Privacy Policy
This Privacy Policy describes in detail how Toptrue ("we", "us", "our"), operating via the website toptrue.world, collects, uses, stores, shares, and protects your personal data in connection with our hydration and appearance products, educational content, guidance, and related services. We are committed to transparency, fairness, and full compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) where applicable. This policy is intended to provide you with clear and comprehensive information about our data processing activities so that you can make informed decisions about your personal data.
Data Controller and Contact Details
The data controller responsible for your personal data is Toptrue, with its registered address at Schützenstraße 41, 10117 Berlin, Germany. As the data controller, we determine the purposes and means of the processing of your personal data. For any questions, requests, or complaints regarding this Privacy Policy, your personal data, or the exercise of your rights, you may contact us using the contact details provided on our website (toptrue.world), including our contact form, postal address, and telephone number. We will endeavour to respond to your enquiries without undue delay and in any event within the timeframes prescribed by applicable law.
Personal Data We Collect
We may collect the following categories of personal data in the course of providing our hydration and appearance products, content, and services. The exact data we collect depends on how you interact with our website and services.
Contact and Identification Data
When you submit an enquiry, complete our contact form, request information, or otherwise communicate with us, we may collect your name, email address, and any other contact or identification details you voluntarily provide. This data is used to respond to your enquiries about our products (including our Daily Hydration Serum, Glow Moisturiser, and Routine Essence), to provide guidance on hydration and appearance, and to manage any ongoing correspondence. We collect this data only where necessary for the purpose of your communication and in accordance with the legal bases set out below.
Communication Content
The content of your messages, emails, or other communications with us (including questions about product recommendations, hydration routines, skin care, or appearance-related advice) may contain personal data. We process this content solely for the purpose of responding to you, providing customer support, and improving our services. We do not use the content of your communications for marketing purposes unless you have given separate consent.
Technical and Usage Data
When you browse our website, we may automatically collect certain technical data, such as your IP address, browser type and version, operating system, device type, referring URL, pages visited, date and time of access, and similar information. This data helps us to ensure the security and proper functioning of our website, to analyse how visitors use our site (e.g. which pages are most viewed in connection with our hydration and appearance content), and to improve the user experience. Where required by law, we obtain your consent before using such data for analytics or similar purposes beyond strictly necessary functions.
Cookie and Similar Technologies Data
We use cookies, local storage, and similar technologies as described in our Cookies Policy. These may store preferences (e.g. your acceptance of our privacy or cookies notice), session identifiers, and other data related to your interaction with our site. For detailed information about the cookies we use, their purposes, and how to manage them, please refer to our Cookies Policy.
Purposes of Processing
We process your personal data only for specified, explicit, and legitimate purposes. We do not process your data in a manner that is incompatible with those purposes. The main purposes for which we process your data include the following.
Provision of Services and Customer Support
We process your data to respond to your enquiries about our hydration and appearance products and to provide guidance tailored to your questions. This includes answering questions about the use, ingredients, or suitability of our Daily Hydration Serum, Glow Moisturiser, Routine Essence, and other products, as well as general advice on hydration and appearance. We also use your data to process and manage orders or requests related to our products where applicable, including order confirmation, shipping, and after-sales support.
Marketing and Communications
Where you have given your consent or where we have a legitimate interest permitted by law, we may send you information about new products, tips on hydration and appearance, special offers, and updates about Toptrue. You may withdraw your consent or object to such processing at any time by contacting us or using the unsubscribe option in any marketing communication. We will not send you marketing communications without a valid legal basis.
Improvement and Analytics
We may process aggregated or anonymised data, and where legally permitted non-anonymised data, to improve our website, content, and product offerings. This includes analysing how visitors navigate our site, which content related to hydration and appearance is most relevant, and how we can enhance the overall user experience. Where such processing involves personal data and is not strictly necessary for the operation of the site, we will rely on your consent or our legitimate interest in accordance with applicable law.
Legal and Regulatory Compliance
We process personal data where necessary to comply with legal obligations (e.g. tax, consumer, or data protection law) and to establish, exercise, or defend legal claims. This may include retaining certain data for periods required by law and disclosing data to authorities when legally obliged to do so.
Legal Basis for Processing
Under the GDPR and similar data protection laws, we process your personal data only where we have a valid legal basis. The legal bases we rely on include the following.
Contract Performance
Where processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (e.g. fulfilling an order for hydration or appearance products, processing your contact request in preparation for a possible order), we process your data on this basis. Without such processing, we would not be able to provide the requested products or services.
Consent
Where you have given clear, specific, informed, and unambiguous consent for particular processing (e.g. receiving marketing communications, use of non-essential cookies), we process your data on the basis of that consent. You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
Legitimate Interests
Where processing is necessary for the purposes of our legitimate interests (e.g. improving our services, ensuring security, conducting analytics to improve our website and content) and such interests are not overridden by your interests or fundamental rights and freedoms, we process your data on this basis. We carry out a balancing test to ensure that our interests do not unduly affect your rights. You have the right to object to processing based on legitimate interests in certain circumstances.
Legal Obligation
Where we are required to process your data to comply with a legal obligation (e.g. retention for tax or consumer law purposes, responding to lawful requests from authorities), we process your data on this basis.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal, regulatory, or contractual requirements. Our retention periods are determined by the type of data and the purpose of processing.
Contact and Correspondence
Contact form submissions, emails, and other correspondence are generally retained for the period necessary to handle your enquiry and any follow-up (e.g. product support, complaints). This may typically be up to three years from the last meaningful communication, unless a longer period is required for legal claims or regulatory compliance.
Order and Transaction Data
Data related to orders for our hydration and appearance products (e.g. Daily Hydration Serum, Glow Moisturiser, Routine Essence) is retained for the period required by applicable commercial and tax law (e.g. in Germany, often at least six or ten years for certain records). After that, data is deleted or anonymised unless further retention is necessary for legal proceedings.
Technical and Cookie Data
Technical and cookie data may be retained in accordance with our Cookies Policy. Session data is typically deleted when you close your browser. Persistent cookie data is retained for the duration specified in our Cookies Policy or until you delete it. Analytics data may be retained in aggregated or anonymised form for longer periods for statistical purposes.
Deletion and Anonymisation
When data is no longer needed for the purposes for which it was collected, we will delete it in a secure manner or anonymise it so that it can no longer be associated with you. You may also request erasure of your data in accordance with your rights set out below.
Sharing and Disclosure of Personal Data
We do not sell your personal data to third parties. We may share your data only in the following circumstances and under strict conditions.
Service Providers
We may share your data with service providers who assist us in operating our website, processing enquiries, delivering products, or providing other support (e.g. hosting, email delivery, payment processing, customer relationship management). Such providers act only on our instructions and are bound by contractual obligations to protect your data and use it only for the purposes we specify. We select providers that meet appropriate security and data protection standards.
Legal and Regulatory Authorities
We may disclose your data to courts, law enforcement, regulatory bodies, or other authorities when required by law, to comply with a legal process, or to protect our rights, your rights, or the rights of others. We will disclose only the data that is strictly necessary for such purposes and will, where permitted by law, inform you of such disclosure unless doing so would undermine the purpose.
Business Transfers
In the event of a merger, acquisition, sale of assets, or similar transaction, your personal data may be transferred as part of the transferred assets. We will ensure that any such successor entity is bound by the same or stricter data protection commitments, and we will inform you of any such change where required by law.
International Transfers of Personal Data
Your data is primarily processed within the European Economic Area (EEA). If we transfer personal data to countries outside the EEA (third countries), we will ensure that appropriate safeguards are in place as required by the GDPR. Such safeguards may include: (a) an adequacy decision by the European Commission recognising that the third country ensures an adequate level of protection; (b) standard contractual clauses approved by the European Commission; (c) binding corporate rules; or (d) other mechanisms permitted by applicable law. You may request a copy of the safeguards applicable to any specific transfer by contacting us.
Your Rights Under Data Protection Law
Depending on your location and the applicable law, you may have the following rights in relation to your personal data. We will respond to any request within the timeframes required by law (e.g. under the GDPR, generally within one month).
Right of Access
You have the right to obtain confirmation as to whether we process your personal data and, where that is the case, to access the data and receive a copy. We may provide the information in a commonly used electronic format where technically feasible. We may refuse requests that are manifestly unfounded or excessive, in particular because of their repetitive character, and we may charge a reasonable fee in such cases as permitted by law.
Right to Rectification
You have the right to obtain the rectification of inaccurate personal data concerning you and to have incomplete data completed. We will take reasonable steps to ensure that data we hold is accurate and up to date.
Right to Erasure
You have the right to obtain the erasure of your personal data in certain circumstances (e.g. where the data is no longer necessary, where you withdraw consent and there is no other legal basis, where you object and there are no overriding legitimate grounds, or where the data has been unlawfully processed). This right is not absolute and may not apply where we are required to retain the data for legal reasons.
Right to Restriction of Processing
You have the right to obtain the restriction of processing in certain circumstances (e.g. where you contest the accuracy of the data, where the processing is unlawful but you prefer restriction to erasure, or where we no longer need the data but you need it for the establishment, exercise, or defence of legal claims). Where processing is restricted, we will store the data and process it only with your consent or for limited purposes permitted by law.
Right to Object
You have the right to object at any time to processing of your personal data based on legitimate interests or to processing for direct marketing. Where you object to processing for direct marketing, we will cease such processing. Where you object on other grounds, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests or for the establishment, exercise, or defence of legal claims.
Right to Data Portability
Where the processing is based on consent or contract and is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format and to transmit that data to another controller where technically feasible.
Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence, place of work, or place of the alleged infringement. In Germany, the competent authority is the relevant state data protection authority (e.g. Berlin Commissioner for Data Protection and Freedom of Information – Berliner Beauftragte für Datenschutz und Informationsfreiheit) or the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit – BfDI). We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority.
To exercise any of these rights, please contact us using the details on our website. We may need to verify your identity before responding. We will not charge a fee for responding to your first request unless the request is manifestly unfounded or excessive.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss, or destruction. Such measures include: secure transmission (e.g. HTTPS where applicable), access controls, encryption where appropriate, and staff training on data protection. Despite our efforts, no method of transmission over the Internet or electronic storage is completely secure; we cannot guarantee absolute security and encourage you to use secure practices (e.g. strong passwords, secure networks) when sharing information with us. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the competent supervisory authority and, where required by law, inform you without undue delay.
Children
Our website and our hydration and appearance products and content are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us and we will take steps to delete such information from our systems in accordance with applicable law.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our products and services, technological developments, or legal and regulatory requirements. The updated version will be posted on this page with a revised effective date. Where changes are material, we may provide additional notice (e.g. by email or a prominent notice on our website) where we have your contact details and where required by law. We encourage you to review this policy periodically. Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the revised policy to the extent permitted by law.
Last updated: .
The information provided on our website is for educational purposes only and is not intended to replace medical advice.