Privacy Policy

In this Privacy Policy, we inform you about how we process personal data on our website. Personal data refers to any information relating to an identified or identifiable natural person — such as name, address, email address, or user behavior.

The person responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Anna-Christina Hertel
Maggy and Jules
Langgewann 2
66265 Heusweiler
Germany
Email: [email protected]

 

1. Data Collection

If you use our website without registering or otherwise actively transmitting information, we only collect the data that your browser automatically transmits to our server (so-called “server log files”). These include in particular:

  • IP address of the requesting device,
  • Date and time of the request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (specific page),
  • Access status / HTTP status code,
  • Amount of data transmitted in each case,
  • Website from which the request originates (referrer URL),
  • Browser used,
  • Operating system and its interface,
  • Language and version of the browser software.

This data is technically necessary to display our website to you and to ensure stability and security (legal basis: Art. 6(1)(f) GDPR). This data is not merged with other data sources.

If there are specific indications of unlawful use of our website, we reserve the right to subsequently analyze the server log files in order to investigate potential misuse.

 

2. Hosting & Security

Our website is hosted by a service provider based in the European Union (EU hosting). The data automatically collected when visiting our website (see section “Data Collection”) is stored and processed on the servers of this hosting provider.

This data processing is necessary to provide a stable, secure, and high-performance website. The legal basis for this processing is Art. 6(1)(f) GDPR. We have entered into a data processing agreement (DPA) with the hosting provider in accordance with Art. 28 GDPR to ensure that your data is processed exclusively on our instructions.

For security reasons, our website uses SSL encryption. You can recognize an encrypted connection by the address bar in your browser ("https://") and the lock icon. This encryption ensures that any data you transmit to us cannot be read by third parties.

To further secure our website and increase the speed of content delivery, we use a content delivery network (CDN) provided by Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA. A CDN is a network of regionally distributed servers that helps deliver our website content reliably, securely, and quickly, even during periods of high traffic. For this purpose, your IP address may be transmitted to Cloudflare to route the data traffic through the nearest data center.

The use of Cloudflare is based on our legitimate interest in the secure and efficient delivery of our website in accordance with Art. 6(1)(f) GDPR. Cloudflare processes data within the EU and in third countries, including the United States. To ensure an adequate level of data protection, data transfers to the U.S. rely not only on the conclusion of standard contractual clauses but also on Cloudflare's certification under the EU-U.S. Data Privacy Framework. This framework was recognized as adequate by the European Commission on July 10, 2023, and ensures that certified U.S. companies provide a level of data protection comparable to that of the EU.

For more information about Cloudflare’s data protection practices, please visit:
https://www.cloudflare.com/privacypolicy

 

3. Cookies & Consent Management

Our website uses so-called cookies. These are small text files that are automatically created by your browser and stored on your device when you visit our site.

Cookies can generally be divided into the following categories:

  • Technically necessary cookies: These are strictly required to ensure the basic functionality of our shop. They include, for example, session control cookies or time zone settings. Without these cookies, our website would not function properly. No consent is required for their use.
  • Statistics cookies: These allow us to collect information about how our website is used, with the help of services like Google Analytics. This helps us better understand user behavior and optimize our offerings accordingly. These cookies are only set with your explicit consent.
  • Marketing cookies: These are used to display and measure personalized advertising, particularly through Google marketing products. These cookies also require your consent.
  • Convenience features: These include functions that make using our website more enjoyable, such as wish lists, embedded YouTube videos, or displaying our Instagram feed. These features are only enabled if you consent to the corresponding cookies.

When you first visit our website, the Shopware cookie consent tool will ask for your permission regarding each cookie category. You can individually choose which types of cookies may be set. You can change your preferences at any time via the following link: Adjust cookie settings.

Please note: If you reject certain cookies, some functionalities of our website—such as embedded media or comfort features—may not be available or may be limited in functionality.

The legal basis for the use of technically necessary cookies is Art. 6(1)(f) GDPR (legitimate interest). All other cookies are processed based on your consent in accordance with Art. 6(1)(a) GDPR.

 

4. Web Analytics & Tag Management

To analyze user behavior and manage website tags, we use technologies provided by Google on our website. These tools are used exclusively based on your explicit consent via our cookie consent banner (see section "Cookies & Consent Management"). You can change your decision at any time via the cookie settings.

4.1 Google Analytics 4

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics 4 uses cookies to collect information about how our website is used. This includes, for example, pages viewed, session duration, or the source of the visit. We have configured Google Analytics so that no user IDs or other directly personal data are transmitted. Additionally, your IP address is anonymized by default by Google Analytics before being stored or processed. This means that the last digits of the IP address are truncated within the EU or the European Economic Area, making it impossible to directly associate the address with you. This IP anonymization is a built-in feature of Google Analytics 4 and serves to protect your privacy. The data generated by cookies about your use of the website is generally transmitted to a Google server in the United States and stored there.

To ensure an adequate level of data protection when transferring data to the U.S., Google relies on its certification under the EU-U.S. Data Privacy Framework and on EU Standard Contractual Clauses. We have also entered into a data processing agreement with Google under Article 28 GDPR, in which Google agrees to comply with European data protection standards. For more information, visit: https://support.google.com/analytics/answer/12017362.

Additionally, Google provides further information on how data is processed within its services and general privacy practices via the following links:

4.2 Google Tag Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that allows us to centrally manage website tags—small pieces of code, such as those used for Google Analytics or marketing services. The Tag Manager itself does not use cookies and does not store any personal data. It merely triggers other tags that may collect data themselves. According to Google, Google Tag Manager has no access to this data.

The use of Google Tag Manager is also based solely on your explicit consent via our cookie banner (Art. 6(1)(a) GDPR). You can withdraw or change your consent at any time using the cookie settings.

More information on the tool is available at: https://www.google.com/intl/de/tagmanager/use-policy.html

 

5. Social Networks & External Platforms

5.1 Instagram Feed

We embed content from our Instagram profile on our website to give you a glimpse into our brand and current posts directly on our site. For this purpose, we use a custom-developed plugin that accesses publicly available content from our profile via the official Instagram API (provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

A connection to Meta’s (Instagram's) servers is only established once you have explicitly consented to the use of marketing cookies via our cookie consent banner. Without this consent, the Instagram feed will not load and no data will be transmitted to Instagram.

If you consent to its use, technical data such as your IP address, browser information, and device details may be transmitted to Meta. This data may also be processed by Meta in the United States. Meta is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection in accordance with Article 45 of the GDPR.

The display of the Instagram feed is based solely on your express consent in accordance with Article 6(1)(a) GDPR. You may withdraw or adjust your consent at any time via the cookie settings on our website.

For more information on how Meta processes your data, please refer to Instagram’s privacy policy: https://privacycenter.instagram.com/policy

5.2 Social Sharing Links

On our blog pages, we provide you with the option to share content via various social media platforms (e.g., Facebook, X/Twitter, LinkedIn, Telegram, Reddit). These share buttons are implemented as simple redirect links and do not include active social plugins that transmit data to third parties when the page is loaded.

Only when you click on a share link will you be redirected to the respective provider’s website. At that point, the privacy policies of the relevant platform operator apply. In this context, personal data such as your IP address or user identifier may be processed by the respective provider.

We have no influence over the type or scope of data collected and processed by these platforms. For more details, please consult the privacy policies of the respective providers:

The use of these share links is voluntary and based on your consent pursuant to Article 6(1)(a) GDPR once you actively click on such a link.

 

6. Data Processing when contacting us

6.1 General contact via email

If you contact us via email, the personal data you provide – such as your email address, name, and the content of your message – will be processed solely for the purpose of handling your inquiry. This processing is based on Article 6(1)(b) GDPR if your request relates to the performance of a contract or pre-contractual measures, or on Article 6(1)(f) GDPR if we have a legitimate interest in responding to your inquiry. The transmitted data will be processed internally only by authorized personnel and will not be shared with third parties without your consent.

6.2 Contact via WhatsApp Business

We offer you the option to contact us via WhatsApp Business. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If you contact us via WhatsApp, you voluntarily provide personal data such as your mobile number, profile information (e.g., profile picture, name), message content, and timestamps. This data is automatically processed by WhatsApp and may be stored on servers located outside the EU – particularly in the United States.

The use of WhatsApp is based solely on your express consent in accordance with Article 6(1)(a) GDPR, which you give by actively initiating contact via WhatsApp. We will not contact you through this channel unless you initiate the communication first.

WhatsApp processes data in accordance with its own privacy policies, over which we have no control. Please note that WhatsApp may access metadata regardless of the content of the communication. We would like to point out that we have entered into a data processing agreement with WhatsApp and that WhatsApp states it adheres to the EU-U.S. Data Privacy Framework.

For more information, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea

 

7. Customer Account & Order Processing

7.1 Order processing

To fulfill your order, we process the personal data you provide during the ordering process. This includes in particular:

  • First and last name
  • Billing and shipping address
  • Email address
  • Phone number (optional)
  • Order details (items, quantity, price, etc.)
  • Payment information (depending on the selected payment method)

This data is processed for the purpose of fulfilling the contract pursuant to Article 6(1)(b) GDPR. Without this information, we cannot process your order.

As part of order fulfillment, it may be necessary to share certain data with third parties. This particularly applies to:

  • Payment service providers (e.g., PayPal) for processing the payment
  • Shipping providers (e.g., DHL) for delivery of the goods

Data will only be shared to the extent required for processing your order. We will not share your data with third parties beyond this, unless we are legally required to do so or you have given us your explicit consent.

We store your order data for as long as necessary to fulfill the contractual relationship and to comply with statutory retention periods (e.g., under commercial and tax law). Typically, business documents must be retained for 6 or 10 years in accordance with Sections 257 of the German Commercial Code (HGB) and 147 of the German Fiscal Code (AO). After these periods, your data will be routinely deleted unless we have other legitimate interests in continued storage.

7.2 Customer account

You have the option to create a personal customer account on our website. Setting up the account is entirely voluntary. During registration, we process the personal data you provide, in particular:

  • First and last name
  • Email address
  • A password of your choice (stored in encrypted form)
  • Optional: billing and shipping addresses

This data is used solely for managing your customer account and to facilitate future orders. Processing is based on Article 6(1)(b) GDPR, as it serves to fulfill pre-contractual measures and contractual obligations.

Your login credentials are password-protected and stored in encrypted form on our systems. We recommend that you use a strong password and change it regularly.

Your data remains stored for as long as your customer account is active. You may delete your account at any time via the account settings in your customer area or by requesting deletion via email. To do so, simply send an informal message to the contact address mentioned above with the subject line "Delete account". Your data will then be promptly deleted unless statutory retention obligations apply. In such cases, your account will be deactivated and the data deleted after the retention period has expired.

7.3 Payment service provider PayPal

If you choose to pay via PayPal, the payment will be processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. In this context, we transmit the data necessary for processing the payment (e.g., order number, name, shipping and billing address, email address, payment amount) to PayPal. Data is transmitted solely for the purpose of payment processing and only to the extent required.

The legal basis for this data transfer is Article 6(1)(b) GDPR (performance of a contract) and – in cases where you voluntarily use PayPal's additional features (e.g., buyer protection) – Article 6(1)(f) GDPR (legitimate interest).

PayPal also reserves the right to conduct credit checks by consulting credit agencies. We have no influence over this processing and refer you to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

7.4 Shipping provider DHL

If you have given us your explicit consent during the ordering process, we may share your email address and/or phone number with the shipping provider DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany. This is done so that DHL can inform you by email about the current status of your shipment (e.g., shipping confirmation, estimated delivery time).

The legal basis for this data transfer is Article 6(1)(a) GDPR (consent). You may withdraw your consent at any time with effect for the future by contacting us via the above-mentioned address or by contacting DHL directly.

 

8. Retention Period for Personal Data

The duration of storage of personal data depends on the specific purpose of processing, the applicable legal basis, and—if relevant—statutory retention requirements.

If the processing is based on your explicit consent (Art. 6(1)(a) GDPR), we will retain the corresponding data until you withdraw your consent.

Data that we process for the performance of a contract or to take steps prior to entering into a contract (Art. 6(1)(b) GDPR) is stored for as long as necessary to fulfill contractual obligations. In addition, certain data is subject to mandatory commercial and tax retention periods—typically six or ten years under Sections 257 of the German Commercial Code (HGB) and 147 of the German Fiscal Code (AO).

If data is processed on the basis of our legitimate interests (Art. 6(1)(f) GDPR), it will be stored until you object to the processing—unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is required for the establishment, exercise, or defense of legal claims.

If your personal data is processed for the purpose of direct marketing, we will retain it until you exercise your right to object in accordance with Art. 21(2) GDPR.

Unless otherwise specified in this privacy policy, we will delete or anonymize your personal data once it is no longer necessary for the purposes for which it was collected or otherwise processed.

 

9. Your rights

9.1 Overview of your data protection rights

As a data subject under the General Data Protection Regulation (GDPR), you have various rights regarding the processing of your personal data. These rights provide transparency, control, and oversight over how we handle your information.

You are entitled in particular to the following rights:

  • Access to the personal data we store about you (Art. 15 GDPR)
  • Correction of inaccurate or incomplete information (Art. 16 GDPR)
  • Deletion of your personal data, provided no legal retention obligations apply (Art. 17 GDPR)
  • Restriction of processing under certain conditions (Art. 18 GDPR)
  • Notification of correction or deletion to third parties (Art. 19 GDPR)
  • Portability of your data to yourself or another controller (Art. 20 GDPR)
  • Withdrawal of previously given consent (Art. 7(3) GDPR)
  • Lodging a complaint with a competent supervisory authority (Art. 77 GDPR)

To exercise your rights, please send an email to the address provided in our legal notice (Impressum). We will process your request in accordance with legal requirements and inform you within the legally required timeframe.

9.2 Right to object

If we process your personal data based on legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to such processing at any time for reasons arising from your particular situation. This also applies to any profiling based on that legal basis.

If you exercise your right to object, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to establish, exercise, or defend legal claims.

You can exercise your right to object at any time by sending an informal message to the email address provided in our legal notice. Upon receiving your objection, we will promptly assess whether the legal requirements are met and, unless there are overriding legitimate interests or legal obligations, we will discontinue the related data processing.

We also use these cookies. They help us to improve our site. Is that okay with you? Privacy Policy