Privacy Policy
1. Responsible person
2. Privacy Officer
3. Technical operation of our website
4. Detection and defence against attacks against our website
5. Creation of a customer account
6. Placing orders
7. Payment service provider
8. Customer service
9. Email newsletter
10. Warning about data transfers to third countries
11. Tools for analysing the use of our website
12. Advertising services
13. Reviews.io and ratings
14. WhatsApp chat
15. Links to our social media presences
16. Privacy policy for our Facebook page
17. Shipping
18. Your rights
19. Explanation of various terms
1. Person responsible
Phone: +49 941 206 068 20
E-mail: kontakt@misspompadour.de
2. Privacy Officer
3. Technical operation of our website
- Date and time of access
- Name and URL of the page or file accessed
- browser used, operating system of the end device
- HTTP status code
Individual settings for cookies
- Chrome browser - https://support.google.com/accounts/answer/61416?hl=de
- Internet Explorer - https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Microsoft Edge - https://support.microsoft.com/de-de/windows/microsoft-edge-browserdaten-und-datenschutz-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd
- Mozilla Firefox - https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Safari - https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Cookies used
Consent & cookie settings
Name | Storage duration | Domain name | Domain Description |
mpCookieBanner | 1 year | missPompadour.com | Saves whether the consent banner has already been displayed to the user |
mpCookieSettings | 1 year | misspompadour.de | Saves the user's settings for the consent banner |
mpPinterestButton | 1 year | misspompadour.com | Saves whether the user has consented to the display of the Pinterest "Pin-it" button via a 2-click solution |
mpYoutubeVideos | 1 year | misspompadour.com | Saves whether the user has consented to the embedding of YouTube videos |
Shopware (shop system)
Name | Storage duration | Domain name | Domain description |
timezone | 30 days | missPompadour.com | Recognises the correct time zone of the user. |
csrf[frontend.account.login] | Session | misspompadour.de | Security cookie for the login to the customer account. |
csrf[frontend.account.register.save] | Session | misspompadour.de | Security cookie for registration in the shop. |
csrf[frontend.checkout.line-item.add] | Session | misspompadour.de | Security cookie for adding products to the shopping basket. |
csrf[*] | Session | misspompadour.de | Security cookies for core functions of the shop system. |
session* | Session | misspompadour.de | Identifies the session of a user |
AWSALBTGCORS | 7 days | misspompadour.de | Ensures the technical functionality of the shop under high system load. Part of Amazon Web Services Elastic Load Balancing, which always connects users to the same server if necessary. |
AWSALBTG | 7 days | missPompadour.de | Ensures the technical functionality of the shop under high system load. Part of Amazon Web Services Elastic Load Balancing, which always connects users to the same server if necessary. |
MissPompadour Analytics
Name | Storage duration | Domain name | Description |
_mpParams | 1 year | missPompadour.com | This cookie allows us to identify your visitor source (referrer URL) when you place a new order |
4. Detection of and defence against attacks on our website
5. Creating a customer account
"PompCoins" bonus programme
If you register for and use our bonus programme, we process the data you provide and the interactions you have with our website or app in order to set up and manage your bonus programme account, to credit or redeem points and to enable you to make use of the services we offer in connection with the bonus programme. In the bonus programme account, in addition to the data that you provided when setting up the account, further data is processed in connection with the use of the account, such as which interactions for which points are awarded were made, when points were redeemed and when points expire. The legal basis for the corresponding processing of your data is Art. 6 para. 1 lit. b) GDPR. This data associated with the bonus programme account will be stored until the customer account is deleted. If we are legally obliged to store the data for a longer period (e.g. to fulfil accounting obligations or legally required evidence) or if we are legally entitled to store the data for a longer period (e.g. due to an ongoing legal dispute against the holder of a bonus programme account), the data will be deleted after the storage obligation or entitlement has expired.
6. Orders
7. Payment service provider
- Paypal - https://www.paypal.com/de/webapps/mpp/ua/privacy-prev?locale.x=de_DE
- Klarna - https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
- Stripe - https://stripe.com/de/legal/privacy-center
- Amazon Pay - https://pay.amazon.de/help/201212490
Cookies used
Paypal
Name | Storage duration | Domain name | Domain description |
paypalplus_session_v2 | Session | missPompadour.com | Contains data for the payment transaction of an order. |
Klarna
Name | Storage duration | Domain name | Domain description |
thx_global_guid | 5 years | online-metrix.net | Used to detect and prevent fraud. |
thx_guid | 5 years | online-metrix.net | Used to detect and prevent fraud. |
Stripe
Name | Storage duration | Domain name | Description |
__stripe_sid | Session | missPompadour.com | Used to identify the session in the checkout with Stripe. |
__stripe_mid | 1 year | misspompadour.com | Used to identify the user in the checkout with Stripe. |
Amazon Pay
Name | Storage duration | Domain name | Domain description |
session-token | 1 year | amazon.com | Contains a token to identify the session in the checkout for Amazon Pay |
session-id-* | 1 year | amazon.com | Contains additional information such as the time the session was initialised |
apay-session-set | 1 year | missPompadour.com | Contains additional information to identify the checkout session for Amazon Pay |
8. Customer service via Dixa
8.1 Contact form
Your data will be deleted after your enquiry has been dealt with, unless we are legally obliged to store it for a longer period. In this case, the deletion will take place after expiry of the corresponding obligation.
8.2 FAQ via Elevio
We use Elev.io, a service provided by Elevio Pty Ltd, Level 1, 2 Mill Place, Melbourne, Victoria 3000, Australia , to display contextualised answers to frequently asked questions / FAQs about our service. Elev.io only stores user-related data on our behalf if you actively send it to us via the contact form on the help pages provided by Elev.io. Elev.io has undertaken to use this data only for direct service fulfilment in our context. The information collected by Elev.io is generally stored on an Elev.io server in Australia, Elev.io complies with the provisions of the GDPR when processing personal data. As an Australian company, Elev.io is subject to the requirements of the Australian Privacy Act 1988 (Cth). The legal basis for the processing of the data is your consent pursuant to Art. 6 para. 1 lit. a GDPR and our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to provide you with easy access to help topics. You can findmore information in Elev.io's privacy policy.
9. Email newsletter and postal advertising
To confirm your registration for the newsletter, you must click on the confirmation link in the verification email that we send you after your registration. By clicking on the link provided in the verification message, we process the date and time of the click, the content of the message sent to you and the email address used. This is done in order to be able to prove that you have subscribed to the newsletter and confirmed your consent. The legal basis for this processing is Art. 6 para. 1 lit. c) GDPR, as we are legally obliged to be able to prove your consent.
We will delete your personal data in connection with the newsletter subscription when you unsubscribe. We delete data that we require as proof that you have subscribed to the newsletter after the limitation period for corresponding obligations to provide proof has expired.
If you purchase a product or service via our website or our app, we will send you our email newsletter on the basis of Section 7 (3) UWG, Art. 6 (1) (f) GDPR. We use the email address you provided at the time of purchase for this purpose. You can unsubscribe from the newsletter at any time with effect for the future, e.g. using the unsubscribe link provided in the newsletters. This does not incur any costs other than the transmission costs according to the basic tariffs.
We personalise the dispatch and content of our newsletter on the basis of Art. 6 para. 1 lit. f) GDPR based on your purchases made with us in order to offer you products that we believe will be of interest to you
We send our customers postal advertising on the basis of a balancing of interests in accordance with Art. 6 para. 1 lit. f) GDPR. You can object to the corresponding use of your data at any time. Our legitimate interest in this is to inform our customers about our offers.
Use of Klaviyo
We use the service of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; "Klaviyo") to send newsletters as part of order processing. We pass on the information you provide during newsletter registration (e-mail address, first and last name if applicable, telephone number if applicable, products viewed, products in the shopping basket, order data such as order number, products purchased, voucher codes used if applicable) to Klaviyo. The data processing serves the purpose of sending the newsletter and its statistical analysis. In order to analyse newsletter campaigns, the newsletters sent contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This allows us to determine whether you have opened the newsletter and whether you have clicked on any integrated links. In this context, we collect your personal data such as IP address, browser type and device as well as the time. This data can be used to create user profiles under a pseudonym. The data collected will not be used to identify you personally. The data collected is only used for statistical analysis to improve newsletter campaigns. You can also prevent tracking by deactivating the display of images in your email programme by default. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking will take place and your data will generally be transmitted to Klaviyo servers in the USA and stored there. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo has certified itself in accordance with the TADPF and is therefore committed to complying with European privacy principles
Your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. You have the right to object to this processing of your personal data at any time on grounds relating to your particular situation.
You can find more information about privacy at Klaviyo here and here.
Cookies used, responsible party: Klaviyo Inc.
Name | Storage duration | Domain name | Domain description |
__kla_id | 1 year | missPompadour.com | Is set to identify the visitor. |
od-klaviyo-track-allow | 1 year | misspompadour.de | Is set if the tracking has been accepted by the visitor. |
10. Warning about data transfers to third countries
For various services that are used on our website with your consent or that process data via our website (e.g. for advertising purposes), you will find a warning in this privacy notice that data may be transferred to third countries.
What does this warning mean?
If data is transferred to a third country, your personal data will leave the local scope of the GDPR. In individual cases, a level of privacy may apply in the third country that does not meet the requirements of the GDPR. For some countries, e.g. Switzerland, there is a so-called adequacy decision. In the opinion of the EU Commission, the level of data protection law in these countries meets the requirements of the GDPR. They are therefore considered safe for privacy purposes. There is no such decision for other countries, in particular the USA, as these countries do not have a level of protection for your personal data that corresponds to that of the GDPR. When data is transferred to a third country, your personal data may therefore be transferred to a country, e.g. the USA, for which there is no level of privacy that is compatible with the GDPR.
What does this mean for your personal data?
The GDPR allows the conclusion of so-called standard contractual clauses to agree that the contractual partner, e.g. the parent company in the USA, must comply with the provisions of the GDPR for the corresponding data processing, even if these would otherwise not apply to the contractual partner. This is intended to contractually create a level of privacy that corresponds to that of the GDPR so that the data subjects are not placed in a worse position than if their personal data were processed in the EU.
However, contracts only bind the parties involved in them and not third parties, such as government agencies. It is therefore possible that in one country, e.g. the USA, government agencies have the right to access the personal data of EU citizens, even if this violates their rights. This access can be very extensive and relate to all of your data that is processed there. They can be carried out without a judge or similar having to order it. They can be secret, so that you do not find out about these accesses. And you may not be able to defend yourself against access and any use of your data, especially not in court. Furthermore, the rights of data subjects to which you are entitled under the GDPR (e.g. information, erasure) may also not exist or may not be enforced. The data processed in this way may also be combined with other data concerning you from other sources, e.g. to create a profile about you.
This possible use of your data could, but does not necessarily have to, be associated with disadvantages for you. Since government agencies in third countries in particular are not subject to EU or German law, it is not possible to specify exactly what these disadvantages may be. Disadvantages can therefore be of any nature, e.g. economic or political. For example, you could be denied entry to a country, but it is also possible that this data could be used against you in foreign criminal proceedings. The disadvantages can therefore be very serious in individual cases
How high are my risks?
We cannot give a generalised answer as to how high the risks described are in individual cases. We can only point out that the key question is which service, and therefore which company, has access to your data in connection with your use of our website. It is also decisive which personal data is affected by this. In our opinion, our website only deals with the possible processing of personal data in third countries in connection with advertising services such as Google, Microsoft or Facebook. This will be data about which website you visited and when, how long you stayed on it, where you accessed it from, which end device or software (browser, app) was used for this, which interactions you made on the website, if this is transmitted to the operator of the service (e.g. the purchase of a product after clicking on an advert. Please read the information on the respective services) and any other data processed by the respective operator. For this, we refer you to the respective privacy notices of the services. You will find the links to these in these privacy notices in the explanation of the respective service.
You must weigh up for yourself whether giving your consent and any transfer to a third country could create a situation for you that you do not want to live with. In this case, please do not give your consent to the use of these services.
You will not suffer any disadvantages if you do not give your consent
If you do not wish to give your consent to the use of certain or all services or the storage of cookies, this will not have any disadvantages for you on our website. All our offers are available to our customers on the same terms, regardless of whether they give their consent or not. Of course, you can also return your consent at any time with effect for the future. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.
11. Tools for analysing the use of our website
You can revoke your consent at any time with effect for the future here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.
In addition, the services offer you the opportunity to object to their use in general, and not just for our website. Please refer to the information on the respective services.
a. Google Analytics
Google Analytics is used to process the following data about the use of our website
- approximate location at the level of a region
- anonymised IP address
- technical information about the browser and end device used (e.g. language setting, screen resolution)
- Internet provider of the user
- via which website/advertising media a user came to this website
- the pages accessed by the user
- whether users perform certain actions on our website, so-called conversions, such as the purchase of a product newsletter registrations, downloads, purchases)
- user behaviour (e.g. which links are clicked on, how long a user stays on a website, from which website they leave our website)
We have deactivated the functions in Google Analytics that would allow Google or another third party to use data as the controller.
No personal profiles are created, but the corresponding statistics only contain summarised data that does not allow any conclusions to be drawn about a specific person.
The analyses created by Google Analytics enable us to understand how our website is used and which advertising measures are successful. This allows us to optimise our website (in particular its structure, content, functions) and advertising measures and thus our business success. The legal basis for processing is Art. 6 para. 1 lit. a) GDPR based on your consent. In Google Analytics, we have set a storage period of 14 months for the personal data concerned. Data whose retention period has been reached is automatically deleted once a month.
As part of the order processing, Google is authorised to commission subcontractors. You can find a list of these subcontractors at https://privacy.google.com/businesses/subprocessors/
As part of the activities of Google Ireland Limited, data may be exported to a third country within the meaning of Art. 44 GDPR. Google Ireland Limited states that it will only do so if the applicable requirements are met.
Google only offers a browser plugin as a website-wide function for opting out of the use of Google Analytics. You can find information about this here.
The information generated about your use of this website is usually transferred to a Google server in the USA and stored there. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore committed to complying with European privacy principles. Both Google and US government authorities have access to your data. Your data may be linked by Google with other data, such as your search history, your personal accounts, your usage data from other devices and all other data that Google has about you.
We also use the Google Signals service in this context. Google Signals enables cross-device tracking. Your data can therefore be analysed across devices if you have activated "personalised advertising" in your account settings and your end devices are linked to your Google account. This makes it possible to recognise on which device you search for products and later return to complete purchases on another device, such as a tablet. The cross-device reports created in this context only contain aggregated data. We therefore only receive statistics generated on the basis of Google Signals. To prevent Google Signals from collecting and storing data across devices, you can deactivate the "personalised ads" function in the settings of your Google account. You can find more information on this at https://support.google.com/ads/answer/2662922?hl=de. You can find more information on data processing and privacy at Google Signals at https://support.google.com/analytics/answer/7532985?hl=de.
Your consent can be revoked here at any time with effect for the future. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.
Cookies used, responsible party: Google Ireland Limited
Name | Storage duration | Domain name | Description |
_ga | 2 years | missPompadour.com | Used to distinguish individual users from each other. |
_ga_* | 2 years | misspompadour.de | Used to distinguish individual users from each other. |
_gid | 24 hours | misspompadour.de | Used to distinguish individual users from each other. |
_gat_* | 1 minute | misspompadour.de | Used to throttle the rate of server requests. |
b. Klar Attribution
We use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany) on our website. Klar collects, processes and stores data on this website and its subpages for reach measurement and statistical analysis on our behalf. This collection takes place on the following legal basis: If the user has given consent in accordance with Article 6 (1) sentence 1 a GDPR and Section 25 (1) sentence 1 TTDSG, the data to be processed is collected on a user-related basis. Various cookies are used to collect the data
To object to the use of cookies, please use this link. This will set a cookie with the name "do_not_track" from the domain "misspompadour.de". Please do not delete this cookie, as otherwise it cannot be guaranteed that you will not be tracked by Klar. Information on privacy and data usage by Klar can be found here
Cookies used, person responsible: Klar
Name | Storage duration | Domain name | Domain description |
september_id | 1 year | missPompadour.com | Used to distinguish the user from other users. |
september_has_consent | 1 year | misspompadour.de | Is set when tracking has been accepted. |
c. Microsoft Clarity
- Usage data of visitors to our website (which website is accessed, where the mouse moves on a website, which page elements are clicked on, where a website is scrolled to;
- the so-called User Unique User Identifier (UUID), which is used to distinguish the usage data of visitors from each other;
- the IP address
- technical data of the end device used to visit our website (screen size, device type (unique device identifiers), browser used, language set for displaying our website);
- The country from which a visitor accesses our website
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself in accordance with the TADPF and is therefore committed to complying with European privacy principles.
We do not transmit any data relating to you in connection with Microsoft Clarity; data is transmitted solely by the browser you use on the basis of the cookies stored with your consent. We have no access to the personal data processed by Microsoft Clarity and are not responsible for this service under data protection law.
Cookies used, responsible party: Microsoft Corporation
Name | Storage duration | Domain name | Description |
_clck | 12 months | missPompadour.com | Contains the Clarity user ID (UUID) and the settings that are unique to this site and are assigned to the same user ID. |
_clsk | 1 day | clarity.ms | Combines multiple page views of a user into a single Clarity session record. |
CLID | 12 months | clarity.ms | Identifies the first time Clarity saw a user on a website. |
MUID | 13 months | clarity.ms | Identifies unique web browsers that visit Microsoft websites. These cookies are used for advertising, website analytics and other operational purposes. |
MR | 7 days | clarity.ms | Indicates whether MUID should be updated. |
ANONCHK | 10 minutes | clarity.ms | Specifies whether MUID is transferred to ANID, a cookie used for advertising. Clarity does not use ANID and is therefore always set to 0. |
Cookies used, responsible party: Hotjar Ltd
Name | Storage duration | Domain name | Description |
_hjid | 1 year | missPompadour.com | Used to distinguish users from each other. |
_hjTLDTest | Session | misspompadour.de | Used to ensure the use of Hotjar across subdomains. |
_hjFirstSeen | Session | misspompadour.de | Used to identify the first session of a user. |
_hjAbsoluteSessionInProgress | 30 minutes | misspompadour.de | Used to identify the first page view of a user during a session. |
_hjRecordingEnabled | Session | misspompadour.de | Is used as soon as a recording is started. |
_hjIncludedInSessionSample | Session | misspompadour.de | Is used to track the allocation of a user to a recording or a test. |
_hjRecordingLastActivity | Session | misspompadour.de | Is saved in the session storage. Is updated when a recording is started and data is transferred to Hotjar via a web socket. |
hjViewportId | Session | misspompadour.de | Saves the user's screen resolution and dimensions |
d. ABlyft
We carry out tests and analyses on our website and use the ABlyft service from Conversion Expert GmbH (Zeppelinring 52c, 24146 Kiel, Germany) for this purpose. This enables us to analyse how individual user segments visit the website and carry out so-called A/B tests in order to constantly improve our website
ABlyft does not store any personal data such as IP addresses, but anonymised and aggregated data. The service also respects DoNotTrack settings of the browser. You can object to the use of ABlyft at any time by clicking on the following link: https: //www.misspompadour.de?ablyft_opt_out=true. Hosting takes place on servers in Germany. Further information on how ABlyft processes data can be found here.
The storage of and access to information in the end user's terminal equipment is carried out in accordance with § 25 para. 1 TTDSG. The legal basis for the evaluation and optimised presentation of our online offers and the storage of cookies is the consent given in accordance with Art. 6 para. 1 lit. a GDPR. The anonymised data collected is evaluated for a maximum period of 365 days. Your consent can be revoked here at any time with effect for the future. The return policy of the consent does not affect the legality of the processing carried out on the basis of the consent until the return policy
Cookies used, responsible: ABlyft
Name | Storage duration | Domain name | Domain description |
ablyft_exps | 90 days | misspompadour.com | Is set and updated when a visitor is categorised into an experiment / variation. |
ablyft_queue | 90 days | misspompadour.de | Collects the visitor's events before they are sent to ABLyft. |
ablyft_uvs | 90 days | misspompadour.de | Is set the first time the visitor accesses the site and is updated with every subsequent page view. |
ablyft_tgoals | 90 days | misspompadour.de | Is set when the visitor triggers a specific goal event. |
90 days | misspompadour.de | ||
90 days | misspompadour.de | ||
90 days | misspompadour.com |
12. Advertising services
We use the services listed below to advertise the services we offer and thus acquire customers on the basis of your consent, which you can withdraw at any time. The legal basis for this is Art. 6 para. 1 lit. a) GDPR. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy. You can withdraw your consent here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.
In addition, the services offer you the opportunity to object to their use in general, and not just for our website. We point this out in the respective services.
Please note that the consent you have given relates to two issues:
- The storage of cookies in the end device you are using;
- The use of the respective service as such
- Microsoft Advertising
- Criteo
a. Microsoft Advertising
With your consent, cookies for the Microsoft Advertising service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this section.Cookies used, responsible party: Microsoft Corporation
Name | Storage duration | Domain name | Domain description |
MUID | 392 days | bing.com | Contains a randomly generated user ID. Microsoft can use this ID to recognise the user anonymously across different websites and display personalised advertising. |
_uetsid | 1 day | missPompadour.com | Contains a unique, non-personally identifiable ID that is used to identify a visitor to our website |
_uetvid | 16 days | misspompadour.com | Contains a unique, non-personally identifiable ID that is used to identify a visitor to our website |
b. Google Ads
Cookies used, responsible party: Google Ireland Limited
Name | Storage duration | Domain name | Domain description |
IDE | 1 year | doubleclick.net | Contains a randomly generated user ID. Google can use this ID to recognise the user across different websites and display personalised advertising. |
RUL | 1 year | doubleclick.net | Is used to track whether adverts have been displayed and to increase the efficiency of adverts. |
test_cookie | 15 minutes | doubleclick.net | Is set as a test to check whether the browser allows cookies to be set. Contains no identification features. |
_gcl_au | 90 days | misspompadour.de | Used to distinguish individual users from each other. |
NID | 182 days | google.com | Used to store user preferences and other information. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter. |
DV | 7 minutes | google.com | Used to store user preferences and other information. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter. |
CONSENT | 20 years | google.com | This cookie is used to store the user's preferences and other information. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter. |
AID | 3 months | google.com | Used to switch on targeted advertising. |
1P_JAR | 1 month | google.com | Collects website statistics and tracks conversion rates. |
c. Criteo
With your consent, cookies for the Criteo service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this section.Cookies used, responsible party: Criteo GmbH
Name | Storage duration | Domain name | Domain description |
uid | 1 year | criteo.com | Contains a randomly generated user ID. Criteo can use this ID to recognise the user across different websites and display personalised advertising. |
d. Facebook Pixel & Conversion API
Order processing
Meta Platforms Ireland Ltd. acts as a processor insofar as so-called event data is processed on our behalf in order to create reports for us on the impact of our advertising campaigns operated via Facebook and other Facebook content (e.g. our posts on facebook.com) as well as analyses and insights about users of our website and their use of the website. For this purpose, no profiles are created that we can assign to specific users of our website. "Event data" is information that we share with Facebook using the Facebook pixel and relates to people and the actions they take on our website, such as visiting our website and purchasing the products we offer. Event data includes information that is collected and transmitted when people access our website using Facebook login or Facebook plugins (e.g. the "Like" button). However, they do not collect information that is created when a user interacts with our website via the Facebook login, Facebook plugins or in any other way (for example, by logging in or "liking" or sharing an article).Joint responsibility
In accordance with Art. 26 GDPR, we are joint controllers with Meta Platforms Ireland Ltd. for the use of event data generated by our use of the Facebook pixel, insofar as this is used to improve the display of our advertisements played via Facebook and the delivery optimisation of these advertising campaigns. For this purpose, Meta Platforms Ireland Ltd. uses this event data in relation to people who use products of Facebook companies in order to show our advertising campaigns only to people who have visited our website (so-called ad targeting) or who are assumed to be interested in our services. In connection with ad targeting and the optimisation of ad delivery, Facebook Ireland Ltd. only uses the event data generated by us to optimise the delivery of ads after it has been aggregated with other data collected by other Facebook advertisers or otherwise on Facebook products. Facebook does not allow other advertisers or other third parties to target ads based solely on the event data we submit. A description of which personal data is processed by us and Meta Platforms Ireland Ltd. as joint controllers due to the use of the pixel can be found here. According to Facebook, this is the following data- HTTP header information such as information about the web browser or app used (e.g. user agent, language setting country/language)
- Information on standard/optional events such as "page view" or "app installation", other object properties and buttons clicked by visitors to the website, products placed in the shopping basket and products purchased, in each case in accordance with the configuration of the business tool
- Online identifiers such as IP addresses and, if provided, Facebook-related identifiers or device IDs (such as advertising IDs for mobile operating systems) and information on the status of deactivation/restriction of ad tracking;
Sole responsibility of Facebook
Meta Platforms Ireland Ltd. is solely responsible under data protection law for the processing of personal data in connection with the Facebook Pixel that goes beyond the above. The privacy policy of Meta Platforms Ireland Ltd. can be found here. You can find further options for objecting to Facebook using your personal data for these purposes here.In addition to the Facebook Pixel, we use the Facebook Conversion API, a server-side event tracking interface. The functionality and processing of data as part of the Conversions API corresponds to the functionality and processing as part of the use of the Facebook pixel.
Cookies used, responsible party: Facebook Ireland Ltd
Name | Storage duration | Domain name | Description |
_fbp | 90 days | missPompadour.com | Used to distinguish individual users from each other. |
fr | 90 days | facebook.com | Used to distinguish individual users from each other. |
ATN | 2 years | atdmt.com | Contains a randomly generated user ID. Facebook can use this ID to recognise the user across different websites and display personalised advertising. |
e. Pinterest Tag
With your consent, cookies for the Pinterest Tag service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this section.Cookies used, responsible party: Pinterest
Name | Storage duration | Domain name | Description |
_pin_unauth | 1 year | missPompadour.com | Is a first-party cookie that groups actions for users who cannot be identified by Pinterest. |
_pinterest_ct_ua | 1 year | pinterest.com | Identical to _pin_unauth, but as a third-party cookie. |
_pinterest_sess | 1 year | pinterest.com | Is the cookie for logging in to Pinterest. It contains user IDs, authentication tokens and timestamps. When users log out, the authentication tokens are deleted, but the cookies remain. We use the logged-out user IDs to optimise usage and measurability. |
_pinterest_ct | Session | pinterest.com | Contains a user ID and the timestamp at which the cookie was created. |
_pinterest_ct_rt | Session | pinterest.com | Identical to _pinterest_ct |
_epik | Session | pinterest.com | Placed by the JavaScript tag based on information sent by Pinterest with the advertised traffic to identify the user |
_derived_epik | Session | pinterest.com | Placed by the Pinterest tag when a match is recognised without cookies being present, e.g. with Enhanced Match. |
f. TikTok Pixel
With your consent, we use the advertising services of TikTok, a service provided by TikTok Technology Limited, a company registered in the Republic of Ireland with its registered office at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
We use this function to display our advertising on TikTok to people who have visited our website or for whom we assume that they are interested in our offers and thus our advertising. TikTok also allows us to measure the effectiveness of our adverts by determining whether a person has been redirected to our website after clicking on a corresponding advert
In terms of privacy law, TikTok acts partly as a processor for us and partly we are jointly responsible with it in accordance with Art. 26 GDPR. Otherwise, TikTok alone is responsible for the corresponding processing of personal data. You can find a description of the respective legal responsibility here under Part B, Section 1.4. Of the services listed there (as of December 2022), we use services a), b), c), d) and i). You will also find the agreements we have concluded with TikTok in this respect under the above link.
If you have an account with TikTok, you can make settings for the processing of your personal data, in particular for advertising purposes. You can find the privacy policy for TikTok here and further information here
You can revoke your consent to the use of TikTok on our site at any time with effect for the future by clicking here Link to Consent Layer. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.
Please note our warnings about third countries, as TikTok may process personal data in countries where there is no level of privacy that meets the standards of the GDPR. Your data may be transferred to third countries, such as the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified under the TADPF. The transfer of data to the USA and to third countries without an adequacy decision is based, among other things, on standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed here.
Cookies used, responsible party: TikTok Technology Limited
Name | Storage duration | Domain name | Description |
_ttp | 13 months | missPompadour.com | Contains an anonymous user ID. Used to display adverts relevant to the user. |
_tt_enable_cookie | 13 months | misspompadour.com | Saves that cookies have been set by TikTok |
13. Reviews.io and reviews
Use of the review portal
Widgets and badges with ratings
14. WhatsApp chat
15. Links to our social media presences
16. Privacy policy for our Facebook page
- Viewing a page, a post, a video, a story or other content associated with a page
- Interacting with a story
- Subscribing or unsubscribing to a page
- Marking a page or a post with "Like" or "No longer like"
- Recommend a page in a post or comment
- Comment on, share or react to a page post (including the type of reaction)
- Hide a page post or report it as spam
- Hover over a link to a page or the name or profile picture of a page to see a preview of the page content
- Click on the website button, phone number button, "Plan route" button or any other button on a page
- See the event of a page, react to an event (including the type of reaction), click on a link for event tickets
- Start a Messenger conversation with the page
- View or click on items in a site shop
- Information about the action, the person who performed the action and the browser/app used for it. These are for example
- Date and time of the action
- Country/city (estimated from the IP address or imported from the user profile for logged-in users)
- Language code (from the HTTP header of the browser and/or the language setting)
- Age/gender group (from the user profile, only for logged-in users)
- Previously visited websites (from the HTTP header of the browser)
- Whether the action was performed on a computer or on a mobile device (from the browser user agent or from app attributes)
- Facebook user ID (only for logged-in users)
17. Dispatch
Order-related data (contact and delivery data) can be transmitted to our shipping partner for dispatch processing.
Shipping to Switzerland
We work together with our shipping partner exporto GmbH to ship your order to Switzerland.
Switzerland - Shipping within Germany:
exporto GmbH
Max-Stromeyer-Str. 172
DE-78467 Konstanz
Register court: Freiburg Local Court
Register number: HRB 721808
VAT ID: DE331284697
Switzerland - Shipping within Switzerland:
exporto Schweiz GmbH
Hafenstraße 50C
CH-8280 Kreuzlingen
UID: CHE-130.123.814
MWST: CHE-130.123.814 MWST
Contact:
Phone: +49 7531 3027860
E-mail: info@exporto.de
18. Your rights
Right to information
According to Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data concerning you is being processed by us. If this is the case, you have the right to information about this personal data and to further information as specified in Art. 15 GDPR.Right to rectification
According to Art. 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.Right to erasure ("right to be forgotten")
Within the limits of Art. 17 GDPR, you have the right to demand that we erase personal data concerning you without undue delay. We are obliged to delete personal data immediately if the corresponding requirements of Art. 17 GDPR are met. For details, please refer to Art. 17 GDPR.Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right, under certain conditions, to demand that we restrict the processing of your personal data. For details, please refer to Art. 18 GDPR.Right to data portability
Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. According to Art. 20 GDPR, you also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means.Right to lodge a complaint with the supervisory authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority, without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.Right to object
Pursuant to Art. 21 GDPR, you have the right to object to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.19. Explanation of various terms
EEA - is the European Economic Area. In addition to the EU member states, this includes Iceland, Liechtenstein and Norway.
Third countries - are countries that are not part of the EEA and for which there is no adequacy decision by the EU Commission
IP address - every device that exchanges data via the Internet requires a unique identification, otherwise data (e.g. websites) that are to be sent to this device cannot be delivered. The computer, smartphone, tablet, etc. you are using therefore uses an IP address so that it can retrieve and receive data from the internet. As a rule, you do not use a separate IP address for each end device, but the technology used to connect to the Internet (e.g. your Internet router at home) allows all end devices in a network to appear to the outside world under a common IP address.
lit. - is a Latin abbreviation for "letter", which is used when quoting legal texts. Art. 6 para. 1 lit. a) GDPR therefore means "letter a)".
Standard contractual clauses - are a set of contracts provided by the EU Commission that can form the basis for data transfer to a third country in accordance with Art. 46 para. 2 lit. d) GDPR.