Legal

Privacy Policy

How we collect, use, and protect your personal and genetic data.

Last updated: March 19, 2026

1. Introduction

GenCheckup (“we”, “us”, “our”) operates the website beauty-gencheckup.com and provides DNA testing, personalized supplementation, and related health services. We are committed to protecting your privacy and processing your personal data in compliance with the European General Data Protection Regulation (GDPR) and applicable German data protection law (BDSG).

This Privacy Policy explains what personal data we collect, how we use it, and what rights you have regarding your data.

2. Data Controller

The data controller responsible for the processing of your personal data is:

GenCheckup / Beauty Gen Checkup
Carole Holzhäuer
Germany
Email: info@beauty-gencheckup.com

3. Data We Collect

3.1 Account & Order Data

When you create an account, place an order, or subscribe to a service, we collect:

  • Full name, email address, phone number
  • Billing and shipping addresses
  • Payment information (processed securely via Stripe — we do not store card details)
  • Order history and subscription status

3.2 Genetic & Health Data

When you purchase a DNA kit, we process sensitive health data including:

  • DNA sample data collected via cheek swab
  • Genetic analysis results and personalized health reports
  • Supplement formulation data based on your genetic profile

Your genetic data is treated as special category data under GDPR Article 9. We process this data only with your explicit consent, which you provide when activating your DNA kit.

3.3 Contact & Communication Data

  • Contact form submissions (name, email, subject, message)
  • Newsletter subscription preferences
  • Support correspondence

3.4 Technical Data

When you visit our website, we automatically collect:

  • IP address (anonymized), browser type, device information
  • Pages visited, time spent, referral source
  • Cookies and similar tracking technologies (see Section 7)

4. How We Use Your Data

PurposeLegal Basis
Processing orders and subscriptionsContract performance (Art. 6(1)(b))
Genetic analysis and personalized reportsExplicit consent (Art. 9(2)(a))
Personalizing supplement formulationsExplicit consent (Art. 9(2)(a))
Sending transactional emails (order confirmations, shipping updates)Contract performance (Art. 6(1)(b))
Marketing communications (newsletter)Consent (Art. 6(1)(a))
Improving our website and servicesLegitimate interest (Art. 6(1)(f))
Fraud prevention and securityLegitimate interest (Art. 6(1)(f))

5. Data Sharing

We share personal data only with the following categories of recipients, and only to the extent necessary:

  • Laboratory partners — for DNA analysis (within the EU, under strict data processing agreements)
  • Stripe — for secure payment processing
  • Shipping providers — for order delivery (name and address only)
  • Hosting providers — for website operation (EU-based servers)

We never sell, rent, or share your genetic data with third parties for marketing, insurance, or research purposes.

6. Data Retention

  • Account data: retained as long as your account is active, plus 3 years after deletion
  • Order data: 10 years (German commercial and tax retention requirements)
  • Genetic data: retained until you request deletion, or 5 years after last activity
  • Contact form data: 12 months after resolution of inquiry
  • Technical logs: 90 days

7. Cookies

Our website uses the following categories of cookies:

  • Strictly necessary: session management, shopping cart, authentication
  • Functional: language preferences, accessibility settings
  • Analytics: anonymized usage statistics to improve our service (only with consent)

You can manage your cookie preferences at any time through your browser settings. Disabling strictly necessary cookies may impact website functionality.

8. Your Rights

Under GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data (“right to be forgotten”)
  • Restriction — limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, contact us at info@beauty-gencheckup.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • TLS/SSL encryption for all data in transit
  • Encrypted storage for genetic data at rest
  • Access controls and role-based permissions
  • Regular security audits and penetration testing
  • GDPR-compliant data processing agreements with all service providers

10. International Transfers

Your data is primarily processed within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., for payment processing), we ensure adequate safeguards through EU Standard Contractual Clauses or adequacy decisions.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or website notice. The “Last updated” date at the top indicates the most recent revision.

12. Contact & Complaints

For privacy-related inquiries or complaints, contact us at:

info@beauty-gencheckup.com

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your residence or where the alleged infringement occurred.