1)(a) GDPR (explicit consent).

You can withdraw your consent at any time via the cookie settings on our website or adjust your personal advertising settings in your Google account.

15.3 TikTok Pixel, Pinterest Tag, Snapchat Pixel

We may use pixels or similar technologies from TikTok, Pinterest and Snapchat in order to measure the effectiveness of campaigns and display interest-based advertising on these platforms.
Providers (parent companies in brackets):
  • TikTok Technology Limited, Ireland (TikTok Inc., USA / other countries)
  • Pinterest Europe Ltd., Ireland (Pinterest Inc., USA)
  • Snap Group Limited, United Kingdom (Snap Inc., USA)
When you visit our website and the respective pixel is activated (after your consent), a connection to the provider’s servers is established and the following data may be processed, among others:
  • IP address
  • device and browser information
  • visited pages and actions (for example page views, purchases)
  • referrer URL
If you have an account with the respective platform and are logged in, the provider can associate your visit to our website with your account and may use this information to display targeted advertising.
Legal basis: section 25(1) TTDSG and Article 6(1)(a) GDPR (consent); for data transfers to third countries, particularly the USA, additionally Article 49(1)(a) GDPR (explicit consent).

You can withdraw your consent via the cookie settings on our website and also adjust your advertising preferences in your accounts with the respective platforms.

16. Embedded content and social media plugins (Instagram, Facebook, YouTube, TikTok, Vimeo)

We may use content from social media platforms and video services on our website, for example:
  • Instagram images or feeds (for example via Elementor Instagram widget or manual embeds)
  • Facebook posts or plugins
  • YouTube videos
  • TikTok videos
  • Vimeo videos
Part of this content may be embedded directly from the servers of the respective providers. When such embedded content is loaded, the provider receives at least your IP address and information about which page you are visiting. Additional cookies or tracking technologies may be used by the providers.
In order to protect your privacy, such embeds are either:
  • only loaded after you have given your consent via our cookie/banner settings; or
  • integrated in such a way that no data is transmitted to the providers until you actively click on the content (for example “click to load video”).
Legal basis: section 25(1) TTDSG and Article 6(1)(a) GDPR (consent); where the content is necessary for the performance of a contract or requested by you, additionally Article 6(1)(b) GDPR.
Please note:
  • Even if you do not have an account with the respective provider, the provider may create usage profiles from the transmitted data.
  • If you are logged in to the provider (for example Instagram, Facebook, YouTube, TikTok), the provider can assign your visit to our website to your profile.
We may also use images and media originating from our social media channels (for example Instagram posts) by storing them directly on our own server and displaying them on the website. In this case, only the usual website access data is processed (no additional data transfer to the social network occurs solely by viewing such locally stored media).

Further details on data processing by the respective providers can be found in their privacy policies.

17. Social media pages (Facebook, Instagram, YouTube and others)

We operate company pages on social media platforms (for example Facebook, Instagram, YouTube). When you visit our pages there, personal data is processed both by us and by the platform operators.
When you interact with us on these platforms (for example by sending messages, commenting on posts, using „Like“ or „Follow“ functions), we process the information that you provide and that is visible to us (for example your user name, profile, content of your messages or comments) to answer your queries and for communication with the community.
Legal basis: Article 6(1)(b) GDPR where the communication serves the preparation or performance of a contract; otherwise Article 6(1)(f) GDPR (our legitimate interest in external presentation and communication with users).
The platform operators also process your data for their own purposes (for example for analysis and advertising). We have only limited influence over these data processing operations. In certain cases, we and the platform operator are considered joint controllers (for example Facebook “Page Insights”). In such cases, we have concluded corresponding agreements with the respective providers in accordance with Article 26 GDPR.

For detailed information on data processing by the platform operators and on your rights vis-à-vis these operators, please refer to the privacy policies of the respective services.

18. Recipients and data transfers to third countries

18.1 Recipients

Depending on the type of processing, the following categories of recipients may receive personal data:
  • internal departments involved in the execution of the respective process (for example customer service, logistics, accounting, marketing, IT)
  • hosting and IT service providers (for example HostEurope, possibly IONOS)
  • providers of shop systems, payment and shipping solutions
  • payment service providers and banks
  • shipping and logistics service providers
  • analytics and marketing service providers (for example Google, Meta, other advertising networks)
  • providers of consent management / cookie tools (for example Complianz)
  • tax consultants, auditors, legal advisors
  • authorities and public bodies, where required by law
All processors are contractually obliged to process data only on the basis of our instructions and in accordance with data protection law (Article 28 GDPR).

18.2 Transfers to third countries

Some of the service providers named in this privacy policy are located or process data in countries outside the European Union and the European Economic Area, in particular in the USA.
If there is no adequacy decision for the respective third country, we rely on appropriate safeguards within the meaning of Article 46 GDPR (for example standard contractual clauses of the European Commission) and take additional measures where necessary.
Nevertheless, especially in the case of data transfers to the USA, it cannot be completely ruled out that public authorities may access the data without effective legal remedies for data subjects.
Where we rely on your consent for the use of certain tools (for example Google Analytics 4, Meta/Facebook Pixel, Google Ads Remarketing, TikTok Pixel, Pinterest Tag, Snapchat Pixel, embedded content of US providers) and these tools involve data transfers to third countries, your consent also expressly covers these transfers (Article 49(1)(a) GDPR). You may withdraw your consent at any time with effect for the future via the cookie settings on our website.

19. Storage periods

We process and store personal data only for as long as it is necessary to achieve the respective purpose or as long as there are statutory retention obligations.
In particular:
  • contact enquiries: for the duration of processing and any follow-up, plus statutory retention periods where applicable
  • customer accounts: until deletion of the account, unless longer retention is required for contractual or legal reasons
  • contract and order data: usually 6 to 10 years (commercial and tax law retention obligations)
  • newsletter data: until you unsubscribe or withdraw your consent
  • server log files: usually a few weeks or months, unless longer storage is necessary for security reasons
  • cookies and tracking data: according to the respective storage period of the cookie or technology, as shown in the consent tool or your browser settings
After the end of the respective storage period, personal data is deleted or anonymised.

20. Your rights as data subject

You have the following rights in relation to your personal data:
  • right of access (Article 15 GDPR): you have the right to obtain confirmation as to whether we process personal data concerning you and, if so, access to this data and further information.
  • right to rectification (Article 16 GDPR): you have the right to request the rectification of inaccurate data and the completion of incomplete data.
  • right to erasure (Article 17 GDPR): you have the right to request the deletion of your personal data, subject to statutory retention obligations and other exceptions.
  • right to restriction of processing (Article 18 GDPR): under certain conditions, you may request restriction of processing.
  • right to data portability (Article 20 GDPR): you have the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller.
  • right to withdraw consent (Article 7(3) GDPR): you have the right to withdraw your consent at any time with effect for the future.
  • right to object (Article 21 GDPR): you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR; we will then no longer process your data unless we can demonstrate compelling legitimate grounds which override your interests or the processing is required for the establishment, exercise or defence of legal claims. You may also object at any time to the processing of your personal data for direct marketing purposes.
To exercise your rights, you can contact us at any time using the contact details provided above.

In order to process your request, we may ask you to provide proof of identity so that we can clearly identify you.

21. Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement (Article 77 GDPR).
The supervisory authority responsible for us in Germany is, for example, the competent data protection authority of the federal state of North Rhine-Westphalia. You are free to contact any supervisory authority of your choice.

22. Obligation to provide data and consequences of non-provision

Within the scope of our business relationship, you only need to provide those personal data that are required for the establishment and implementation of the relationship or that we are legally obliged to collect.
Without these data, we will generally not be able to conclude or perform a contract with you, respond to enquiries, or provide certain services.

For purely informational use of the website (without registration, order or contact), you are not obliged to provide personal data; however, certain technical data is required to display the website and is automatically processed (see section “Data processing when visiting our website”).

23. Automated decision-making and profiling

We do not make decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR.

Where we use web analytics and marketing tools (for example Google Analytics 4, Meta/Facebook Pixel, Google Ads Remarketing, TikTok Pixel, Pinterest Tag, Snapchat Pixel), this may involve profiling for marketing and analytical purposes. However, such profiling is based on your consent and is not used for decisions with legal or similarly significant effects.

24. Changes to this privacy policy

We reserve the right to amend this privacy policy at any time with effect for the future, in particular in the event of changes to legal requirements, our website, our services or the technologies we use.
The version available on our website at the time of your visit applies.