Privacy Policy
1. Responsible
2. Privacy Officer
3. Technical operation of our website
4. Detection and defence of attacks against our website
5. Creation of a customer account
6. Orders
7. Payment service provider
8. Customer service
9. Email newsletter
10. Warning about data transfer to third countries
11. Tools for analysing the use of our website
12. Advertising services
13. Reviews.io and ratings
14. WhatsApp chat
15. Links to our social media sites
16. Privacy notice for our Facebook page
17. Shipping
18. Your rights
19. Explanation of various terms
1. Responsible
Phone: +49 941 206 068 20
E-mail: kontakt@misspompadour. de
2. Data protection officer
3. Technical operation of our website
- Date and time of access
- Name and URL of the page or file accessed
- browser used, operating system of the end device
- HTTP status code
Individual settings for cookies
- Chrome Browser - https://support.google.com/accounts/answer/61416?hl=de
- Internet Explorer - https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Microsoft Edge - https://support.microsoft.com/de-de/windows/microsoft-edge-browserdaten-und-datenschutz-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd
- Mozilla Firefox - https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Safari - https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Cookies used
Consent & Cookie Settings
Name | Storage period | Domain | Description |
mpCookieBanner | 1 year | misspompadour. com | Stores whether the Consent Banner has already been displayed to the user |
mpCookieSettings | 1 year | misspompadour. com | Saves the user's settings for the Consent Banner |
mpPinterestButton | 1 year | misspompadour. com | Stores whether the user has consented to the display of the Pinterest "Pin-it" button via 2-click solution |
mpYoutubeVideos | 1 year | misspompadour. com | Stores whether the user has agreed to the embedding of Youtube videos |
Shopware (shop system)
Name | Storage period | Domain | Description |
timezone | 30 days | misspompadour. com | Detection of the correct timezone of the user. |
csrf[frontend. account. login] | Session | misspompadour. de | Security cookie for the login to the customer account. |
csrf[frontend. account. register. save] | Session | misspompadour. com | Security cookie for the registration in the shop. |
csrf[frontend. checkout. line-item. add] | Session | misspompadour. com | Security cookie for adding products to the shopping cart. |
csrf[*] | Session | misspompadour. com | Security cookies for core functions of the shop system. |
session* | Session | misspompadour. com | Identifies the session of a user |
AWSALBTGCORS | 7 days | misspompadour. de | Ensures the technical functionality of the shop during high system loads. Part of Amazon Web Services Elastic Load Balancing, which always connects users to the same server if necessary. |
AWSALBTG | 7 days | misspompadour. com | Ensures the technical functionality of the shop under high system load. Part of Amazon Web Services Elastic Load Balancing, which always connects users to the same server if necessary. |
MissPompadour Analytics
Name | Storage period | Domain | Description |
_mpParams | 1 year | misspompadour. com | This cookie allows us to identify your visitor source (referrer URL) when you place a new order |
4. Detection and defence of attacks against our website
5. Creating a customer account
Bonus programme "PompCoins
If you register for and use our bonus programme, we process the data you provide and the interactions you have with our website or app in order to set up and manage your bonus programme account, to credit or redeem points and to enable you to use the services we offer in connection with the bonus programme. In the bonus programme account, in addition to the data that you provided when setting up the account, further data is processed that arises in connection with the use of the account, such as which interactions for which points are awarded were carried out, when points were redeemed and when points expire. The legal basis for the corresponding processing of your data is Art. 6 para. 1 lit. b) DSGVO. This data related to the bonus programme account is stored until the customer account is deleted. If we are legally obliged to store the data for a longer period of time (e.g. to fulfil accounting obligations or legally required proofs) or if we are legally entitled to store the data for a longer period of time (e.g. due to an ongoing legal dispute against the owner of a bonus programme account), the data will be deleted after the storage obligation or authorisation has expired.
6. Orders
7. Payment service provider
- Paypal - https://www.paypal.com/de/webapps/mpp/ua/privacy-prev?locale.x=de_DE
- Klarna - https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
- Stripe - https://stripe.com/de/legal/privacy-center
- Amazon Pay - https://pay.amazon.de/help/201212490
Cookies used
Paypal
Name | Storage period | Domain | Description |
paypalplus_session_v2 | Session | misspompadour. com | Contains data for the payment transaction of an order. |
Klarna
Name | Storage period | Domain | Description |
thx_global_guid | 5 years | online-metrix. net | Used to detect and prevent fraud. |
thx_guid | 5 years | online-metrix. net | Used to detect and prevent fraud. |
Stripe
Name | Storage period | Domain | Description |
__stripe_sid | Session | misspompadour.com | Used to identify the session in the checkout with Stripe. |
__stripe_mid | 1 year | misspompadour.co.uk | Used to identify the user in the checkout with Stripe. |
Amazon Pay
Name | Storage period | Domain | Description |
session-token | 1 year | amazon.com | Contains a token to identify the session in the checkout for Amazon Pay |
session-id-* | 1 year | amazon.com | Contains additional information such as the time the session was initialised |
apay-session-set | 1 year | misspompadour.com | Contains additional information to identify the checkout session for Amazon Pay |
8. Customer service via Dixa
8. 1 Contact form
Your data will be deleted after your enquiry has been dealt with, unless we are legally obliged to store it for a longer period. In this case, the deletion takes place after the expiry of the corresponding obligation.
8. 2 FAQ via Elevio
We use Elev. io, a service provided by Elevio Pty Ltd, Level 1, 2 Mill Place , Melbourne, Victoria 3000, Australia to provideyou with answers to frequently asked questions / FAQs about our service in context. Elev. io only collects user information on our behalf when you actively submit it to us via the contact form on the help pages provided by Elev. io. Elev. io, is committed to using this data only for direct service delivery in our context. The information collected by Elev. io is generally stored on an Elev. io server in Australia, Elev. io complies with the provisions of the GDPR when processing personal data. As an Australian company, Elev. io is subject to the requirements of the Australian Privacy Act 1988 (Cth). The legal basis for the processing of data is your consent pursuant to Art. 6 para. 1 lit. a DSGVO and our legitimate interest pursuant to Art. 6 para. 1 lit. f) DSGVO to provide you with easy access to help topics. You can findmore information in the Elev. io privacy policy.
9. Email newsletter and postal advertising
To confirm your subscription to the newsletter, you must click on the confirmation link in the verification email that we send you after your subscription. When you click on the link provided in the verification message, we process the date and time of the click, the content of the message sent to you and the email address used. This is done in order to be able to prove that you have subscribed to the newsletter and confirmed your consent. The legal basis for this processing is Art. 6 para. 1 lit. c) DSGVO, as we are legally obliged to be able to prove your consent.
We delete your personal data related to the newsletter subscription when you unsubscribe. Data that we need as proof that you have subscribed to the newsletter will be deleted after the expiry of the limitation period for corresponding obligations to provide proof.
If you purchase a product or service via our website or app, we will send you our email newsletter on the basis of Section 7 (3) of the German Unfair Competition Act (UWG) and Article 6 (1) (f) of the German Data Protection Act (DSGVO). For this purpose, we use the email address you provided during the purchase. You can unsubscribe from the newsletter at any time with future effect, e.g. by using the unsubscribe link mentioned in the newsletters
We individualise the dispatch and content of our newsletter on the basis of Art. 6 Para. 1 lit. f) DSGVO on the basis of your purchases made with us in order to offer you products that we assume are of interest to you
We send postal advertising to our customers on the basis of a weighing of interests in accordance with Art. 6 (1) (f) DSGVO. You can object to the corresponding use of your data at any time. Our legitimate interest in this is to inform our customers about our offers.
10. Warning about data transfers to third countries
For various services which are used on our website with your consent or which process data via our website (e. g. for advertising purposes), you will find a warning in this data protection notice that data may be transferred to third countries.
What does this warning mean?
In the event of a data transfer to a third country, your personal data will leave the local scope of the GDPR. In individual cases, a level of data protection may apply in the third country that does not meet the requirements of the GDPR. For some countries, e. g. Switzerland, there is a so-called adequacy decision. In the opinion of the EU Commission, the level of data protection in these states meets the requirements of the GDPR. They are therefore considered safe for data protection purposes. For other countries, in particular the USA, there is no such decision, as in these countries there is no level of protection for your personal data that corresponds to that of the GDPR. In the case of a data transfer to a third country, it is therefore possible that your personal data will be transferred to a country, e. g. the USA, for which there is no level of data protection that is compatible with the GDPR.
What does this mean for your personal data?
By concluding so-called standard contractual clauses, the GDPR allows you to agree that the contractual partner, e. g. the parent company in the USA, must comply with the requirements of the GDPR for the corresponding data processing, even if these would otherwise not apply to the contractual partner. This is intended to contractually create a level of data protection that corresponds to that of the GDPR, so that data subjects are not placed in a worse position than if their personal data were processed in the EU.
However, contracts only bind the parties to them and not third parties such as government agencies. Therefore, in one country, e. g. the US, government agencies may have the right to access personal data of EU citizens, even if this violates their rights. These accesses can be very broad and can all relate to all your data that is processed there. They can be done without a judge or similar having to order them. They can be secret, so that you don't know about these accesses. And you may have no way to defend yourself against access and any use of your data, especially in a court of law. Furthermore, the data subject rights to which you are entitled under the GDPR (e. g. information, deletion) may also not exist or may not be enforced. The data processed in this way may also be combined with other data concerning you from other sources, for example to create a profile about you.
This possible use of your data could, but does not have to, be associated with disadvantages for you. Since government agencies in third countries in particular are not subject to EU law or German law, it is not possible to specify exactly what disadvantages these might be. Disadvantages can therefore be of any nature, e. g. economic or political. For example, you may not be allowed to enter a country, or your data may be used against you in foreign criminal proceedings. The disadvantages can be very serious in individual cases
How high are my risks?
We cannot give a general answer as to how high the risks presented are in individual cases. We can only point out that the decisive question is which service, and therefore which company, has access to your data in connection with your use of our website. Furthermore, it is decisive which personal data is affected by this. On our website, it is - in our opinion - only about the possible processing of personal data in third countries in connection with advertising services such as Google, Microsoft or Facebook. This will be data on which website you visited and when, how long you stayed on this website, from where the access took place, which end device or which software (browser, app) was used for this purpose, which interactions you carried out on the website, if this is transmitted to the operator of the service (e. g. the purchase of a product after clicking on an advertisement). Please read the information on the respective services) and, if applicable, further data that the respective operator processes. For this, we refer you to the respective data protection information of the services. You will find the links to these in these data protection notices in the explanation of the respective service.
You must weigh up for yourself whether giving your consent and possibly transferring it to a third country could create a situation for you that you do not want to live with. In this case, please do not give your consent to the use of these services.
You will not suffer any disadvantages if you do not give your consent
If you do not wish to give your consent to the use of certain or all services or the storage of cookies, this will not have any disadvantages for you on our website. All our offers are available to our customers under the same conditions, regardless of whether they give their consent or not. Of course, you can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
11. Tools for analysing the use of our website
You can revoke your consent at any time with effect for the future here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.
In addition, the services offer you the possibility to object to the use in general, and not only for our website. Please refer to the information provided for the respective services.
a. Google Analytics
Google Analytics processes the following data about the use of our website:
- approximate location at the level of a region
- anonymised IP address
- technical information on the browser and terminal device used (e.g. language setting, screen resolution)
- Internet provider of the user
- via which website/ via which advertising medium a user came to this website
- the pages called up by the user
- whether users take certain actions on our website, so-called conversions, e.g. the purchase of a product newsletter registrations, downloads, purchases)
- user behaviour (e.g. which links are clicked on, how long a user stays on a website, from which website the user leaves our website)
We have deactivated the functions in Google Analytics that would allow Google or another third party to use data as the responsible party.
No personal profiles are created; the corresponding statistics only contain summarised data that do not allow any conclusions to be drawn about a specific person.
The evaluations created by Google Analytics enable us to understand how our website is used and which advertising measures have what success. This allows us to optimise our website (in particular its structure, content, functions) and advertising measures and thus our business success. Based on your consent, the legal basis for the processing is Art. 6 para. 1 lit. a) DSGVO. In Google Analytics, we have set a storage period of 14 months for the personal data concerned. The deletion of data whose retention period has been reached takes place automatically once a month.
In the context of commissioned processing, Google is entitled to engage subcontractors. A list of these subcontractors can be found at https://privacy.google.com/businesses/subprocessors/.
In the course of Google Ireland Limited's activities, data may be exported to a third country within the meaning of Article 44 of the GDPR. Google Ireland Limited states that it will only do so if the applicable requirements are met.
Google only offers a so-called browser plugin as a website-wide function for opting out of the use of Google Analytics. You can find information about this here.
The information generated by this about your use of this website is usually transferred to a Google server in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European privacy principles. Both Google and US government agencies have access to your data. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices and any other data Google may have about you.
We also use the Google Signals service in this context. Google Signals enables cross-device tracking. Your data can thus be analysed across devices if you have activated "personalised advertising" in your account settings and your end devices are linked to your Google account. This makes it possible to identify on which device you search for products and later return to complete purchases on another device such as a tablet. The cross-device reports generated in this context contain aggregated data only. We thus only receive statistics generated on the basis of Google Signals. To prevent data collection and storage by Google Signals across devices, you can deactivate the "personalised ads" function in the settings of your Google account. Formore information, please visit https://support.google.com/ads/answer/2662922?hl=de. For more information on data processing and privacy on Google Signals, please visit https://support.google.com/analytics/answer/7532985?hl=de.
Your consent can be revoked at any time here with effect for the future. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.
Cookies used, responsible: Google Ireland Limited
Name | Storage period | Domain | Description |
_ga | 2 years | misspompadour. com | Used to distinguish individual users from each other. |
_ga_* | 2 years | misspompadour. com | Used to distinguish individual users from each other. |
_gid | 24 hours | misspompadour. com | Used to distinguish individual users from each other. |
_gat_* | 1 minute | misspompadour. com | Used to throttle the rate of server requests. |
b. Google Optimize
As part of the order processing, Google is entitled to engage subcontractors. A list of these subcontractors can be found at https://privacy.google.com/businesses/subprocessors/.
In the course of the activities of Google Ireland Limited, data may be exported to a third country within the meaning of Article 44 of the GDPR. Google Ireland Limited states that it will only do so if the applicable requirements are met.
Google only offers a so-called browser plugin as a website-wide function for opting out of the use of Google Analytics. Information on this can be found here.
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is thus obliged to comply with European privacy principles.
Your consent can be revoked at any time here with effect for the future. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.
Cookies used, responsible: Google Ireland Limited
Name | Storage period | Domain | Description |
_gaexp | Up to 90 days | misspompadour. com | Determines whether a user is included in a particular experiment or not and contains the expiry date of the experiment. The storage period depends on the length of the experiment. |
_opt_awcid | 24 hours | misspompadour. com | Used for campaigns associated with Google Ads customer IDs |
_opt_awmid | 24 hours | misspompadour. com | Used for campaigns associated with Google Ads Campaign IDs |
_opt_awgid | 24 hours | misspompadour. com | Used for campaigns associated with Google Ads Group IDs |
_opt_awkid | 24 hours | misspompadour. com | Used for campaigns associated with Google Ads criteria IDs |
_opt_utmc | 24 hours | misspompadour. com | Stores the last `utm_campaign` URL parameter |
c. Hotjar
To analyse how our website is used, we use hotjar, a service provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta, hotjar.com.- Usage data of visitors to our website (which website is called up, where does the mouse move on a website, which page elements are clicked on, where is a website scrolled to;
- the so-called Hotjar User Unique User Identifier (UUID), which is used to distinguish the usage data of visitors from each other;
- the IP address, which is immediately anonymised;
- technical data of the terminal device used to visit our website (screen size, device type (Unique Device Identifiers), browser used, language set for displaying our website);
- The country from which a visitor accesses our website;
Cookies used, responsible: Hotjar Ltd
Name | Storage period | Domain | Description |
_hjid | 1 year | misspompadour. com | Used to distinguish users from each other. |
_hjTLDTest | Session | misspompadour. com | Used to ensure the use of Hotjar across subdomains. |
_hjFirstSeen | Session | misspompadour. co. uk | Used to identify a user's first session. |
_hjAbsoluteSessionInProgress | 30 minutes | misspompadour. co. uk | Used to identify a user's first page view during a session. |
_hjRecordingEnabled | Session | misspompadour. co. uk | Used as soon as a recording is started. |
_hjIncludedInSessionSample | Session | misspompadour. co. uk | Used to track a user's assignment to a recording or test. |
_hjRecordingLastActivity | Session | misspompadour. com | Stored in session storage. Updated when the a recording is started and data is transferred to Hotjar via a websocket. |
hjViewportId | Session | misspompadour. com | Stores the user's screen resolution and dimensions |
d. Kameleoon
Cookies used, responsible: Kameleoon SAS
Name | Storage period | Domain | Description |
kameleoonVisitorCode | 1 year | misspompadour. com | Used to distinguish users from each other. |
12. Advertising services
In order to advertise the services we offer and thus to acquire customers, we use the following services on the basis of your consent, which can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a) DSGVO. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy. You can revoke your consent here. The return policy of consent does not affect the lawfulness of the processing carried out on the basis of consent up to the return policy.
In addition, the services offer you the possibility to object to their use in general, and not only for our website. We point this out in the respective services.
Please note that the consent you have given relates to two matters:
- The storage of cookies in the terminal device used by you;
- The use of the respective service as such
- Microsoft Advertising
- Criteo
a. Microsoft Advertising
With your consent, cookies for the Microsoft Advertising service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this section.Cookies used, responsible party: Microsoft Corporation
Name | Storage period | Domain | Description |
MUID | 392 days | bing. com | Contains a randomly generated user ID. Using this ID, Microsoft can recognise the user anonymously across different websites and display personalised advertising. |
_uetsid | 1 tag | misspompadour. com | Contains a unique, non-personally identifiable ID that is used to identify a visitor to our website |
_uetvid | 16 days | misspompadour. com | Contains a unique, non-personally identifiable ID used to identify a visitor to our website |
b. Google Ads
Cookies used, responsible: Google Ireland Limited
Name | Storage period | Domain | Description |
IDE | 1 year | doubleclick. net | Contains a randomly generated user ID. Using this ID, Google can recognise the user across different websites and display personalised advertising. |
RUL | 1 year | doubleclick. net | Used to track whether ads have been displayed and to increase the efficiency of ads. |
test_cookie | 15 minutes | doubleclick. net | Is set as a test to check whether the browser allows cookies to be set. Does not contain any identification features. |
_gcl_au | 90 days | misspompadour. com | Used to distinguish individual users from each other. |
NID | 182 days | google. com | Used to store preferences and other information about the user. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter. |
DV | 7 minutes | google. com | Used to store preferences and other information about the user. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter. |
CONSENT | 20 years | google. com | This cookie is used to store the user's preferences and other information. This includes in particular the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter. |
AID | 3 months | google. com | Used to enable targeted advertising. |
1P_JAR | 1 month | google. com | Collects website statistics and tracked conversion rates. |
c. Criteo
With your consent, cookies for the Criteo service are stored in the browser you use when you visit our website. At the end of this chapter, we will explain which cookies these are.Cookies used, person responsible: Criteo GmbH
Name | Storage period | Domain | Description |
uid | 1 year | criteo. com | Contains a randomly generated user ID. Based on this ID, Criteo can recognise the user across different websites and display personalised advertising. |
d. Facebook Pixel
Order processing
Meta Platforms Ireland Ltd. acts as a processor insofar as so-called event data is processed on our behalf in order to create reports for us on the impact of our advertising campaigns operated via Facebook and other Facebook content (e.g. our posts on facebook.com) as well as analyses and insights about users of our website and their use of the website. For this purpose, we do not create profiles that we can associate with specific users of our website. "Event Data" is information that we share with Facebook using the Facebook Pixel and relates to individuals and the actions they take on our website, such as visiting our website and making purchases of the products we offer. Event data includes information that is collected and transmitted when people access our website using Facebook login or Facebook plugins (e.g. the "Like" button). However, they do not collect information that is created when a user interacts with our website via Facebook login, Facebook plugins or in any other way (for example, by logging in or by marking or sharing an article with "Like").Joint responsibility
We are joint data controllers with Meta Platforms Ireland Ltd. under Article 26 of the GDPR for the use of event data generated by our use of the Facebook Pixel, to the extent that it is used to improve the display of our ads served through Facebook and the delivery optimisation of those ad campaigns. For this purpose, Meta Platforms Ireland Ltd. relates this event data to people who use products of the Facebook companies in order to show our advertising campaigns only to people who have visited our website (so-called ad targeting) or who are assumed to also be interested in our services. In connection with ad targeting and optimising ad delivery, Facebook Ireland Ltd. uses the event data we generate to optimise ad delivery only after it has been aggregated with other data collected by other Facebook advertisers or otherwise on Facebook products. Facebook does not allow other advertisers or other third parties to target ads based solely on the Event Data we submit. A description of what personal data is processed by us and Meta Platforms Ireland Ltd. as joint controllers as a result of the use of the pixel can be found here. According to information from Facebook, this is the following data:- HTTP header information such as, among others, information about the web browser or app used (e.g. user agent, language setting country-specific/language)
- Information on standard/optional events such as "page view" or "app installation", other object properties as well as buttons clicked by visitors to the website, products added to the shopping cart and purchased, in each case according to the configuration of the business tool
- Online identifiers such as, but not limited to, IP addresses and, where provided, Facebook related identifiers or device IDs (such as mobile operating system advertising IDs) and ad tracking disablement/restriction status information;
Sole responsibility of Facebook
Meta Platforms Ireland Ltd. is solely responsible under data protection law for the processing of personal data that goes beyond the foregoing and is in connection with the Facebook Pixel. The Privacy Policy of Meta Platforms Ireland Ltd. can be found here. You can find more ways to object to Facebook using your personal data for these purposes here.Cookies used, responsible person: Facebook Ireland Ltd
Name | Storage period | Domain | Description |
_fbp | 90 days | misspompadour. com | Used to distinguish individual users from each other. |
fr | 90 days | facebook. com | Used to distinguish individual users from each other. |
ATN | 2 years | atdmt. com | Contains a randomly generated user ID. This ID allows Facebook to recognise the user across different websites and serve personalised ads. |
e. Pinterest Tag
With your consent, cookies for the Pinterest Tag service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this chapter.Cookies used, responsible person: Pinterest
Name | Storage period | Domain | Description |
_pin_unauth | 1 year | misspompadour. com | Is a first-party cookie that groups actions for users who cannot be identified by Pinterest. |
_pinterest_ct_ua | 1 year | pinterest. com | Identical to _pin_unauth, but as a third-party cookie. |
_pinterest_sess | 1 year | pinterest. com | Is the cookie for logging into Pinterest. It contains user IDs, authentication tokens and timestamps. When users log out, the authentication tokens are deleted, but the cookies remain. We use the logged out user IDs to optimise usage and measurability. |
_pinterest_ct | Session | pinterest. com | Contains a user ID and the timestamp when the cookie was created. |
_pinterest_ct_rt | Session | pinterest. com | Identical to _pinterest_ct |
_epik | Session | pinterest. com | Placed by JavaScript tag based on information sent by Pinterest with advertised traffic to identify user |
_derived_epik | Session | pinterest. com | Placed by the Pinterest tag when a match is detected without cookies being present, e. g. with Enhanced Match. |
f. TikTok Pixel
With your consent, we use the advertising services of TikTok, a service provided by TikTok Technology Limited, a company incorporated in the Republic of Ireland with its registered office at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
We use this feature to display our advertisements on TikTok to individuals who have visited our website or who we believe may be interested in our offerings and therefore our advertisements. Furthermore, TikTok allows us to measure the effectiveness of our advertisements by determining whether a person was redirected to our website after clicking on a corresponding advertisement
In terms of privacy law, TikTok acts in part for us as a processor and in part we are jointly responsible with them in accordance with Art. 26 DSGVO. In all other respects, TikTok alone is responsible for the corresponding processing of personal data. You will find a description of the respective legal responsibility here under Part B, Item 1.4. Of the services listed there (as of December 2022), we use services a), b), c), d) and i). You will also find the agreements concluded by us with TikTok in this respect under the above link.
If you have an account with TikTok, you can make settings for the processing of your personal data, especially for advertising purposes. You can find the privacy policy for TikTok here and further information here
You can revoke your consent to the use of TikTok on our site at any time with future effect by clicking here Link to Consent Layer. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.
Please note our warnings regarding third countries, as TikTok may process personal data in countries that do not have a level of privacy that meets the standards of the GDPR. Your data may be transferred to third countries, such as the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified according to the TADPF. The transfer of data to the USA and to third countries without an adequacy decision is based, among other things, on standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed here.
Cookies used, responsible: TikTok Technology Limited
Name | Storage period | Domain | Description |
_ttp | 13 months | misspompadour.com | Contains an anonymous user ID. Used to display ads relevant to the user. |
_tt_enable_cookie | 13 months | misspompadour.co.uk | Saves that cookies have been set by TikTok |
13. Reviews.io and ratings
Use of the reviews portal
Widgets and badges with ratings
14. WhatsApp chat
15. Links to our social media presences
16. Privacy policy for our Facebook page
- View a page, post, video, story or other content associated with a page
- Interact with a story
- Subscribe or unsubscribe to a page
- Tag a page or post with "Like" or "Stop liking"
- Recommend a page in a post or comment
- Comment, share or respond to a Page post (including how you respond)
- Hide a Page post or report it as spam
- Hover over a link to a page or the name or profile picture of a page to preview page content
- Click on the website button, phone number button, "plan route" button or any other button on a page
- See a page's event, respond to an event (including how to respond), click on a link for event tickets
- Start a Messenger conversation with the page
- View or click on items in a page shop
- Information about the action, the person who took the action and the browser/app used to do it. These are for example:
- Date and time of the action
- Country/city (estimated from the IP address or imported from the user profile if the user is logged in)
- Language code (from the HTTP header of the browser and/or the language setting)
- Age/gender group (from user profile, only for logged in users)
- Previously visited websites (from the browser HTTP header)
- Whether the action was taken on a computer or on a mobile device (from the browser user agent or app attributes)
- Facebook user ID (only for logged in users)
17. Shipping
Order-relevant data (contact and delivery data) can be transmitted to our shipping partner for shipping processing.
Shipping with dropp - Same-Day Delivery
For express delivery of orders, we work together with dropp in Berlin, Hamburg and Munich in order to be able to offer you fast delivery within the next few hours. This shipping service provider receives the following data from us for the execution of the respective order:
- Your name
- Your delivery address
- If applicable, your e-mail address or alternatively your telephone number for coordinating the delivery date via SMS
Shipping to Switzerland
We work with our shipping partner exporto GmbH to ship your order to Switzerland.
Switzerland - Shipping within Germany:
exporto GmbH
Max-Stromeyer-Str. 172
DE-78467 Konstanz
Register court: Freiburg Local Court
Register number: HRB 721808
VAT number: DE331284697
Switzerland - Shipping within Switzerland:
exporto Schweiz GmbH
Hafenstrasse 50C
CH-8280 Kreuzlingen
UID: CHE-130.123.814
VAT: CHE-130.123.814 VAT
Contact:
Phone: +49 7531 3027860
E-mail: info@exporto.de
18. Your rights
Right to information
According to Article 15 of the GDPR, you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have the right to be informed about this personal data and to further information, which are mentioned in Art. 15 of the GDPR.Right to rectification
According to Article 16 of the GDPR, you have the right to demand that we correct inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.Right to erasure ("right to be forgotten")
Within the limits of Article 17 of the GDPR, you have the right to demand that we delete personal data relating to you without delay. We are obliged to delete personal data without delay if the relevant requirements of Article 17 of the GDPR are met. For details, please refer to Art. 17 of the GDPR.Right to restriction of processing
In accordance with Art. 18 DSGVO, you have the right under certain conditions to demand that we restrict the processing of your personal data. For the details, please refer to Art. 18 DSGVO.Right to data portability
Under the conditions of Art. 20 DSGVO, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Pursuant to Article 20 of the GDPR, you also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out using automated procedures.Right to lodge a complaint with the supervisory authority
Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority, without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.Right to object
Pursuant to Article 21 of the GDPR, you have the right to object to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.19. Explanation of various terms
EEA - is the European Economic Area. In addition to the EU member states, this includes Iceland, Liechtenstein and Norway.
Third countries - are countries that do not belong to the EEA and for which there is no EU Commission adequacy decision
IP address - every device that exchanges data via the internet needs a unique identifier, otherwise data (e. g. web pages) that are to be sent to this device cannot be delivered. The computer, smartphone, tablet etc. that you use therefore uses an IP address so that it can retrieve and receive data from the internet. As a rule, you do not use a separate IP address for each end device. Instead, the technology used to connect to the Internet (e. g. your Internet router at home) allows all end devices in a network to appear to the outside world under a common IP address.
lit. - is a Latin abbreviation for "letter" used when quoting legal texts. Art. 6 para. 1 lit. a) DSGVO therefore means "letter a)".
Standard contractual clauses - are a set of contracts provided by the EU Commission that can be the basis for a data transfer to a third country according to Art. 46 (2) (d) GDPR.