Privacy Policy
1. Controller
1st Beauty Lab GmbH Börsegasse 12/EG 1 1010 Vienna, Austria
Email: hello@firstbeautylab.com Website: www.firstbeautylab.com
Commercial Register Number: FN 673053 i, Commercial Court Vienna (Handelsgericht Wien)
2. Overview
We take the protection of your personal data seriously. This privacy policy informs you in accordance with Art. 13 GDPR about which data we collect, why we process it and what rights you have.
We only process personal data to the extent necessary to provide our website and the features you use, or where you have given your consent.
3. Website Hosting
3.1 Vercel Inc.
Our website is hosted by Vercel Inc. When you visit our website, your browser automatically transmits technical access data:
- IP address
- Date and time of access
- Browser type and version
- Operating system
- Referrer URL
- Page accessed
This data is technically required to display our website to you.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the stable and secure provision of the website).
Recipient: Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA.
Third country transfer: USA. Vercel is certified under the EU-U.S. Data Privacy Framework (DPF). An adequacy decision by the European Commission exists (Implementing Decision (EU) 2023/1795 of 10 July 2023).
Retention period: Server log files are automatically deleted after a maximum of 30 days.
4. Newsletter and Launch Notifications
4.1 Klaviyo Inc.
When you register for launch notifications via our sign-up form, we process the following data:
- Email address
- Time of registration
- IP address at the time of registration (proof of consent)
- Your optional selections (e.g. whether you would like early ordering access at launch)
We use this data exclusively to inform you about the launch of our products and to provide you with early access if requested.
We use the service Klaviyo for sending and managing our emails.
Legal basis: Art. 6(1)(a) GDPR (your consent). You may withdraw your consent at any time with effect for the future by using the unsubscribe link in every email or by contacting us at hello@firstbeautylab.com.
Recipient: Klaviyo Inc., 125 Summer Street, Boston, MA 02110, USA.
Third country transfer: USA. Klaviyo is certified under the EU-U.S. Data Privacy Framework (DPF) (Implementing Decision (EU) 2023/1795 of 10 July 2023).
Retention period: Your data is stored for as long as you are subscribed to our newsletter. After unsubscribing, your data will be deleted within 30 days, unless statutory retention obligations apply.
Email analytics: Klaviyo statistically records whether our emails are opened and which links are clicked. This analysis is pseudonymised and serves to improve our communication. You can prevent tracking by disabling the automatic loading of images in your email client.
5. Web Analytics and Marketing
The services described in this section are only activated after you have given your explicit consent via our cookie banner. Without your consent, no analytics or marketing cookies are set and no data is transmitted to the services listed below.
5.1 Google Analytics 4 (GA4)
We use Google Analytics 4, a web analytics service provided by Google, to statistically analyse and improve the use of our website. GA4 uses cookies and similar technologies to collect the following data:
- Page views and interactions on our website
- Technical information (browser type, operating system, screen resolution)
- Approximate location (based on anonymised IP address)
- Date and time of access
- Referrer URL
- Time spent and navigation on the website
IP anonymisation: GA4 anonymises your IP address within the EU by default before it is transmitted to Google servers.
Google Consent Mode v2: We use Google Consent Mode v2. This means that Google Analytics is only fully activated once you have given your consent via our cookie banner. Without consent, no analytics cookies are set and no personal data is collected.
Legal basis: Art. 6(1)(a) GDPR (your consent) in conjunction with § 165(1) TKG 2021 (Austrian Telecommunications Act).
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data may be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Third country transfer: USA. Google is certified under the EU-U.S. Data Privacy Framework (DPF) (Implementing Decision (EU) 2023/1795 of 10 July 2023).
Retention period: Cookies set by Google Analytics have a retention period of up to 14 months. Detailed information on data processing by Google can be found at https://policies.google.com/privacy.
Withdrawal: You can withdraw your consent at any time via our cookie banner. Additionally, you can install the browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout.
5.2 Meta Pixel (Facebook/Instagram)
We use the Meta Pixel on our website to measure the effectiveness of our advertisements on Facebook and Instagram and to improve our website for you.
When the Meta Pixel is active, the following data is collected:
- Page views and interactions on our website
- Technical information (browser type, operating system, screen resolution)
- Date and time of access
- Referrer URL
- Meta cookie identifiers (if available)
This data is transmitted to Meta and may be linked to your Facebook or Instagram account if you are logged in. We cannot personally identify you based on this data.
Legal basis: Art. 6(1)(a) GDPR (your consent) in conjunction with § 165(1) TKG 2021.
Recipient: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Data may be transferred to Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
Third country transfer: USA. Meta is certified under the EU-U.S. Data Privacy Framework (DPF) (Implementing Decision (EU) 2023/1795 of 10 July 2023).
Retention period: Data collected by Meta is stored in accordance with Meta's data policy. For more information, see https://www.facebook.com/privacy/policy/.
Withdrawal: You can withdraw your consent at any time via our cookie banner. Additionally, you can disable the use of off-Facebook activity in your Facebook settings under "Settings > Advertising".
5.3 Pinterest Tag
We use the Pinterest Tag on our website to measure the effectiveness of our advertisements on Pinterest and to improve our website.
When the Pinterest Tag is active, the following data is collected:
- Page views and interactions on our website
- Technical information (browser type, operating system, screen resolution)
- Date and time of access
- Referrer URL
- Pinterest cookie identifiers (if available)
This data is transmitted to Pinterest and may be linked to your Pinterest account if you are logged in.
Legal basis: Art. 6(1)(a) GDPR (your consent) in conjunction with § 165(1) TKG 2021.
Recipient: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland. Data may be transferred to Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA.
Third country transfer: USA. Pinterest is certified under the EU-U.S. Data Privacy Framework (DPF) (Implementing Decision (EU) 2023/1795 of 10 July 2023).
Retention period: Data collected by Pinterest is stored in accordance with Pinterest's privacy policy. For more information, see https://policy.pinterest.com/en/privacy-policy.
Withdrawal: You can withdraw your consent at any time via our cookie banner. Additionally, you can disable personalisation in your Pinterest settings under "Privacy and Data".
6. Cookies and Storage Technologies
6.1 Technically Necessary Cookies
Our website uses technically necessary cookies that are required for the operation of the website. These cookies are set automatically and do not require consent pursuant to § 165(3) TKG 2021.
6.2 Consent-Required Cookies
Cookies that are not technically necessary (in particular the analytics and marketing services described in Section 5) are only set after you have given your explicit consent via our cookie banner.
You can withdraw your consent at any time with effect for the future via the cookie banner, which you can access via the "Cookie Settings" link in the footer of our website.
Legal basis for consent-required cookies: Art. 6(1)(a) GDPR in conjunction with § 165(1) TKG 2021.
6.3 Cookie Overview
Technically necessary (no consent required):
| Cookie | Provider | Purpose | Retention |
|---|---|---|---|
| Cookie Consent | 1st Beauty Lab | Storage of your cookie preferences | 12 months |
| NEXT_LOCALE | 1st Beauty Lab | Storage of your language selection (DE/EN) | 12 months |
Analytics (consent required):
| Cookie | Provider | Purpose | Retention |
|---|---|---|---|
| _ga | Distinguishing users in Google Analytics | 14 months | |
| _ga_* | Storing session state in Google Analytics | 14 months |
Marketing (consent required):
| Cookie | Provider | Purpose | Retention |
|---|---|---|---|
| _fbp | Meta | Browser identification for Meta Pixel | 90 days |
| _fbc | Meta | Click identifier storage for Meta | 90 days |
| _pin_unauth | Identification of non-logged-in users | 365 days | |
| _pinterest_ct_rt | Click identifier storage for Pinterest | 365 days | |
| _pinterest_sess | Session information for Pinterest Tag | Session |
7. Google Consent Mode v2
We use Google Consent Mode v2. This system controls the behaviour of Google Analytics and other Google services based on your cookie settings:
- Without consent: No analytics or marketing cookies are set. Google services do not receive any personal data.
- With consent: Google Analytics and the marketing pixels are fully activated and set the cookies described in Section 6.3.
8. No Disclosure to Other Third Parties
Your personal data will not be transferred to third parties beyond the recipients named in this privacy policy, unless we are legally obligated to do so or you have expressly consented.
9. Your Rights
You have the following rights under the GDPR regarding your personal data:
Access (Art. 15 GDPR): You may request information about your personal data stored by us.
Rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
Erasure (Art. 17 GDPR): You may request the deletion of your data, provided no statutory retention obligations apply.
Restriction of processing (Art. 18 GDPR): You may request the restriction of the processing of your data.
Data portability (Art. 20 GDPR): You may request to receive your data in a structured, commonly used and machine-readable format.
Objection (Art. 21 GDPR): You may object to the processing of your data where it is based on Art. 6(1)(f) GDPR.
Withdrawal of consent (Art. 7(3) GDPR): You may withdraw any consent given at any time with effect for the future.
To exercise your rights, please contact us at: hello@firstbeautylab.com
10. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:
Austrian Data Protection Authority (Österreichische Datenschutzbehörde) Barichgasse 40–42 1030 Vienna, Austria
Phone: +43 1 521 52-2569 Email: dsb@dsb.gv.at Website: www.dsb.gv.at
11. Changes to This Privacy Policy
We reserve the right to update this privacy policy to reflect changes in legal requirements or changes in our data processing. The current version can always be found on this page.
As of: March 2026