Privacy Policy

Information on the Collection of Personal Data and Contact Details of the Controller

1.1 Thank you for visiting our website and for your interest. This document explains how we process your personal data when you use our website. Personal data means any information that can be used to personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Amelia Rowe. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser’s address bar.


Data Collection When Visiting Our Website

When you use our website for information only—i.e., you do not register or otherwise transmit information to us—we collect only the data your browser transmits to our server (so-called server log files). When you visit our website, we collect the following data, which are technically necessary to display the website:

  • The page(s) you visited on our site
  • Date and time of access
  • Amount of data transmitted (in bytes)
  • The source/referrer from which you reached our page
  • Browser used
  • Operating system used
  • IP address used (where applicable, in anonymized form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data are not shared or otherwise used. However, we reserve the right to review server log files retrospectively if there are specific indications of unlawful use.


Cookies

To make your visit to our website more attractive and to enable certain functions, we use cookies on various pages. Cookies are small text files stored on your device. Some cookies are deleted after you end your browser session (session cookies). Other cookies remain on your device and allow us or our partners (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they may collect and process certain user information (e.g., browser and location data, IP addresses). Persistent cookies are automatically deleted after a defined period, which may vary by cookie type.

Cookies are used, among other things, to simplify the ordering process by saving settings (e.g., remembering the contents of a virtual shopping cart for a later visit). Where cookies implemented by us also process personal data, processing takes place pursuant to Art. 6(1)(b) GDPR (performance of a contract) or Art. 6(1)(f) GDPR (our legitimate interests in the best possible website functionality and a customer-friendly, efficient presentation).

In some cases, we work with advertising partners who help make our online offer more attractive to you. For this purpose, cookies from our partners (third-party cookies) may be stored on your device when you visit our website. Where such partners are used, you will be informed separately about the use of these cookies and the information collected.

You can configure your browser to inform you about the setting of cookies and allow you to decide on acceptance on a case-by-case basis, to refuse cookies in certain cases, or to generally block them. Browsers differ in how they manage cookie settings; see your browser’s help menu for details:

Please note that disabling cookies may limit the functionality of our website.


Contacting Us

When you contact us (e.g., via contact form or email), personal data will be collected. The specific data collected via a contact form can be seen from the form itself. We store and use these data solely to respond to your inquiry and for the related technical administration. The legal basis is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, an additional legal basis is Art. 6(1)(b) GDPR. Your data will be deleted once your inquiry has been conclusively handled, provided there are no statutory retention obligations.


Data Processing When Opening a Customer Account and for Contract Fulfillment

Pursuant to Art. 6(1)(b) GDPR, personal data are further collected and processed when you provide them to us for the purpose of performing a contract or opening a customer account. The data collected are apparent from the respective input forms. You may delete your customer account at any time by contacting the controller at the address above. We store and use the data you provide for contract processing. After full performance of the contract or deletion of your account, your data will be blocked with regard to tax and commercial retention periods and deleted after those periods, unless you have expressly consented to further use or we are legally permitted to further use the data, about which we inform you below.


Use of Your Data for Direct Advertising

6.1 Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory data for sending the newsletter is your email address; any other information is voluntary and used to personalize communications. We use a double opt-in process: we will send you a confirmation email asking you to confirm your subscription by clicking a link.

By activating the confirmation link, you consent to the use of your personal data pursuant to Art. 6(1)(a) GDPR. When you subscribe, we store the IP address assigned by your internet service provider, as well as the date and time of subscription, to trace potential misuse of your email address. The data collected when subscribing are used exclusively for sending the newsletter. You may unsubscribe at any time via the link in any newsletter or by contacting the controller. After unsubscribing, your email address will be promptly removed from our mailing list unless you have expressly consented to further use or we reserve the right to use the data as permitted by law.

6.2 Newsletter to Existing Customers
If you have provided your email address to us in connection with the purchase of goods or services, we reserve the right to send you regular offers for similar goods or services via email. No separate consent is required. Processing is based solely on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR. If you initially objected to this use, we will not send such emails. You may object at any time with future effect by notifying the controller. Only standard transmission costs apply. Upon receiving your objection, we will immediately stop using your email address for advertising.


Data Processing for Order Handling

7.1 Personal data collected by us will be passed on to the shipping company commissioned with delivery to the extent necessary for delivering the goods. Your payment data will be forwarded to the financial institution involved in the payment process to the extent necessary for payment processing. Where we engage payment service providers, we inform you explicitly below. The legal basis for data transfer is Art. 6(1)(b) GDPR.

7.2 Use of Payment Service Providers (Payment Processors)

  • PayPal
    If you pay via PayPal, credit card via PayPal, direct debit via PayPal, or—if offered—“Pay Upon Invoice” or “Installment Payment” via PayPal, we transmit your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) pursuant to Art. 6(1)(b) GDPR to the extent necessary for payment processing.
    PayPal may perform a credit check for certain methods (credit card via PayPal, direct debit via PayPal, “Pay Upon Invoice,” “Installments”). For this purpose, your payment data may be transmitted to credit agencies pursuant to Art. 6(1)(f) GDPR based on PayPal’s legitimate interest in determining your solvency. Results (probability values/score values) may be used to decide on the provision of payment methods. Score values are calculated using recognized statistical methods and may include address data. For details, see PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
    You may object to this processing by notifying PayPal. However, PayPal may still process your personal data if necessary for contractual payment processing.
  • SOFORT
    If you choose “SOFORT,” payment processing is carried out by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (“SOFORT”), to whom we transmit the data you provided during the order process, including order information, pursuant to Art. 6(1)(b) GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Data are transmitted solely for payment processing with SOFORT and only as necessary. Privacy information: https://www.klarna.com/sofort/datenschutz


Review Request Contact

Own review reminder (no third-party review system):
With your express consent pursuant to Art. 6(1)(a) GDPR given during or after your order, we may use your email address for a one-time reminder to submit a review of your order in our review system. You may revoke your consent at any time by contacting the controller.


Use of Social Media: Social Plugins

9.1 Facebook Plugins with Shariff Solution
We use social plugins (“plugins”) of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”).
To better protect your data, these buttons are integrated only as HTML links (Shariff). This ensures no connection to Facebook’s servers is made when a page containing such buttons is loaded. Clicking the button opens a new browser window and loads Facebook, where you can interact with plugins (after logging in, if necessary).
Facebook Inc. is certified under the EU-US Privacy Shield framework.
For details on data collection and use by Facebook, and your rights and settings, see Facebook’s privacy policy: https://www.facebook.com/policy.php

9.2 Google+ Plugins with Shariff Solution
We use plugins of the social network Google+, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Buttons are integrated as HTML links (Shariff) so no connection to Google’s servers occurs when loading our page. Clicking opens Google+ (after login, if applicable).
Google LLC is certified under the EU-US Privacy Shield.
More information: https://www.google.com/intl/de/policies/privacy/

9.3 Instagram Plugins with Shariff Solution
We use plugins of Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”), integrated as HTML links (Shariff).
Instagram LLC is certified under the EU-US Privacy Shield.
More information: https://help.instagram.com/155833707900388/


Online Marketing

10.1 DoubleClick by Google
This website uses DoubleClick by Google (Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). DoubleClick uses cookies to display relevant ads, improve campaign reports, or prevent repeated display of the same ads. Google uses a cookie ID to determine which ads are shown in which browser and to prevent duplicates. Processing is based on our legitimate interest in optimal marketing (Art. 6(1)(f) GDPR). DoubleClick may also measure conversions related to ad requests. According to Google, DoubleClick cookies do not contain personal data.

Your browser automatically establishes a direct connection to Google’s servers. We have no control over the scope and further use of the data collected by Google. If you are logged in to a Google service, Google may associate your visit with your account. You can opt out of tracking by blocking cookies from www.googleadservices.com in your browser settings (https://www.google.de/settings/ads), by using the Digital Advertising Alliance settings at www.aboutads.info, or by configuring your browser to notify you about cookies so you can accept them individually or block them entirely. Disabling cookies may limit website functionality.
Google LLC is certified under the EU-US Privacy Shield.
More information: https://www.google.de/policies/privacy/

10.2 Google Ads Conversion Tracking
We use Google Ads (Google LLC.) and Google’s conversion tracking. A conversion cookie is set when a user clicks a Google Ads ad. These cookies usually expire after 30 days and are not used for personal identification. Google and we can recognize that a user clicked an ad and was redirected to a page with a conversion tag. Each Ads customer receives a different cookie. The information is used to compile conversion statistics. If you do not wish to participate, disable the Google conversion cookie in your browser settings. Processing is based on our legitimate interest in targeted advertising (Art. 6(1)(f) GDPR).
Google LLC is certified under the EU-US Privacy Shield.
More information: https://www.google.de/policies/privacy/
You can permanently deactivate ad cookies via your browser settings or by installing the plugin available at: https://www.google.com/settings/ads/plugin?hl=de
Note that disabling cookies may limit website functionality.


Web Analytics Services

Google (Universal) Analytics
This website uses Google Analytics (Google LLC). Google Analytics uses cookies to analyze website usage. Information generated by the cookie (including the truncated IP address) is usually transmitted to and stored on a Google server in the USA.

We use Google Analytics exclusively with the “_anonymizeIp()” extension, which shortens IP addresses to prevent direct personal identification. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Processing in such cases occurs pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in statistical analysis of user behavior for optimization and marketing.

Google processes this information on our behalf to evaluate website use, compile reports, and provide other services related to website activity and internet usage. The IP address transmitted by your browser within Google Analytics is not merged with other Google data.

You can prevent cookies by adjusting your browser settings; however, some parts of the website may not function fully. You can also prevent collection and processing of data by Google by installing the browser add-on available at: https://tools.google.com/dlpage/gaoptout?hl=de

Alternatively, especially on mobile devices, you can set an opt-out cookie to prevent future data collection on this website in this browser (note: the opt-out cookie is browser- and domain-specific and must be reset if you delete cookies): Deactivate Google Analytics.

Google LLC is certified under the EU-US Privacy Shield.
We also use Google Analytics for cross-device analysis via a user ID. On first page load, a unique, persistent, anonymous ID is assigned to the user across devices/sessions. The user ID contains no personal data and is not transmitted to Google. You can opt out of user-ID-based collection at any time by disabling Google Analytics on all systems you use.


Retargeting / Remarketing / Recommendation Advertising

Facebook Custom Audiences via Pixel
We use the Facebook Pixel (Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA). With your express consent, user behavior can be tracked after viewing or clicking a Facebook ad to measure effectiveness and optimize future campaigns. Data are anonymous to us but processed by Facebook and may be associated with user profiles for Facebook’s own advertising purposes (see https://www.facebook.com/about/privacy/). A cookie may be stored for these purposes. Processing occurs only with your express consent (Art. 6(1)(a) GDPR). Consent may only be given by users aged 13 or older. Facebook Inc. is certified under the EU-US Privacy Shield. You can disable third-party cookies (e.g., Facebook) via the Digital Advertising Alliance: https://www.aboutads.info/choices/.

Google Ads Remarketing
We use Google Ads Remarketing to advertise in Google search results and on third-party websites. Google places a cookie to enable interest-based advertising using a pseudonymous cookie ID. Processing is based on our legitimate interest in optimal marketing (Art. 6(1)(f) GDPR). If you have allowed Google to link your web/app history to your Google Account and to use information from your account to personalize ads, Google may use your data together with Google Analytics to build cross-device remarketing lists. You can permanently disable ad cookies via the plugin at https://www.google.com/settings/ads/onweb/ or manage cookies via www.aboutads.info. Functionality may be limited if you do not accept cookies. Google LLC is certified under the EU-US Privacy Shield. More info: https://www.google.com/policies/technologies/ads/.


Rights of the Data Subject

13.1 Applicable data protection law grants you comprehensive rights regarding the processing of your personal data:

  • Right of access (Art. 15 GDPR): Access to your data, purposes, categories, recipients, storage period/criteria, existence of rights to rectification, erasure, restriction, objection, complaint to a supervisory authority, data source (if not collected from you), existence of automated decision-making including profiling and meaningful information about the logic involved and consequences, and information about safeguards under Art. 46 GDPR for transfers to third countries.
  • Right to rectification (Art. 16 GDPR): Immediate correction of inaccurate data and completion of incomplete data.
  • Right to erasure (Art. 17 GDPR): Erasure where Art. 17(1) conditions are met, except where processing is necessary for freedom of expression and information, legal obligations, public interest, or legal claims.
  • Right to restriction (Art. 18 GDPR): Restriction while accuracy is verified, if processing is unlawful and you oppose erasure, if data are needed for legal claims after we no longer need them, or pending verification of an objection.
  • Right to notification (Art. 19 GDPR): We must inform recipients of rectification/erasure/restriction unless impossible or disproportionate; you have the right to be informed of these recipients.
  • Right to data portability (Art. 20 GDPR): Receive your data in a structured, commonly used, machine-readable format or have it transmitted to another controller where technically feasible.
  • Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time with future effect; we will then cease processing unless another legal basis applies.
  • Right to lodge a complaint (Art. 77 GDPR): Complain to a supervisory authority, especially in your place of residence, workplace, or the place of the alleged infringement.

13.2 Right to Object
WHERE WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTERESTS AFTER A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE RELEVANT DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
WHERE YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING. IF YOU OBJECT, WE WILL IMMEDIATELY STOP PROCESSING YOUR DATA FOR DIRECT ADVERTISING PURPOSES.


Retention Period for Personal Data

The retention period is based on statutory retention obligations (e.g., commercial and tax law). After these periods expire, the relevant data are routinely deleted unless they are still necessary for contract performance or initiation and/or we have a legitimate interest in continued storage.