1. Person responsible

MissPompadour GmbH
Am Reitfeld 10, 93161 Sinzing, Germany
Phone: +49 941 206 068 20
E-mail: kontakt@misspompadour.de

2. Privacy Officer

Our Privacy Officer is at your disposal at the above address and at datenschutz@misspompadour.de.

3. Technical operation of our website

When you access our website with your browser, it transmits various personal data to us. We use the following data for the following purposes:
We process the so-called IP address so that the browser you are using can retrieve content from our website and thus use it. The legal basis for this processing of the IP address is Art. 6 para. 1 lit. f) GDPR, as it is also in your interest that we make it technically possible to use our website when you visit it. If the visit to our website serves the conclusion of a contract or the preparation thereof, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

We also process the following data for statistical purposes
  • Date and time of access
  • Name and URL of the page or file accessed
  • browser used, operating system of the end device
  • HTTP status code

We do not use this data for personal purposes, but to create statistical analyses of how and under what technical conditions our website is used in order to identify errors and make improvements (e.g. in user guidance). The data is not processed in connection with other data that would enable us to establish a personal reference. Therefore, no personal user profiles are created. The legal basis for the use of the data for the creation of statistics is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest in such processing is that these statistics enable us to detect malfunctions of our website and to optimise it so that the use of the website corresponds as closely as possible to the interests of the users and can therefore be used successfully by us.
In addition, the personal data transmitted by your browser is not processed or stored.
Use of Cloudfront
We use the Cloudfront CDN content delivery network of Amazon Web Services EMEA SARL (38 avenue John F. Kennedy, L-1855, Luxembourg; "Cloudfront") on our website. This is a supra-regional network of servers in various data centres to which our web server connects and via which certain content of our website is delivered. The data processing serves the purpose of optimising the loading times of our website and thus making our offer more user-friendly. The following information may be collected in the process IP address, system configuration information, information about traffic from and to customer websites (so-called server log files). Your data may be transmitted to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Cloudfront has certified itself in accordance with the TADPF and is thus committed to complying with European privacy principles. Your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in the needs-based and targeted design of the website. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR. You can find more information on privacy when using Cloudfront here and here.

Individual settings for cookies

We will explain below that various cookies are used on our website, although for the majority of cookies this is only the case if you give your consent.

You can use the links below to find out how you can make the browser settings that are most important to you and whether and how cookies are processed:

Cookies used

We use the following cookies, which are technically necessary for the operation of our website

Consent & cookie settings

NameStorage durationDomain nameDomain Description
mpCookieBanner1 yearmissPompadour.comSaves whether the consent banner has already been displayed to the user
mpCookieSettings1 yearmisspompadour.deSaves the user's settings for the consent banner
mpPinterestButton1 yearmisspompadour.comSaves whether the user has consented to the display of the Pinterest "Pin-it" button via a 2-click solution
mpYoutubeVideos1 yearmisspompadour.comSaves whether the user has consented to the embedding of YouTube videos

Shopware (shop system)

NameStorage durationDomain nameDomain description
timezone30 daysmissPompadour.comRecognises the correct time zone of the user.
csrf[frontend.account.login]Sessionmisspompadour.deSecurity cookie for the login to the customer account.
csrf[frontend.account.register.save]Sessionmisspompadour.deSecurity cookie for registration in the shop.
csrf[frontend.checkout.line-item.add]Sessionmisspompadour.deSecurity cookie for adding products to the shopping basket.
csrf[*]Sessionmisspompadour.deSecurity cookies for core functions of the shop system.
session*Sessionmisspompadour.deIdentifies the session of a user
AWSALBTGCORS7 daysmisspompadour.deEnsures the technical functionality of the shop under high system load. Part of Amazon Web Services Elastic Load Balancing, which always connects users to the same server if necessary.
AWSALBTG7 daysmissPompadour.deEnsures the technical functionality of the shop under high system load. Part of Amazon Web Services Elastic Load Balancing, which always connects users to the same server if necessary.
With your consent, we also use the following cookie, which is not technically necessary:

MissPompadour Analytics

NameStorage durationDomain nameDescription
_mpParams1 yearmissPompadour.comThis cookie allows us to identify your visitor source (referrer URL) when you place a new order

4. Detection of and defence against attacks on our website

We process your IP addresses together with the date and time of access and the URL or file accessed for the sole purpose of detecting and defending against attacks on the systems used to operate our website. Such attacks could impair the intended functionality of the systems, the use of our website or its functionality and the security of visitors to our website. We hereby pursue the legitimate interest of ensuring processing security in accordance with Art. 32 GDPR, recognising and fending off attacks in order to protect us and the visitors to our website from damage. Recipients of this data may be law enforcement authorities and (technical) service providers who support us in detecting or defending against attacks. The legal basis for processing is Art. 6 para. 1 lit. f) GDPR. The IP addresses are deleted after 90 days, unless further storage is required for the above purposes in individual cases. In this case, we delete the data when the purpose no longer applies.

5. Creating a customer account

When you create a customer account on our website, we process the data you provide in order to set up and manage the customer account and to enable you to use the services we offer in connection with the customer account. In addition to the data you provide when setting up the customer account, the customer account may also process other data that is generated in connection with your use of the account and is visible to you, such as an order history. The legal basis for the corresponding processing of your data is Art. 6 para. 1 lit. b) GDPR.

We will send an email to the email address you provided when registering asking you to confirm your registration. We do this to protect you and ourselves by preventing third parties from opening a customer account by misusing your email address. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.

This data associated with the customer account will be stored until the customer account is deleted. If we are legally obliged to store the data for a longer period (e.g. to fulfil accounting obligations or legally required evidence) or if we are legally entitled to store the data for a longer period (e.g. due to an ongoing legal dispute against the holder of a customer account), the data will be deleted after the storage obligation or authorisation has expired.

"PompCoins" bonus programme

If you register for and use our bonus programme, we process the data you provide and the interactions you have with our website or app in order to set up and manage your bonus programme account, to credit or redeem points and to enable you to make use of the services we offer in connection with the bonus programme. In the bonus programme account, in addition to the data that you provided when setting up the account, further data is processed in connection with the use of the account, such as which interactions for which points are awarded were made, when points were redeemed and when points expire. The legal basis for the corresponding processing of your data is Art. 6 para. 1 lit. b) GDPR. This data associated with the bonus programme account will be stored until the customer account is deleted. If we are legally obliged to store the data for a longer period (e.g. to fulfil accounting obligations or legally required evidence) or if we are legally entitled to store the data for a longer period (e.g. due to an ongoing legal dispute against the holder of a bonus programme account), the data will be deleted after the storage obligation or entitlement has expired.

6. Orders

When you order a service offered by us, we process the data you provide for the conclusion and fulfilment of the corresponding contract. The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Due to legal requirements, we are obliged to send an order confirmation by e-mail to the e-mail address you have provided when you place an order via our website. Furthermore, we are subject to legal recording and retention obligations upon conclusion of a contract. The legal basis for the corresponding processing is Article 6(1)(c) GDPR.

We also process the data you provide to detect and defend against attempted fraud on the basis of Article 6(1)(f) GDPR. Our aim here is to protect ourselves against fraudulent transactions.

The data will be deleted if there is a legal obligation and the storage obligation no longer applies, unless we are authorised to continue processing the data (e.g. in a legal dispute). Otherwise, we delete the data when it is no longer required to prove the existence or non-existence of a claim.

Gutscheinangebote der Sovendus GmbH

Nach dem Abschluss einer Bestellung in unserem Shop werden für die Auswahl eines für Dich aktuell interessanten Gutscheinangebots pseudonymisiert und verschlüsselt der Hashwert Deiner E-Mail-Adresse und Deiner IP-Adresse an die Sovendus GmbH, c/o Design Offices Karlsruhe Bahnhofplatz, Bahnhofplatz 12, 76137 Karlsruhe (Sovendus) übermittelt (Art. 6 Abs.1 f DSGVO). Der pseudonymisierte Hashwert der E-Mail-Adresse wird zur Berücksichtigung eines möglicherweise vorliegenden Widerspruchs gegen Werbung von Sovendus verwendet (Art. 21 Abs.3, Art. 6 Abs.1 c DSGVO). Die IP-Adresse wird von Sovendus ausschließlich zu Zwecken der Datensicherheit verwendet und im Regelfall nach sieben Tagen anonymisiert (Art. 6 Abs.1 f DSGVO). Außerdem übermitteln wir zu Abrechnungszwecken pseudonymisiert Bestellnummer, Bestellwert mit Währung, Session-ID, Couponcode und Zeitstempel an Sovendus (Art. 6 Abs.1 f DSGVO). Wenn Du dich für ein Gutscheinangebot von Sovendus interessierst, zu Deiner E-Mail-Adresse kein Werbewiderspruch vorliegt und auf das nur in diesem Fall angezeigte Gutschein-Banner klickst, werden von uns verschlüsselt Anrede, Name, Postleitzahl, Land und Deine E-Mail-Adresse an Sovendus zur Vorbereitung des Gutscheins übermittelt (Art. 6 Abs.1 b, f DSGVO).

Weitere Informationen zur Verarbeitung Deiner Daten durch Sovendus findest Du in den Online-Datenschutzhinweisen unter https://www.sovendus.com/datenschutz.

7. Payment service provider

The respective provider is responsible under data protection law for all payment options offered by us. Insofar as data is transferred to the respective payment service provider for the execution of a contract with you (name, address, e-mail address, order number, purchase price to be paid), this is done on the basis of Art. 6 para. 1 lit. b) GDPR, so that the respective service provider has the data it needs to carry out the payment transaction and select the available means of payment. If the payment service provider transfers data concerning you to us, we will also use this data to fulfil the corresponding contractual relationship with you. The legal basis is therefore also Art. 6 para. 1 lit. b) GDPR.

Cookies used

Paypal

NameStorage durationDomain nameDomain description
paypalplus_session_v2SessionmissPompadour.comContains data for the payment transaction of an order.

Klarna

NameStorage durationDomain nameDomain description
thx_global_guid5 yearsonline-metrix.netUsed to detect and prevent fraud.
thx_guid5 yearsonline-metrix.netUsed to detect and prevent fraud.

Stripe

NameStorage durationDomain nameDescription
__stripe_sidSessionmissPompadour.comUsed to identify the session in the checkout with Stripe.
__stripe_mid1 yearmisspompadour.comUsed to identify the user in the checkout with Stripe.

Amazon Pay

NameStorage durationDomain nameDomain description
session-token1 yearamazon.comContains a token to identify the session in the checkout for Amazon Pay
session-id-*1 yearamazon.comContains additional information such as the time the session was initialised
apay-session-set1 yearmissPompadour.comContains additional information to identify the checkout session for Amazon Pay

8. Customer service via Dixa

We use the "Dixa" system from the provider Dixa ApS, Vimmelskaftet 41A, 1 Sal., 1161 Copenhagen, Denmark, to manage and respond to enquiries from users, who may be customers, potential customers or third parties, more quickly and efficiently. The legal basis for this is our legitimate interest in the rapid and effective processing of your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your enquiry serves to conclude a contract with us, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
As a European company, Dixa is subject to the requirements of the GDPR. Dixa provides us with its software for processing our customer enquiries and only processes customer data in a technical sense.We have concluded a contract with Dixa for commissioned data processing in accordance with Art. 28 GDPR, in which Dixa undertakes to process the data received in this way only in accordance with our instructions and to comply with the EU level of data protection.
Various categories of data are processed: Contact data (e.g. name, address, telephone number, email), content data (e.g. photographs), the data you enter. We have made sure that user data is secure at Dixa. Communication is encrypted using the HTTPS protocol and SSL certificates and the data is stored in Europe. Your data will be deleted after your enquiry has been dealt with, unless we are legally obliged to store it for longer. In this case, the deletion will take place after expiry of the corresponding obligation.
You can object to this data processing at any time with effect for the future by informing us of your decision via one of the above-mentioned contact options. Further information about Dixa can be found in the Privacy Policy.

8.1 Contact form

If you use our contact form, we will use the data you provide us with to process your enquiry. The legal basis for this is our legitimate interest in processing your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your enquiry serves to conclude a contract with us, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

Your data will be deleted after your enquiry has been dealt with, unless we are legally obliged to store it for a longer period. In this case, the deletion will take place after expiry of the corresponding obligation.

8.2 FAQ via Elevio

We use Elev.io, a service provided by Elevio Pty Ltd, Level 1, 2 Mill Place, Melbourne, Victoria 3000, Australia , to display contextualised answers to frequently asked questions / FAQs about our service. Elev.io only stores user-related data on our behalf if you actively send it to us via the contact form on the help pages provided by Elev.io. Elev.io has undertaken to use this data only for direct service fulfilment in our context. The information collected by Elev.io is generally stored on an Elev.io server in Australia, Elev.io complies with the provisions of the GDPR when processing personal data. As an Australian company, Elev.io is subject to the requirements of the Australian Privacy Act 1988 (Cth). The legal basis for the processing of the data is your consent pursuant to Art. 6 para. 1 lit. a GDPR and our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to provide you with easy access to help topics. You can findmore information in Elev.io's privacy policy.

9. Email newsletter and postal advertising

When you register for our email newsletter, we process the data you provide. We use this data to create and send our newsletter. The legal basis for the processing is Art. 6 para. 1 lit. a) GDPR based on your consent. You can withdraw your consent at any time with effect for the future. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.

To confirm your registration for the newsletter, you must click on the confirmation link in the verification email that we send you after your registration. By clicking on the link provided in the verification message, we process the date and time of the click, the content of the message sent to you and the email address used. This is done in order to be able to prove that you have subscribed to the newsletter and confirmed your consent. The legal basis for this processing is Art. 6 para. 1 lit. c) GDPR, as we are legally obliged to be able to prove your consent.

We will delete your personal data in connection with the newsletter subscription when you unsubscribe. We delete data that we require as proof that you have subscribed to the newsletter after the limitation period for corresponding obligations to provide proof has expired.

If you purchase a product or service via our website or our app, we will send you our email newsletter on the basis of Section 7 (3) UWG, Art. 6 (1) (f) GDPR. We use the email address you provided at the time of purchase for this purpose. You can unsubscribe from the newsletter at any time with effect for the future, e.g. using the unsubscribe link provided in the newsletters. This does not incur any costs other than the transmission costs according to the basic tariffs.

We personalise the dispatch and content of our newsletter on the basis of Art. 6 para. 1 lit. f) GDPR based on your purchases made with us in order to offer you products that we believe will be of interest to you

We send our customers postal advertising on the basis of a balancing of interests in accordance with Art. 6 para. 1 lit. f) GDPR. You can object to the corresponding use of your data at any time. Our legitimate interest in this is to inform our customers about our offers.

Use of Klaviyo

We use the service of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; "Klaviyo") to send newsletters as part of order processing. We pass on the information you provide during newsletter registration (e-mail address, first and last name if applicable, telephone number if applicable, products viewed, products in the shopping basket, order data such as order number, products purchased, voucher codes used if applicable) to Klaviyo. The data processing serves the purpose of sending the newsletter and its statistical analysis. In order to analyse newsletter campaigns, the newsletters sent contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This allows us to determine whether you have opened the newsletter and whether you have clicked on any integrated links. In this context, we collect your personal data such as IP address, browser type and device as well as the time. This data can be used to create user profiles under a pseudonym. The data collected will not be used to identify you personally. The data collected is only used for statistical analysis to improve newsletter campaigns. You can also prevent tracking by deactivating the display of images in your email programme by default. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking will take place and your data will generally be transmitted to Klaviyo servers in the USA and stored there. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo has certified itself in accordance with the TADPF and is therefore committed to complying with European privacy principles

Your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. You have the right to object to this processing of your personal data at any time on grounds relating to your particular situation.

You can find more information about privacy at Klaviyo here and here.

Cookies used, responsible party: Klaviyo Inc.

NameStorage durationDomain nameDomain description
__kla_id1 yearmissPompadour.comIs set to identify the visitor.
od-klaviyo-track-allow1 yearmisspompadour.deIs set if the tracking has been accepted by the visitor.

10. Warning about data transfers to third countries

For various services that are used on our website with your consent or that process data via our website (e.g. for advertising purposes), you will find a warning in this privacy notice that data may be transferred to third countries.

What does this warning mean?

If data is transferred to a third country, your personal data will leave the local scope of the GDPR. In individual cases, a level of privacy may apply in the third country that does not meet the requirements of the GDPR. For some countries, e.g. Switzerland, there is a so-called adequacy decision. In the opinion of the EU Commission, the level of data protection law in these countries meets the requirements of the GDPR. They are therefore considered safe for privacy purposes. There is no such decision for other countries, in particular the USA, as these countries do not have a level of protection for your personal data that corresponds to that of the GDPR. When data is transferred to a third country, your personal data may therefore be transferred to a country, e.g. the USA, for which there is no level of privacy that is compatible with the GDPR.

What does this mean for your personal data?

As part of an economy based on the division of labour, many companies use service providers to process personal data. In other cases, large companies, such as Google, Amazon, Facebook or Apple, have numerous different companies in different countries that do not each process data individually. Instead, they use group-wide IT services so that, for example, a company in Ireland uses the services of the parent company in the USA. For this purpose, either personal data is transferred to the USA or the parent company in the USA has access to the data in the EU.

The GDPR allows the conclusion of so-called standard contractual clauses to agree that the contractual partner, e.g. the parent company in the USA, must comply with the provisions of the GDPR for the corresponding data processing, even if these would otherwise not apply to the contractual partner. This is intended to contractually create a level of privacy that corresponds to that of the GDPR so that the data subjects are not placed in a worse position than if their personal data were processed in the EU.

However, contracts only bind the parties involved in them and not third parties, such as government agencies. It is therefore possible that in one country, e.g. the USA, government agencies have the right to access the personal data of EU citizens, even if this violates their rights. This access can be very extensive and relate to all of your data that is processed there. They can be carried out without a judge or similar having to order it. They can be secret, so that you do not find out about these accesses. And you may not be able to defend yourself against access and any use of your data, especially not in court. Furthermore, the rights of data subjects to which you are entitled under the GDPR (e.g. information, erasure) may also not exist or may not be enforced. The data processed in this way may also be combined with other data concerning you from other sources, e.g. to create a profile about you.

This possible use of your data could, but does not necessarily have to, be associated with disadvantages for you. Since government agencies in third countries in particular are not subject to EU or German law, it is not possible to specify exactly what these disadvantages may be. Disadvantages can therefore be of any nature, e.g. economic or political. For example, you could be denied entry to a country, but it is also possible that this data could be used against you in foreign criminal proceedings. The disadvantages can therefore be very serious in individual cases

How high are my risks?

We cannot give a generalised answer as to how high the risks described are in individual cases. We can only point out that the key question is which service, and therefore which company, has access to your data in connection with your use of our website. It is also decisive which personal data is affected by this. In our opinion, our website only deals with the possible processing of personal data in third countries in connection with advertising services such as Google, Microsoft or Facebook. This will be data about which website you visited and when, how long you stayed on it, where you accessed it from, which end device or software (browser, app) was used for this, which interactions you made on the website, if this is transmitted to the operator of the service (e.g. the purchase of a product after clicking on an advert. Please read the information on the respective services) and any other data processed by the respective operator. For this, we refer you to the respective privacy notices of the services. You will find the links to these in these privacy notices in the explanation of the respective service.

You must weigh up for yourself whether giving your consent and any transfer to a third country could create a situation for you that you do not want to live with. In this case, please do not give your consent to the use of these services.

You will not suffer any disadvantages if you do not give your consent

If you do not wish to give your consent to the use of certain or all services or the storage of cookies, this will not have any disadvantages for you on our website. All our offers are available to our customers on the same terms, regardless of whether they give their consent or not. Of course, you can also return your consent at any time with effect for the future. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.

11. Tools for analysing the use of our website

We use the following services on the basis of your consent, which you can return at any time, to compile statistics and analyses on how our website is found and used, as well as for the purpose of optimising our website and our advertising measures. The legal basis for this is Art. 6 para. 1 lit. a) GDPR. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.

You can revoke your consent at any time with effect for the future here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.

In addition, the services offer you the opportunity to object to their use in general, and not just for our website. Please refer to the information on the respective services.

a. Google Analytics

We use Google Analytics, a service of Google Ireland Limited, Imprint, using your anonymised IP address as part of an order processing contract. IP anonymisation is carried out by Google within the EEA. According to Google, the full IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases. Google also states that the IP address transmitted by your browser will not be merged with other data by Google.

Google Analytics is used to process the following data about the use of our website

  • approximate location at the level of a region
  • anonymised IP address
  • technical information about the browser and end device used (e.g. language setting, screen resolution)
  • Internet provider of the user
  • via which website/advertising media a user came to this website
  • the pages accessed by the user
  • whether users perform certain actions on our website, so-called conversions, such as the purchase of a product newsletter registrations, downloads, purchases)
  • user behaviour (e.g. which links are clicked on, how long a user stays on a website, from which website they leave our website)

We have deactivated the functions in Google Analytics that would allow Google or another third party to use data as the controller.

No personal profiles are created, but the corresponding statistics only contain summarised data that does not allow any conclusions to be drawn about a specific person.

The analyses created by Google Analytics enable us to understand how our website is used and which advertising measures are successful. This allows us to optimise our website (in particular its structure, content, functions) and advertising measures and thus our business success. The legal basis for processing is Art. 6 para. 1 lit. a) GDPR based on your consent. In Google Analytics, we have set a storage period of 14 months for the personal data concerned. Data whose retention period has been reached is automatically deleted once a month.

As part of the order processing, Google is authorised to commission subcontractors. You can find a list of these subcontractors at https://privacy.google.com/businesses/subprocessors/

As part of the activities of Google Ireland Limited, data may be exported to a third country within the meaning of Art. 44 GDPR. Google Ireland Limited states that it will only do so if the applicable requirements are met.

Google only offers a browser plugin as a website-wide function for opting out of the use of Google Analytics. You can find information about this here.

The information generated about your use of this website is usually transferred to a Google server in the USA and stored there. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore committed to complying with European privacy principles. Both Google and US government authorities have access to your data. Your data may be linked by Google with other data, such as your search history, your personal accounts, your usage data from other devices and all other data that Google has about you.

We also use the Google Signals service in this context. Google Signals enables cross-device tracking. Your data can therefore be analysed across devices if you have activated "personalised advertising" in your account settings and your end devices are linked to your Google account. This makes it possible to recognise on which device you search for products and later return to complete purchases on another device, such as a tablet. The cross-device reports created in this context only contain aggregated data. We therefore only receive statistics generated on the basis of Google Signals. To prevent Google Signals from collecting and storing data across devices, you can deactivate the "personalised ads" function in the settings of your Google account. You can find more information on this at https://support.google.com/ads/answer/2662922?hl=de. You can find more information on data processing and privacy at Google Signals at https://support.google.com/analytics/answer/7532985?hl=de.

Your consent can be revoked here at any time with effect for the future. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.

Cookies used, responsible party: Google Ireland Limited

NameStorage durationDomain nameDescription
_ga2 yearsmissPompadour.comUsed to distinguish individual users from each other.
_ga_*2 yearsmisspompadour.deUsed to distinguish individual users from each other.
_gid24 hoursmisspompadour.deUsed to distinguish individual users from each other.
_gat_*1 minutemisspompadour.deUsed to throttle the rate of server requests.

b. Klar Attribution

We use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany) on our website. Klar collects, processes and stores data on this website and its subpages for reach measurement and statistical analysis on our behalf. This collection takes place on the following legal basis: If the user has given consent in accordance with Article 6 (1) sentence 1 a GDPR and Section 25 (1) sentence 1 TTDSG, the data to be processed is collected on a user-related basis. Various cookies are used to collect the data

To object to the use of cookies, please use this link. This will set a cookie with the name "do_not_track" from the domain "misspompadour.de". Please do not delete this cookie, as otherwise it cannot be guaranteed that you will not be tracked by Klar. Information on privacy and data usage by Klar can be found here

Cookies used, person responsible: Klar

NameStorage durationDomain nameDomain description
september_id1 yearmissPompadour.comUsed to distinguish the user from other users.
september_has_consent1 yearmisspompadour.deIs set when tracking has been accepted.

c. Microsoft Clarity

We use Clarity, a Microsoft service, to analyse how our website is used. The provider of Microsoft Clarity and the controller under data protection law is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA. If you are in the EU at the time your data is collected by Microsoft Clarity, the controller is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The privacy policy applicable to Microsoft Clarity can be found here.

We use Clarity to create so-called heat maps. These are visual representations of how our website is used. These are created by recording which page elements visitors click on a website, where the mouse is moved, how a website is scrolled and which end devices are used. This enables us to understand how visitors interact with our website in order to improve and optimise it to make it easier to use and improve sales of the services we offer. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.

The following data is processed by Clarity for this purpose
  • Usage data of visitors to our website (which website is accessed, where the mouse moves on a website, which page elements are clicked on, where a website is scrolled to;
  • the so-called User Unique User Identifier (UUID), which is used to distinguish the usage data of visitors from each other;
  • the IP address
  • technical data of the end device used to visit our website (screen size, device type (unique device identifiers), browser used, language set for displaying our website);
  • The country from which a visitor accesses our website

Visitor entries on our website, e.g. in forms or keystrokes, are not processed. The UUID is not merged with other data that would allow us to identify a specific visitor (such as order data on our website). Only pseudonymised user profiles are therefore available.
You can withdraw your consent to the use of Microsoft Clarity on our website at any time with effect for the future by clicking here. The return policy of the consent does not affect the legality of the processing carried out on the basis of the consent until the return policy.
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself in accordance with the TADPF and is therefore committed to complying with European privacy principles.
We do not transmit any data relating to you in connection with Microsoft Clarity; data is transmitted solely by the browser you use on the basis of the cookies stored with your consent. We have no access to the personal data processed by Microsoft Clarity and are not responsible for this service under data protection law.

Cookies used, responsible party: Microsoft Corporation

NameStorage durationDomain nameDescription
_clck12 monthsmissPompadour.comContains the Clarity user ID (UUID) and the settings that are unique to this site and are assigned to the same user ID.
_clsk1 dayclarity.msCombines multiple page views of a user into a single Clarity session record.
CLID12 monthsclarity.ms
Identifies the first time Clarity saw a user on a website.
MUID13 monthsclarity.ms
Identifies unique web browsers that visit Microsoft websites. These cookies are used for advertising, website analytics and other operational purposes.
MR7 daysclarity.ms
Indicates whether MUID should be updated.
ANONCHK10 minutesclarity.ms
Specifies whether MUID is transferred to ANID, a cookie used for advertising. Clarity does not use ANID and is therefore always set to 0.

Cookies used, responsible party: Hotjar Ltd

NameStorage durationDomain nameDescription
_hjid1 yearmissPompadour.comUsed to distinguish users from each other.
_hjTLDTestSessionmisspompadour.deUsed to ensure the use of Hotjar across subdomains.
_hjFirstSeenSessionmisspompadour.deUsed to identify the first session of a user.
_hjAbsoluteSessionInProgress30 minutesmisspompadour.deUsed to identify the first page view of a user during a session.
_hjRecordingEnabledSessionmisspompadour.deIs used as soon as a recording is started.
_hjIncludedInSessionSampleSessionmisspompadour.deIs used to track the allocation of a user to a recording or a test.
_hjRecordingLastActivitySessionmisspompadour.deIs saved in the session storage. Is updated when a recording is started and data is transferred to Hotjar via a web socket.
hjViewportIdSessionmisspompadour.deSaves the user's screen resolution and dimensions

d. ABlyft

We carry out tests and analyses on our website and use the ABlyft service from Conversion Expert GmbH (Zeppelinring 52c, 24146 Kiel, Germany) for this purpose. This enables us to analyse how individual user segments visit the website and carry out so-called A/B tests in order to constantly improve our website

ABlyft does not store any personal data such as IP addresses, but anonymised and aggregated data. The service also respects DoNotTrack settings of the browser. You can object to the use of ABlyft at any time by clicking on the following link: https: //www.misspompadour.de?ablyft_opt_out=true. Hosting takes place on servers in Germany. Further information on how ABlyft processes data can be found here.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with § 25 para. 1 TTDSG. The legal basis for the evaluation and optimised presentation of our online offers and the storage of cookies is the consent given in accordance with Art. 6 para. 1 lit. a GDPR. The anonymised data collected is evaluated for a maximum period of 365 days. Your consent can be revoked here at any time with effect for the future. The return policy of the consent does not affect the legality of the processing carried out on the basis of the consent until the return policy

Cookies used, responsible: ABlyft

NameStorage durationDomain nameDomain description
ablyft_exps90 daysmisspompadour.comIs set and updated when a visitor is categorised into an experiment / variation.
ablyft_queue90 daysmisspompadour.deCollects the visitor's events before they are sent to ABLyft.
ablyft_uvs90 daysmisspompadour.deIs set the first time the visitor accesses the site and is updated with every subsequent page view.
ablyft_tgoals90 daysmisspompadour.deIs set when the visitor triggers a specific goal event.
90 daysmisspompadour.de
90 daysmisspompadour.de
90 daysmisspompadour.com

12. Advertising services

We use the services listed below to advertise the services we offer and thus acquire customers on the basis of your consent, which you can withdraw at any time. The legal basis for this is Art. 6 para. 1 lit. a) GDPR. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy. You can withdraw your consent here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.

In addition, the services offer you the opportunity to object to their use in general, and not just for our website. We point this out in the respective services.

Please note that the consent you have given relates to two issues:

  1. The storage of cookies in the end device you are using;
  2. The use of the respective service as such

Please also note that for the services
  • Microsoft Advertising
  • Criteo

are not responsible under data protection law. Rather, these services operate under their own responsibility. We are only a customer who carries out advertising measures via these services and obtains the necessary consent for these services to store cookies on your end device and for the service to be used for you.

a. Microsoft Advertising

With your consent, cookies for the Microsoft Advertising service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this section.

The provider of Microsoft Advertising and the controller under data protection law is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA. If you are in the EU at the time your data is collected by Microsoft Advertising, the controller is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The privacy policy applicable to Microsoft Advertising can be found here.

You can control the use of data to receive interest-based advertising from Microsoft by visiting this page. If you have a Microsoft account, you can make privacy settings on this website.

You can withdraw your consent to the use of Microsoft Advertising on our site at any time with effect for the future by clicking here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself in accordance with the TADPF and is therefore committed to complying with European privacy principles.
We do not transmit any data relating to you in connection with Microsoft Advertising; data is transmitted solely by the browser you use on the basis of the cookies stored with your consent. We have no access to the personal data processed by Microsoft Advertising and are not responsible for this service under data protection law.

Cookies used, responsible party: Microsoft Corporation

NameStorage durationDomain nameDomain description
MUID392 daysbing.comContains a randomly generated user ID. Microsoft can use this ID to recognise the user anonymously across different websites and display personalised advertising.
_uetsid1 daymissPompadour.comContains a unique, non-personally identifiable ID that is used to identify a visitor to our website
_uetvid16 daysmisspompadour.comContains a unique, non-personally identifiable ID that is used to identify a visitor to our website

b. Google Ads

With your consent, cookies for the Google Ads service are stored in the browser you use when you visit our website and this service is used.
We explain which cookies these are at the end of this section. The provider of Google Ads in the European Union is Google Ireland Limited, Imprint.
You can access the contractual agreements between Google and us here.
The privacy policy applicable to Google Ads can be found here. You can object to the use of your data for interest-based advertising via Google Ads here. If you use a Google account , you can make these privacy settings here.
Your data may be transmitted to the servers of Google LLC in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore committed to complying with European privacy principles.
We also use Google's remarketing or "similar target groups" function on our website. The purpose of this application is to analyse visitor behaviour and interests. Google uses cookies to analyse website usage, which forms the basis for the creation of interest-based advertisements. Cookies are used to record visits to the website and anonymised data on the use of the website. No personal data of visitors to the website is stored. If you subsequently visit another website in the Google Display Network, you will be shown adverts that are highly likely to take into account previously accessed product and information areas>
We do not transmit any data relating to you in connection with Google Ads; data is transmitted solely by the browser or app you use.
You can withdraw your consent to the use of Google Ads on our site with effect for the future by clicking here. The return policy of the consent does not affect the legality of the processing carried out on the basis of the consent until the return policy.

Cookies used, responsible party: Google Ireland Limited

NameStorage durationDomain nameDomain description
IDE1 yeardoubleclick.netContains a randomly generated user ID. Google can use this ID to recognise the user across different websites and display personalised advertising.
RUL1 yeardoubleclick.netIs used to track whether adverts have been displayed and to increase the efficiency of adverts.
test_cookie15 minutesdoubleclick.netIs set as a test to check whether the browser allows cookies to be set. Contains no identification features.
_gcl_au90 daysmisspompadour.deUsed to distinguish individual users from each other.
NID182 daysgoogle.comUsed to store user preferences and other information. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter.
DV7 minutesgoogle.comUsed to store user preferences and other information. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter.
CONSENT20 yearsgoogle.comThis cookie is used to store the user's preferences and other information. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter.
AID3 monthsgoogle.comUsed to switch on targeted advertising.
1P_JAR1 monthgoogle.comCollects website statistics and tracks conversion rates.

c. Criteo

With your consent, cookies for the Criteo service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this section.

The provider and data protection officer for advertising campaigns in Germany is Criteo GmbH, Munich. The privacy policy applicable to Criteo can be found here. You can also object to the use of your data for interest-based advertising by Criteo on this website.

Please note our warnings about third countries, as Criteo may process personal data in countries that do not have a level of privacy that meets the standards of the GDPR.

We do not transmit any data relating to you in connection with Criteo, but data is transmitted solely by the browser you use on the basis of the cookies stored with your consent. We have no access to the personal data processed by Criteo and are not responsible for this service under data protection law.

You can withdraw your consent to the use of Criteo on our site at any time with effect for the future by clicking here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.

Cookies used, responsible party: Criteo GmbH

NameStorage durationDomain nameDomain description
uid1 yearcriteo.comContains a randomly generated user ID. Criteo can use this ID to recognise the user across different websites and display personalised advertising.

d. Facebook Pixel & Conversion API

With your consent, the so-called Facebook Pixel is stored in your browser when you visit our website. The provider of this function for the EU is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland.

We use the Facebook pixel to display our adverts on Facebook and on the partners cooperating with Facebook (so-called "Audience Network") via Facebook only to those people who have visited our website and for whom we therefore assume that they are interested in our offers and thus our advertising. Furthermore, the Facebook pixel allows us to measure the effectiveness of these adverts by determining whether a person was redirected to our website after clicking on a corresponding advert.

In terms of privacy law, Meta Platforms Ireland Ltd. acts partly as a processor for us and partly we are jointly responsible with them in accordance with Art. 26 GDPR. In all other respects, Meta Platforms Ireland Ltd. is solely responsible for the corresponding processing of personal data.

Order processing

Meta Platforms Ireland Ltd. acts as a processor insofar as so-called event data is processed on our behalf in order to create reports for us on the impact of our advertising campaigns operated via Facebook and other Facebook content (e.g. our posts on facebook.com) as well as analyses and insights about users of our website and their use of the website. For this purpose, no profiles are created that we can assign to specific users of our website. "Event data" is information that we share with Facebook using the Facebook pixel and relates to people and the actions they take on our website, such as visiting our website and purchasing the products we offer. Event data includes information that is collected and transmitted when people access our website using Facebook login or Facebook plugins (e.g. the "Like" button). However, they do not collect information that is created when a user interacts with our website via the Facebook login, Facebook plugins or in any other way (for example, by logging in or "liking" or sharing an article).
The contractual basis for order processing by Meta Platforms Ireland Ltd. is the Terms of Use for Facebook Business Tools and the corresponding Data Processing Terms. In addition, the standard contractual clauses, the "Meta-EU Data Transfer Addendum", apply with regard to the processing of personal data by Facebook in the USA

Joint responsibility

In accordance with Art. 26 GDPR, we are joint controllers with Meta Platforms Ireland Ltd. for the use of event data generated by our use of the Facebook pixel, insofar as this is used to improve the display of our advertisements played via Facebook and the delivery optimisation of these advertising campaigns. For this purpose, Meta Platforms Ireland Ltd. uses this event data in relation to people who use products of Facebook companies in order to show our advertising campaigns only to people who have visited our website (so-called ad targeting) or who are assumed to be interested in our services. In connection with ad targeting and the optimisation of ad delivery, Facebook Ireland Ltd. only uses the event data generated by us to optimise the delivery of ads after it has been aggregated with other data collected by other Facebook advertisers or otherwise on Facebook products. Facebook does not allow other advertisers or other third parties to target ads based solely on the event data we submit. A description of which personal data is processed by us and Meta Platforms Ireland Ltd. as joint controllers due to the use of the pixel can be found here. According to Facebook, this is the following data
  • HTTP header information such as information about the web browser or app used (e.g. user agent, language setting country/language)
  • Information on standard/optional events such as "page view" or "app installation", other object properties and buttons clicked by visitors to the website, products placed in the shopping basket and products purchased, in each case in accordance with the configuration of the business tool
  • Online identifiers such as IP addresses and, if provided, Facebook-related identifiers or device IDs (such as advertising IDs for mobile operating systems) and information on the status of deactivation/restriction of ad tracking;

The legal basis for joint controllership is the contract available here in accordance with Art. 26 GDPR. This was concluded in order to determine the respective responsibilities for the fulfilment of the obligations under the GDPR with regard to joint processing. The information required under Article 13(1)(a) and (b) GDPR can be found in Facebook's Data Policy. The Facebook Pixel is used as set out in the terms of use for this product.

For information on how Meta Platforms Ireland Ltd. processes personal data, including the legal basis on which Meta Platforms Ireland Ltd. relies and the options for exercising data subjects' rights vis-à-vis Facebook Ireland, please refer to Meta Ireland's Data Policy.Under the contract concluded with us, Meta Platforms Ireland Ltd. is responsible for enabling data subjects to exercise their rights under Articles 15-20 of the GDPR with regard to the personal data stored by Meta Platforms Ireland Ltd. after joint processing. Of course, this does not affect your existing rights vis-à-vis us under the GDPR (see "Your rights"). You can assert these rights against us in parallel.

Sole responsibility of Facebook

Meta Platforms Ireland Ltd. is solely responsible under data protection law for the processing of personal data in connection with the Facebook Pixel that goes beyond the above. The privacy policy of Meta Platforms Ireland Ltd. can be found here. You can find further options for objecting to Facebook using your personal data for these purposes here.
Finally, you can withdraw your consent to the use of the Facebook pixel on our site by clicking here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and is therefore committed to complying with European privacy principles.
Facebook Conversion API
In addition to the Facebook Pixel, we use the Facebook Conversion API, a server-side event tracking interface. The functionality and processing of data as part of the Conversions API corresponds to the functionality and processing as part of the use of the Facebook pixel.

Cookies used, responsible party: Facebook Ireland Ltd

NameStorage durationDomain nameDescription
_fbp90 daysmissPompadour.comUsed to distinguish individual users from each other.
fr90 daysfacebook.comUsed to distinguish individual users from each other.
ATN2 yearsatdmt.comContains a randomly generated user ID. Facebook can use this ID to recognise the user across different websites and display personalised advertising.

e. Pinterest Tag

With your consent, cookies for the Pinterest Tag service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this section.

The provider of Pinterest Tag in the European Union and the controller under data protection law is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. The privacy policy applicable to Pinterest Tag can be found here.

Here you will find information on how you can object to the use of your data for interest-based advertising via Pinterest Tag. If you use a Pinterest account, you can make privacy settings for this account here.

You can withdraw your consent to the use of Pinterest on our site at any time with effect for the future by clicking here. The return policy of the consent does not affect the legality of the processing carried out on the basis of the consent until the return policy.
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TADPF. Data is transferred on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed here.
We do not transmit any data relating to you in connection with the Pinterest tag, but data is transmitted solely by the browser you use based on the cookies stored with your consent. We have no access to the personal data processed by the Pinterest tag and are not responsible for this service under data protection law.

Cookies used, responsible party: Pinterest

NameStorage durationDomain nameDescription
_pin_unauth1 yearmissPompadour.comIs a first-party cookie that groups actions for users who cannot be identified by Pinterest.
_pinterest_ct_ua1 yearpinterest.comIdentical to _pin_unauth, but as a third-party cookie.
_pinterest_sess1 yearpinterest.comIs the cookie for logging in to Pinterest. It contains user IDs, authentication tokens and timestamps. When users log out, the authentication tokens are deleted, but the cookies remain. We use the logged-out user IDs to optimise usage and measurability.
_pinterest_ctSessionpinterest.comContains a user ID and the timestamp at which the cookie was created.
_pinterest_ct_rtSessionpinterest.comIdentical to _pinterest_ct
_epikSessionpinterest.comPlaced by the JavaScript tag based on information sent by Pinterest with the advertised traffic to identify the user
_derived_epikSessionpinterest.comPlaced by the Pinterest tag when a match is recognised without cookies being present, e.g. with Enhanced Match.

f. TikTok Pixel

With your consent, we use the advertising services of TikTok, a service provided by TikTok Technology Limited, a company registered in the Republic of Ireland with its registered office at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

We use this function to display our advertising on TikTok to people who have visited our website or for whom we assume that they are interested in our offers and thus our advertising. TikTok also allows us to measure the effectiveness of our adverts by determining whether a person has been redirected to our website after clicking on a corresponding advert

In terms of privacy law, TikTok acts partly as a processor for us and partly we are jointly responsible with it in accordance with Art. 26 GDPR. Otherwise, TikTok alone is responsible for the corresponding processing of personal data. You can find a description of the respective legal responsibility here under Part B, Section 1.4. Of the services listed there (as of December 2022), we use services a), b), c), d) and i). You will also find the agreements we have concluded with TikTok in this respect under the above link.

If you have an account with TikTok, you can make settings for the processing of your personal data, in particular for advertising purposes. You can find the privacy policy for TikTok here and further information here

You can revoke your consent to the use of TikTok on our site at any time with effect for the future by clicking here Link to Consent Layer. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.

Please note our warnings about third countries, as TikTok may process personal data in countries where there is no level of privacy that meets the standards of the GDPR. Your data may be transferred to third countries, such as the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified under the TADPF. The transfer of data to the USA and to third countries without an adequacy decision is based, among other things, on standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed here.

Cookies used, responsible party: TikTok Technology Limited

NameStorage durationDomain nameDescription
_ttp13 monthsmissPompadour.comContains an anonymous user ID. Used to display adverts relevant to the user.
_tt_enable_cookie13 monthsmisspompadour.comSaves that cookies have been set by TikTok

13. Reviews.io and reviews

Use of the review portal

In order to constantly improve our service, we offer you the opportunity to rate us via the independent portal reviews.io of REVIEWS.io 2020 GmbH, Stralauer Allee 6, 10245 Berlin, Germany. If you are registered for our newsletter, we will send you an email a few days after your order has been sent to evaluate your experience with MissPompadour, our customer service and our products. In the review email you will find a link that will take you to our review form at reviews.io. When you click on this link, your browser transmits your email address, your customer name, the order ID and the IDs of the products you have ordered to reviews.io (privacy notice). As long as you do not submit a review, according to reviews.io, this data will not be saved despite clicking on the link. When you submit a review, only your first name will be published. The submission of a review is of course voluntary.
You can find our review profile at reviews.io here.

Widgets and badges with ratings

So-called REVIEWS.io badges and widgets are displayed on our website. This is a seal that allows visitors to our website to see how customers have rated us. We have commissioned REVIEWS.io 2020 GmbH, Stralauer Allee 6, 10245 Berlin, Germany, to provide us with this rating function and the seal as a processor so that we can integrate it into our website.
When the REVIEWS.io badge is displayed on our website, the date and time of access and the amount of data transferred are stored in a log file as part of the order processing. The log files are automatically deleted no later than 5 days after creation.
Our interest in this evaluation system and the integration of the badge into our website is to inform potential customers about the satisfaction of our customers so that this can be used to our advantage when deciding whether to purchase services from us. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.

14. WhatsApp chat

For WhatsApp chat, we use Sinch, a software solution from Sinch Sweden AB, Lindhagensgatan 74, 112 18 Stockholm, Sweden, as part of a data processing agreement. The WhatsApp Business API is used for this service, which means that WhatsApp does not have access to personal data in the area of our responsibility. The messages exchanged with us are of course also encrypted when using the Business API so that third parties have no access to the content. The legal basis for the corresponding data processing is Art. 6 para. 1 lit. f) GDPR, as the respective user makes it clear by using the chat function that they wish to communicate with us via this channel and therefore the corresponding processing of personal data is in their interest.

The use of WhatsApp by the respective user is solely subject to the agreements made by the user with the WhatsApp provider.

16. Privacy policy for our Facebook page

The following applies to our presence on facebook.com in addition to this privacy notice: Due to the use of Facebook Insights, we are jointly responsible for our Facebook page with Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. The legal basis for this is the contract available on this page. The joint responsibility includes the creation of so-called events and their consolidation in Page Insights, which are made available to us. What events are is described on the aforementioned Facebook Insights website. According to Facebook, these are in particular
  • Viewing a page, a post, a video, a story or other content associated with a page
  • Interacting with a story
  • Subscribing or unsubscribing to a page
  • Marking a page or a post with "Like" or "No longer like"
  • Recommend a page in a post or comment
  • Comment on, share or react to a page post (including the type of reaction)
  • Hide a page post or report it as spam
  • Hover over a link to a page or the name or profile picture of a page to see a preview of the page content
  • Click on the website button, phone number button, "Plan route" button or any other button on a page
  • See the event of a page, react to an event (including the type of reaction), click on a link for event tickets
  • Start a Messenger conversation with the page
  • View or click on items in a site shop
  • Information about the action, the person who performed the action and the browser/app used for it. These are for example
  • Date and time of the action
  • Country/city (estimated from the IP address or imported from the user profile for logged-in users)
  • Language code (from the HTTP header of the browser and/or the language setting)
  • Age/gender group (from the user profile, only for logged-in users)
  • Previously visited websites (from the HTTP header of the browser)
  • Whether the action was performed on a computer or on a mobile device (from the browser user agent or from app attributes)
  • Facebook user ID (only for logged-in users)

Facebook Ireland ensures that it has a legal basis for processing the Insights data, which is set out in the Facebook Ireland Data Policy. Facebook Ireland assumes the fulfilment of the obligations under the GDPR for the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR). Facebook Ireland takes appropriate technical and organisational measures in accordance with Article 32 GDPR to ensure the security of processing. This includes the measures listed below on this page (this will be updated from time to time, for example to take account of technological developments). All Facebook Ireland employees involved in the processing of Insights data are bound by appropriate agreements to maintain the confidentiality of Insights data.

Facebook Ireland provides data subjects with the essentials of this Page Insights Supplement (Article 26(2) GDPR). This is currently done via the information on Page Insights data, which can be accessed from all pages.

If a data subject asserts their rights under the GDPR with regard to the processing of Insights data against us, we are obliged to forward all relevant information on such requests to Facebook Ireland without delay, but at the latest within seven calendar days. Facebook Ireland has undertaken to respond to requests from data subjects in accordance with the obligations incumbent on us.

The above statements do not affect the claims to which every data subject is directly entitled against us, in particular those arising from Art. 15 et seq. GDPR.

The legal basis for the corresponding data processing is Art. 6 para. 1 lit. f) GDPR. Only persons who access our page on facebook.com in a targeted manner and therefore intentionally use a website to which the data policy for facebook.com applies are affected by the data processing. The data processing to which the data subject is subject when visiting our website on facebook.com therefore does not go beyond the data processing that Facebook would carry out even if our website did not exist on facebook.com. If the data subject did not agree to this, they would not visit facebook.com. It therefore follows from the visit to our website on facebook.com that the data subject has an overriding interest in visiting our page there in order to consume the content we offer there and to be able to interact with it. Our legitimate interest is therefore to use this site for our corporate communications in order to directly or indirectly promote the sales of the services we offer.

17. Dispatch

Order-related data (contact and delivery data) can be transmitted to our shipping partner for dispatch processing.

Shipping to Switzerland

We work together with our shipping partner exporto GmbH to ship your order to Switzerland.

Switzerland - Shipping within Germany:
exporto GmbH
Max-Stromeyer-Str. 172
DE-78467 Konstanz

Register court: Freiburg Local Court
Register number: HRB 721808
VAT ID: DE331284697

Switzerland - Shipping within Switzerland:
exporto Schweiz GmbH
Hafenstraße 50C
CH-8280 Kreuzlingen

UID: CHE-130.123.814
MWST: CHE-130.123.814 MWST

Contact:
Phone: +49 7531 3027860
E-mail: info@exporto.de

18. Your rights

You have the following rights in particular in connection with your personal data under the GDPR. For details, please refer to the statutory provisions (in particular Art. 15 et seq. GDPR).

Right to information

According to Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data concerning you is being processed by us. If this is the case, you have the right to information about this personal data and to further information as specified in Art. 15 GDPR.

Right to rectification

According to Art. 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure ("right to be forgotten")

Within the limits of Art. 17 GDPR, you have the right to demand that we erase personal data concerning you without undue delay. We are obliged to delete personal data immediately if the corresponding requirements of Art. 17 GDPR are met. For details, please refer to Art. 17 GDPR.

Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right, under certain conditions, to demand that we restrict the processing of your personal data. For details, please refer to Art. 18 GDPR.

Right to data portability

Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. According to Art. 20 GDPR, you also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means.

Right to lodge a complaint with the supervisory authority

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority, without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Right to object

Pursuant to Art. 21 GDPR, you have the right to object to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

19. Explanation of various terms

Browser - this is the software you use to surf the internet and access our website.
EEA - is the European Economic Area. In addition to the EU member states, this includes Iceland, Liechtenstein and Norway.
Third countries - are countries that are not part of the EEA and for which there is no adequacy decision by the EU Commission
IP address - every device that exchanges data via the Internet requires a unique identification, otherwise data (e.g. websites) that are to be sent to this device cannot be delivered. The computer, smartphone, tablet, etc. you are using therefore uses an IP address so that it can retrieve and receive data from the internet. As a rule, you do not use a separate IP address for each end device, but the technology used to connect to the Internet (e.g. your Internet router at home) allows all end devices in a network to appear to the outside world under a common IP address.
lit. - is a Latin abbreviation for "letter", which is used when quoting legal texts. Art. 6 para. 1 lit. a) GDPR therefore means "letter a)".
Standard contractual clauses - are a set of contracts provided by the EU Commission that can form the basis for data transfer to a third country in accordance with Art. 46 para. 2 lit. d) GDPR.