• Free shipping from 90€
  • Purchase on invoice
  • Colour consultancy
Go to homepage
€0.00
Privacy Policy Back

Privacy policy

1. Responsible
2. Data protection officer
3. Technical operation of our website
4. Detection and defence of attacks against our website
5. Creation of a customer account
6. Orders
7. Payment service provider
8. Customer service
9. Email newsletter
10. Warning about data transfer to third countries
11. Tools for analysing the use of our website
12. Advertising services
13. Trusted Shops Trustbadge and reviews
14. Reviews. io and ratings
14. WhatsApp chat
15. Links to our social media sites
16. Privacy policy for our Facebook page
17. Shipping
18. Your rights
19. Explanation of various terms

1. Responsible

MissPompadour GmbH
Am Reitfeld 10, 93161 Sinzing, Germany
Phone: +49 941 206 068 20
E-mail: kontakt@misspompadour. de

2. Data protection officer

Our data protection officer will be happy to assist you at the above address and at datenschutz@misspompadour. de.

3. Technical operation of our website

When you access our website with your browser, it transmits various personal data to us. Of this data, we use the following for the following purposes:
We process the so-called IP address so that the browser you use can retrieve content from our website and thus use it. The legal basis for this processing of the IP address is Art. 6 Para. 1 lit. f) DSGVO, as by visiting our website it is also in your interest that we technically enable its use. If the visit to our website serves the conclusion of a contract or the preparation thereof, the legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO.

Furthermore, we process the following data for statistical purposes:
  • Date and time of access
  • Name and URL of the page or file accessed
  • browser used, operating system of the end device
  • HTTP status code

We do not use this data in a personalised manner, but to create statistical evaluations of how and under what technical conditions our website is used, in order to identify errors and make improvements (e. g. in user guidance). The data is not processed in connection with other data that would enable us to establish a personal reference. Therefore, no personal user profiles are created. The legal basis for the use of the data for the creation of the statistics is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest for such processing is that these statistics enable us to identify malfunctions of our website and to optimise it so that the use of the website corresponds as closely as possible to the interests of the users and can thus be used successfully by us.
Furthermore, the personal data transmitted by your browser will not be processed or stored.


Individual settings for cookies

We will explain to you below that various cookies are used on our website, although for the majority of cookies this is only the case if you give the relevant consent.

Use the links below to find out how to change the browser settings that are most important to you, whether and how cookies are processed:

Cookies used

We use the following cookies, which are technically necessary for the operation of our website:

Consent & Cookie Settings

Name Storage period Domain Description
mpCookieBanner 1 year misspompadour. com Stores whether the Consent Banner has already been displayed to the user
mpCookieSettings 1 year misspompadour. com Saves the user's settings for the Consent Banner
mpPinterestButton 1 year misspompadour. com Stores whether the user has consented to the display of the Pinterest "Pin-it" button via 2-click solution
mpYoutubeVideos 1 year misspompadour. com Stores whether the user has agreed to the embedding of Youtube videos

Shopware (shop system)

Name Storage period Domain Description
timezone 30 days misspompadour. com Detection of the correct timezone of the user.
csrf[frontend. account. login] Session misspompadour. de Security cookie for the login to the customer account.
csrf[frontend. account. register. save] Session misspompadour. com Security cookie for the registration in the shop.
csrf[frontend. checkout. line-item. add] Session misspompadour. com Security cookie for adding products to the shopping cart.
csrf[*] Session misspompadour. com Security cookies for core functions of the shop system.
session* Session misspompadour. com Identifies the session of a user
AWSALBTGCORS 7 days misspompadour. de Ensures the technical functionality of the shop during high system loads. Part of Amazon Web Services Elastic Load Balancing, which always connects users to the same server if necessary.
AWSALBTG 7 days misspompadour. com Ensures the technical functionality of the shop under high system load. Part of Amazon Web Services Elastic Load Balancing, which always connects users to the same server if necessary.
In addition, we use the following cookie with your consent, which is not technically necessary:

MissPompadour Analytics

Name Storage period Domain Description
_mpParams 1 year misspompadour. com This cookie allows us to identify your visitor source (referrer URL) when you place a new order

4. Detection and defence of attacks against our website

We process your IP addresses together with the date and time of access and the URL or file accessed, limited to this purpose, for the detection and defence of attacks against the systems used to operate our website. Such attacks could impair the intended functionality of the systems, the use of our website or its functionality as well as the safety of visitors to our website. We hereby pursue the legitimate interest of ensuring processing security in accordance with Art. 32 DSGVO, recognising as well as warding off attacks in order to protect us and the visitors to our website from damage. Recipients of this data may be law enforcement authorities as well as (technical) service providers who support us in detecting or defending against the attacks. The legal basis for the processing is Art. 6 para. 1 lit. f) DSGVO. The IP addresses are deleted after 90 days, unless further storage is necessary for the above purposes in individual cases. In this case, we delete the data when the purpose ceases to exist.

5. Creating a customer account

If you create a customer account on our website, we process the data you provide in order to set up and manage the customer account and to enable you to use the services we offer in connection with the customer account. In the customer account, in addition to the data that you provide when setting up the account, we may also process other data that arises in connection with your use of the account and is visible to you, such as an order history. The legal basis for the corresponding processing of your data is Art. 6 para. 1 lit. b) DSGVO.

We will send an e-mail to the e-mail address you provided when registering, asking you to confirm your registration. This is to prevent third parties from opening a customer account by misusing your e-mail address, for your protection and ours. The legal basis for this is Art. 6 para. 1 lit. f) DSGVO.

This data related to the customer account will be stored until the customer account is deleted. If we are legally obliged to store the data for a longer period of time (e. g. to fulfil accounting obligations or legally required evidence) or if we are legally entitled to store the data for a longer period of time (e. g. due to an ongoing legal dispute against the owner of a customer account), the data will be deleted after the storage obligation or entitlement has expired.

6. Orders

When you order a service offered by us, we process the data provided by you for the conclusion and implementation of the corresponding contract. The legal basis for the processing is Art. 6 Para. 1 lit. b) DSGVO. Due to legal requirements, when you place an order via our website, we are obliged to send an order confirmation by e-mail to the e-mail address you have provided. Furthermore, upon conclusion of a contract, we are subject to legal record-keeping and storage obligations. The legal basis for the corresponding processing is in each case Article 6 para. 1 lit. c) DSGVO.

We also process the data you provide for the purpose of recognising and warding off attempts at fraud on the basis of Article 6 (1) (f) DSGVO. Our aim here is to protect ourselves from fraudulent transactions.

The data is deleted if a legal obligation exists when the storage obligation ceases to exist, unless we are entitled to further processing (e. g. in a legal dispute). Otherwise, we delete the data when they are no longer required to prove the existence or non-existence of a claim.

7. Payment service provider

For all payment options offered by us, the respective provider is responsible for data protection. Insofar as data is transferred to the respective payment service provider for the execution of a contract with you (name, address, purchase price to be paid), this is done on the basis of Art. 6 Para. 1 lit. b) DSGVO, so that the respective service provider has the data at its disposal which it requires for the execution of the payment transaction and the selection of the available means of payment. If the payment service provider transfers data relating to you to us, we also use this data for the performance of the corresponding contractual relationship with you. The legal basis is therefore also Art. 6 para. 1 lit. b) DSGVO.

Cookies used

Paypal

Name Storage period Domain Description
paypalplus_session_v2 Session misspompadour. com Contains data for the payment transaction of an order.

Klarna

Name Storage period Domain Description
thx_global_guid 5 years online-metrix. net Used to detect and prevent fraud.
thx_guid 5 years online-metrix. net Used to detect and prevent fraud.

Scalapay

Name Storage period Domain Description
CognitoIdentityServiceProvider. * 7 days scalapay. com Contains data for the payment transaction of an order.
_iub_cs-* 1 year scalapay. com Consent Banner settings for Scalapay.

8. Customer service via Dixa

We use the "Dixa" system of the provider Dixa ApS, Vimmelskaftet 41A, 1 Sal., 1161 Copenhagen, Denmark, in order to be able to manage and respond more quickly and efficiently to enquiries from users, who may be customers, potential customers or third parties. The legal basis for this is our legitimate interest in processing your request quickly and effectively in accordance with Art. 6 Para. 1 lit. f) DSGVO. If your enquiry serves the conclusion of a contract with us, the further legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO.
As a European company, Dixa is subject to the requirements of the GDPR. Dixa provides us with its software for processing our customer enquiries and only processes customer data in a technical sense. We have concluded a contract with Dixa for commissioned data processing in accordance with Art. 28 DSGVO, in which Dixa undertakes to process the data thus received only in accordance with our instructions and to comply with the EU level of data protection.
Different categories of data are processed: Contact data (e. g. name, address, telephone number, email), content data (e. g. photographs), the data you enter. We have made sure that user data is secure at Dixa. Communication is encrypted using the HTTPS protocol and SSL certificates and data is stored in Europe. Your data will be deleted after your request has been dealt with, unless we are legally obliged to store it for a longer period. In this case, the deletion takes place after the expiry of the corresponding obligation.
You can object to this data processing at any time with effect for the future by informing Dixa of your decision via one of the above-mentioned contact options. Further information about Dixa can be found in the privacy policy

8. 1 Contact form

If you use our contact form, we use the data you provide us with to process your request. The legal basis for this is our legitimate interest in processing your request in accordance with Art. 6 Para. 1 lit. f) DSGVO. If your request serves the conclusion of a contract with us, the further legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO.

Your data will be deleted after your enquiry has been dealt with, unless we are legally obliged to store it for a longer period. In this case, the deletion takes place after the expiry of the corresponding obligation.

8. 2 FAQ via Elevio

We use Elev. io, a service provided by Elevio Pty Ltd, Level 1, 2 Mill Place , Melbourne, Victoria 3000, Australia to provideyou with answers to frequently asked questions / FAQs about our service in context. Elev. io only collects user information on our behalf when you actively submit it to us via the contact form on the help pages provided by Elev. io. Elev. io, is committed to using this data only for direct service delivery in our context. The information collected by Elev. io is generally stored on an Elev. io server in Australia, Elev. io complies with the provisions of the GDPR when processing personal data. As an Australian company, Elev. io is subject to the requirements of the Australian Privacy Act 1988 (Cth). The legal basis for the processing of data is your consent pursuant to Art. 6 para. 1 lit. a DSGVO and our legitimate interest pursuant to Art. 6 para. 1 lit. f) DSGVO to provide you with easy access to help topics. You can findmore information in the Elev. io privacy policy.

9. Email newsletter and postal advertising

When you register for our email newsletter, we process the data you provide. We use this data to create and send our newsletter. The legal basis for the processing is Art. 6 para. 1 lit. a) DSGVO based on your consent. You can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

To confirm your subscription to the newsletter, you must click on the confirmation link in the verification email that we send you after your registration. When you click on the link provided in the verification message, we process the date and time of the click, the content of the message sent to you and the email address used. This is done in order to be able to prove that you have subscribed to the newsletter and confirmed your consent. The legal basis for this processing is Art. 6 para. 1 lit. c) DSGVO, as we are legally obliged to be able to prove your consent.

We delete your personal data related to the newsletter subscription when you unsubscribe. Data that we need as proof that you have subscribed to the newsletter will be deleted after the expiry of the limitation period for corresponding obligations to provide proof.

We send postal advertising to our customers on the basis of a balancing of interests in accordance with Art. 6 Para. 1 lit. f) DSGVO. You can object to the corresponding use of your data at any time. Our legitimate interest in doing so is to inform our customers about our offers

10. Warning about data transfers to third countries

For various services which are used on our website with your consent or which process data via our website (e. g. for advertising purposes), you will find a warning in this data protection notice that data may be transferred to third countries.

What does this warning mean?

In the event of a data transfer to a third country, your personal data will leave the local scope of the GDPR. In individual cases, a level of data protection may apply in the third country that does not meet the requirements of the GDPR. For some countries, e. g. Switzerland, there is a so-called adequacy decision. In the opinion of the EU Commission, the level of data protection in these states meets the requirements of the GDPR. They are therefore considered safe for data protection purposes. For other countries, in particular the USA, there is no such decision, as in these countries there is no level of protection for your personal data that corresponds to that of the GDPR. In the case of a data transfer to a third country, it is therefore possible that your personal data will be transferred to a country, e. g. the USA, for which there is no level of data protection that is compatible with the GDPR.

What does this mean for your personal data?

In the context of an economy based on the division of labour, many companies use service providers to process personal data. In other cases, large companies, such as Google, Amazon, Facebook or Apple, have numerous different companies in different countries that do not each carry out data processing on their own. Rather, they use group-wide IT services, so that, for example, a company in Ireland uses services of the parent company in the USA. For this purpose, either personal data is transferred to the USA or the parent company from the USA has access to the data in the EU.

By concluding so-called standard contractual clauses, the GDPR allows you to agree that the contractual partner, e. g. the parent company in the USA, must comply with the requirements of the GDPR for the corresponding data processing, even if these would otherwise not apply to the contractual partner. This is intended to contractually create a level of data protection that corresponds to that of the GDPR, so that data subjects are not placed in a worse position than if their personal data were processed in the EU.

However, contracts only bind the parties to them and not third parties such as government agencies. Therefore, in one country, e. g. the US, government agencies may have the right to access personal data of EU citizens, even if this violates their rights. These accesses can be very broad and can all relate to all your data that is processed there. They can be done without a judge or similar having to order them. They can be secret, so that you don't know about these accesses. And you may have no way to defend yourself against access and any use of your data, especially in a court of law. Furthermore, the data subject rights to which you are entitled under the GDPR (e. g. information, deletion) may also not exist or may not be enforced. The data processed in this way may also be combined with other data concerning you from other sources, for example to create a profile about you.

This possible use of your data could, but does not have to, be associated with disadvantages for you. Since government agencies in third countries in particular are not subject to EU law or German law, it is not possible to specify exactly what disadvantages these might be. Disadvantages can therefore be of any nature, e. g. economic or political. For example, you may not be allowed to enter a country, or your data may be used against you in foreign criminal proceedings. The disadvantages can be very serious in individual cases

How high are my risks?

We cannot give a general answer as to how high the risks presented are in individual cases. We can only point out that the decisive question is which service, and therefore which company, has access to your data in connection with your use of our website. Furthermore, it is decisive which personal data is affected by this. On our website, it is - in our opinion - only about the possible processing of personal data in third countries in connection with advertising services such as Google, Microsoft or Facebook. This will be data on which website you visited and when, how long you stayed on this website, from where the access took place, which end device or which software (browser, app) was used for this purpose, which interactions you carried out on the website, if this is transmitted to the operator of the service (e. g. the purchase of a product after clicking on an advertisement). Please read the information on the respective services) and, if applicable, further data that the respective operator processes. For this, we refer you to the respective data protection information of the services. You will find the links to these in these data protection notices in the explanation of the respective service.

You must weigh up for yourself whether giving your consent and possibly transferring it to a third country could create a situation for you that you do not want to live with. In this case, please do not give your consent to the use of these services.

You will not suffer any disadvantages if you do not give your consent

If you do not wish to give your consent to the use of certain or all services or the storage of cookies, this will not have any disadvantages for you on our website. All our offers are available to our customers under the same conditions, regardless of whether they give their consent or not. Of course, you can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

11. Tools for analysing the use of our website

We use the following services on the basis of your consent, which can be revoked at any time, to compile statistics and evaluations of how our website is found and used, as well as for the purpose of optimising our website and our advertising measures. The legal basis for this is Art. 6 para. 1 lit. a) DSGVO. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of your consent until the revocation.

You can revoke your consent at any time with effect for the future here. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

In addition, the services offer you the possibility to object to the use in general, and not only for our website. Please refer to the information provided for the respective services.

a. Google Analytics

We use Google Analytics, a service of Google Ireland Limited, Imprint, using your anonymised IP address within the framework of an order processing agreement. The IP anonymisation is carried out by Google within the EEA. According to Google, only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google also states that the IP address transmitted by your browser will not be merged with other data by Google.

Google Analytics processes the following data about the use of our website:

  • approximate location at the level of a region
  • anonymised IP address
  • technical information on the browser and terminal device used (e. g. language setting, screen resolution)
  • Internet provider of the user
  • via which website/advertising medium a user came to this website
  • the pages called up by the user
  • whether users take certain actions on our website, so-called conversions, e. g. the purchase of a product newsletter registrations, downloads, purchases)
  • user behaviour (e. g. which links are clicked on, how long a user stays on a website, from which website the user leaves our website)

We have deactivated the functions in Google Analytics that would allow Google or another third party to use data as the responsible party.

No personal profiles are created; the corresponding statistics only contain summarised data that do not allow any conclusions to be drawn about a specific person.

The evaluations created by Google Analytics enable us to understand how our website is used and which advertising measures have what success. This allows us to optimise our website (in particular its structure, content, functions) and advertising measures and thus our business success. Based on your consent, the legal basis for the processing is Art. 6 para. 1 lit. a) DSGVO. In Google Analytics, we have set a storage period of 14 months for the personal data concerned. The deletion of data whose retention period has been reached takes place automatically once a month.

In the context of commissioned processing, Google is entitled to engage subcontractors. A list of these subcontractors can be found at https://privacy. google. com/businesses/subprocessors/.

In the course of Google Ireland Limited's activities, data may be exported to a third country within the meaning of Article 44 of the GDPR. Google Ireland Limited states that it will only do so if the applicable requirements are met.

Google only offers a so-called browser plugin as a website-wide function for opting out of the use of Google Analytics. You can find information about this here.

Please note our warnings regarding third countries, as Google Analytics may process personal data in countries that do not have a level of data protection that meets the standards of the GDPR.

Your consent can be revoked at any time here with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Cookies used, responsible: Google Ireland Limited

Name Storage period Domain Description
_ga 2 years misspompadour. com Used to distinguish individual users from each other.
_ga_* 2 years misspompadour. com Used to distinguish individual users from each other.
_gid 24 hours misspompadour. com Used to distinguish individual users from each other.
_gat_* 1 minute misspompadour. com Used to throttle the rate of server requests.

b. Google Optimize

If you have given your consent to the use of Google Analytics, you can also give your consent to the use of Google Optimize, which can be revoked at any time. In this case, Google Optimize is a component of Google Analytics. In this respect, we refer to the corresponding explanations in this data protection information. Google Optimize enables us to test different designs of our website (so-called A/B tests) in order to see how users of our website interact with these different designs. The aim of this is to analyse user behaviour in a non-personal way in order to optimise our website and thus our business success. The legal basis for this is Art. 6 para. 1 lit. f) DSGVO.

As part of the order processing, Google is entitled to use subcontractors. A list of these subcontractors can be found at https://privacy. google. com/businesses/subprocessors/.

Within the scope of the activities of Google Ireland Limited, data may be exported to a third country within the meaning of Art. 44 DSGVO. Google Ireland Limited states that it will only do so if the applicable requirements are met.

Google only offers a so-called browser plugin as a website-wide function for opting out of the use of Google Analytics. You can find information about this here.

Please note our warnings on third countries, as Google Analytics may process personal data in countries that do not have a level of data protection that meets the standards of the GDPR.

Your consent can be revoked at any time here with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Cookies used, responsible: Google Ireland Limited

Name Storage period Domain Description
_gaexp Up to 90 days misspompadour. com Determines whether a user is included in a particular experiment or not and contains the expiry date of the experiment. The storage period depends on the length of the experiment.
_opt_awcid 24 hours misspompadour. com Used for campaigns associated with Google Ads customer IDs
_opt_awmid 24 hours misspompadour. com Used for campaigns associated with Google Ads Campaign IDs
_opt_awgid 24 hours misspompadour. com Used for campaigns associated with Google Ads Group IDs
_opt_awkid 24 hours misspompadour. com Used for campaigns associated with Google Ads criteria IDs
_opt_utmc 24 hours misspompadour. com Stores the last `utm_campaign` URL parameter

c. Hotjar

To analyse how our website is used, we use hotjar, a service provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta, hotjar. com.

We use Hotjar to create so-called heat maps. These are visual representations of how our website is used. These are created by recording which page elements visitors click on on a website, where the mouse is moved, how a website is scrolled and which devices are used to do this. This enables us to understand how visitors interact with our website in order to improve and optimise it, to make it easier to use and to improve sales of the services we offer. The legal basis for this is Art. 6 para. 1 lit. f) DSGVO.

For this purpose, the following data is processed by hotjar on our behalf:
  • Usage data of visitors to our website (which web page is called up, where the mouse moves on a web page, which page elements are clicked on, where a web page is scrolled to;
  • the so-called Hotjar User Unique User Identifier (UUID), which is used to distinguish the usage data of visitors from each other;
  • the IP address, which is immediately anonymised;
  • technical data of the terminal device used to visit our website (screen size, device type (Unique Device Identifiers), browser used, language set for displaying our website);
  • The country from which a visitor accesses our website;

Entries made by a visitor on our website, e. g. in forms or keystrokes, are not processed. The UUID is not merged with other data that would enable us to identify a specific visitor (such as order data on our website). Therefore, only pseudonymised user profiles are available.

Hotjar explains on this page various ways in which you can generally object to the use of Hotjar, e. g. by using the "Do not track" setting in the browser you are using.

Your consent can be revoked at any time here with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Cookies used, responsible: Hotjar Ltd

Name Storage period Domain Description
_hjid 1 year misspompadour. com Used to distinguish users from each other.
_hjTLDTest Session misspompadour. com Used to ensure the use of Hotjar across subdomains.
_hjFirstSeen Session misspompadour. co. uk Used to identify a user's first session.
_hjAbsoluteSessionInProgress 30 minutes misspompadour. co. uk Used to identify a user's first page view during a session.
_hjRecordingEnabled Session misspompadour. co. uk Used as soon as a recording is started.
_hjIncludedInSessionSample Session misspompadour. co. uk Used to track a user's assignment to a recording or test.
_hjRecordingLastActivity Session misspompadour. com Stored in session storage. Updated when the a recording is started and data is transferred to Hotjar via a websocket.
hjViewportId Session misspompadour. com Stores the user's screen resolution and dimensions

d. Kameleoon

We use the Kameleoon testing and web analysis service provided by Kameleoon SAS, 12 Rue de la Chaussée d'Antin 75009 Paris. This service enables us to analyse user behaviour on the basis of user segmentation. We can thus evaluate how individual user segments visit the website and carry out so-called A/B tests in order to constantly improve our website. For the analyses, the browser's local storage and cookies are used, which are linked to a pseudonymised ID.
Your IP address is completely anonymised and not stored. The information generated by the cookie about the use of our website is transmitted to a Kameleoon server in Germany and stored there in aggregated and pseudonymised form. The IP address transmitted by your browser within the framework of Kameleoon is not merged with other data from Kameleoon.
The storage of and access to information in the end user's terminal equipment is carried out in accordance with § 25 para. 1 TTDSG. The legal basis for the evaluation and optimised presentation of our online offers as well as the storage of the cookie is the given consent according to Art. 6 para. 1 lit. a DS-GVO. The evaluation of the collected anonymised data takes place over a maximum period of 365 days.
Your consent can be revoked at any time here with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Cookies used, responsible: Kameleoon SAS

Name Storage period Domain Description
kameleoonVisitorCode 1 year misspompadour. com Used to distinguish users from each other.

12. Advertising services

In order to advertise the services we offer and thus to acquire customers, we use the following services on the basis of your consent, which can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a) DSGVO. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of your consent until the revocation. You can revoke your consent here. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

In addition, the services offer you the opportunity to object to their use in general, and not just for our website. We refer to this in the respective services.

Please note that the consent you have given relates to two circumstances:
  1. The storage of cookies in the terminal device used by you;
  2. The use of the particular service as such

It should also be noted that we are not the data controller for the services
  • Microsoft Advertising
  • Criteo

are not responsible under data protection law for the services. Rather, these services operate under their own responsibility. We are only a customer who carries out advertising measures via these services and obtains all the necessary consent that these services may store cookies on your end device and that the service may be used for you.

a. Microsoft Advertising

With your consent, cookies for the Microsoft Advertising service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this chapter.

The provider of Microsoft Advertising and the person responsible for data protection is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA. If you are in the EU when your data is collected by Microsoft Advertising, the data controller is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The privacy notice applicable to Microsoft Advertising can be found here.

You can control the use of data to receive interest-based advertising from Microsoft by visiting this page. If you have a Microsoft account, you can set privacy preferences on this site.

You may withdraw your consent to the use of Microsoft Advertising on our site at any time, effective in the future, by clicking here. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Please note our warnings regarding third countries, as Google Analytics may process personal data in countries that do not have a level of data protection that meets the standards of the GDPR.

We do not transmit any data relating to you in connection with Microsoft Advertising; data is transmitted solely by the browser you use on the basis of the cookies saved with your consent. We do not have access to the personal data processed by Microsoft Advertising and are not responsible for this service under data protection law.

Cookies used, responsible party: Microsoft Corporation

Name Storage period Domain Description
MUID 392 days bing. com Contains a randomly generated user ID. Using this ID, Microsoft can recognise the user anonymously across different websites and display personalised advertising.
_uetsid 1 tag misspompadour. com Contains a unique, non-personally identifiable ID that is used to identify a visitor to our website
_uetvid 16 days misspompadour. com Contains a unique, non-personally identifiable ID used to identify a visitor to our website

b. Google Ads

With your consent, cookies for the Google Ads service are stored in the browser you use when you visit our website and this service is used.
We explain which cookies these are at the end of this chapter. The provider of Google Ads in the European Union is Google Ireland Limited, Imprint.
The contractual agreements between Google and us can be found here.
The data protection information applicable to Google Ads can be found here. You can object to the use of your data for interest-based advertising via Google Ads here. If you use a Google account, you can set these privacy preferences here.
Please note our warnings on third countries, as Google Analytics may process personal data in countries that do not have a level of data protection that meets the standards of the GDPR.
We do not transmit any data relating to you in connection with Google Ads; data is transmitted solely by the browser or app you use
You can revoke your consent to the use of Google Ads on our site with effect for the future by clicking here. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Cookies used, responsible: Google Ireland Limited

Name Storage period Domain Description
IDE 1 year doubleclick. net Contains a randomly generated user ID. Using this ID, Google can recognise the user across different websites and display personalised advertising.
RUL 1 year doubleclick. net Used to track whether ads have been displayed and to increase the efficiency of ads.
test_cookie 15 minutes doubleclick. net Is set as a test to check whether the browser allows cookies to be set. Does not contain any identification features.
_gcl_au 90 days misspompadour. com Used to distinguish individual users from each other.
NID 182 days google. com Used to store preferences and other information about the user. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter.
DV 7 minutes google. com Used to store preferences and other information about the user. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter.
CONSENT 20 years google. com This cookie is used to store the user's preferences and other information. This includes in particular the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter.
AID 3 months google. com Used to enable targeted advertising.
1P_JAR 1 month google. com Collects website statistics and tracked conversion rates.

c. Criteo

With your consent, cookies for the Criteo service are stored in the browser you use when you visit our website. At the end of this chapter, we will explain which cookies these are.

The provider and data protection officer for advertising campaigns in Germany is Criteo GmbH, Munich. The data protection information applicable to Criteo can be found here. You can also object to the use of your data for interest-based advertising by Criteo on this website.

Please note our warnings regarding third countries, as Criteo's personal data may be processed in countries that do not have a level of data protection that meets the standards of the GDPR.

We do not transmit any data relating to you in connection with Criteo; data is transmitted solely by the browser you use on the basis of the cookies saved with your consent. We have no access to the personal data processed by Criteo and are not responsible for this service under data protection law.

You can revoke your consent to the use of Criteo on our site at any time with future effect by clicking here. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Cookies used, person responsible: Criteo GmbH

Name Storage period Domain Description
uid 1 year criteo. com Contains a randomly generated user ID. Based on this ID, Criteo can recognise the user across different websites and display personalised advertising.

d. Facebook Pixel

With your consent, the so-called Facebook Pixel is stored in your browser when you visit our website. Theprovider of this function for the EU is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland.

We use the Facebook Pixel to display our advertising on Facebook and with partners cooperating with Facebook (so-called "Audience Network") via Facebook only to those persons who have visited our website and for whom we therefore assume that they are interested in our offers and thus in our advertising. Furthermore, the Facebook pixel allows us to measure the effectiveness of these advertisements, as it is determined whether a person was redirected to our website after clicking on a corresponding advertisement.

In terms of data protection law, Facebook Ireland Ltd. acts in part for us as a processor and in part we are jointly responsible with it in accordance with Art. 26 DSGVO. In all other respects, Facebook Ireland Ltd. is the sole controller for the corresponding processing of personal data.

Job processing

Facebook Ireland Ltd. acts as a processor insofar as so-called event data are processed on our behalf in order to create reports for us on the impact of our advertising campaigns and other Facebook content (e. g. our posts on facebook. com) as well as analyses and insights about users of our website and their use of the website. For this purpose, we do not create profiles that we can associate with specific users of our website. "Event Data" is information that we share with Facebook using the Facebook Pixel and relates to individuals and the actions they take on our website, such as visiting our website and making purchases of the products we offer. Event data includes information that is collected and transmitted when people access our website using Facebook login or Facebook plugins (e. g. the "Like" button). However, they do not collect information that is created when a user interacts with our website via Facebook login, Facebook plugins or in any other way (for example, by logging in or by marking or sharing an article with "Like").

The contractual basis of the commissioned processing by Facebook Ireland Ltd. is the Terms of Use for Facebook Business Tools, as well as the corresponding data processing conditions. In addition, with regard to the processing of personal data by Facebook in the USA, the standard contractual clauses, the "Facebook-EU Data Transfer Supplement" apply

Shared responsibility

We are joint data controllers with Facebook Ireland Ltd. pursuant to Art. 26 DSGVO for the use of event data arising from our use of the Facebook Pixel, insofar as these are used to improve the display of our advertisements played via Facebook and the delivery optimisation of these advertising campaigns. For this purpose, Facebook Ireland Ltd. relates this event data to people who use products of the Facebook companies in order to show our advertising campaigns only to people who have visited our website (so-called ad targeting) or who are assumed to also be interested in our services. In connection with ad targeting and optimising ad delivery, Facebook Ireland Ltd. uses the event data we generate to optimise ad delivery only after it has been aggregated with other data collected by other Facebook advertisers or otherwise on Facebook products. Facebook does not allow other advertisers or other third parties to target ads based solely on the Event Data we submit. A description of which personal data is processed by us and Facebook Ireland Ltd. as joint controllers due to the use of the pixel can be found here. According to information from Facebook, this is the following data:
  • HTTP header information such as information about the web browser or app used (e. g. user agent, language setting country/language)
  • Information on standard/optional events such as "page view" or "app installation", other object properties as well as buttons clicked by visitors to the website, products added to the shopping cart as well as products purchased, in each case according to the configuration of the business tool
  • Online identifiers such as, but not limited to, IP addresses and, where provided, Facebook related identifiers or device IDs (such as mobile operating system ad IDs) and ad tracking disablement/restriction status information;

The legal basis for the joint responsibility is the contract pursuant to Art. 26 DSGVO, which can be accessed here. This was concluded in order to determine the respective responsibilities for the fulfilment of the obligations pursuant to the GDPR with regard to joint processing. The information required under Article 13(1)(a) and (b) of the GDPR can be found in the Data Policy of Facebook Ireland. The use of the Facebook Pixel is as set out in the terms of use for this product.

For information on how Facebook Ireland Ltd. processes personal data, including the legal basis on which Facebook Ireland Ltd. relies and how data subjects can exercise their rights against Facebook Ireland, please see Facebook Ireland 's Data Policy. Facebook Ireland Ltd is responsible under its contract with us for enabling data subjects to exercise their rights under Articles 15-20 of the GDPR in respect of personal data held by Facebook Ireland Ltd following joint processing. Of course, this does not affect your existing rights towards us under the GDPR (see "Your rights"). You can thus assert these against us in parallel.

Facebook's sole responsibility

Facebook Ireland Ltd. is solely responsible under data protection law for the processing of personal data going beyond the above, which is in connection with the Facebook Pixel. The privacy policy of Facebook Ireland Ltd. can be found here. You can find further options to object to Facebook using your personal data for these purposes here.

Finally, you can withdraw your consent to the use of the Facebook pixel on our site by clicking here. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

Please note our warnings regarding third countries, as Facebook may process personal data in countries that do not have a level of data protection that meets the standards of the GDPR.

Cookies used, responsible person: Facebook Ireland Ltd

Name Storage period Domain Description
_fbp 90 days misspompadour. com Used to distinguish individual users from each other.
fr 90 days facebook. com Used to distinguish individual users from each other.
ATN 2 years atdmt. com Contains a randomly generated user ID. This ID allows Facebook to recognise the user across different websites and serve personalised ads.

e. Pinterest Tag

With your consent, cookies for the Pinterest Tag service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this chapter.

The provider of Pinterest Tag in the European Union and the data controller is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. You can find the data protection information applicable to Pinterest Tag here.

You can find information on how to object to the use of your data for interest-based advertising via Pinterest Tag here. If you use a Pinterest account, you can set your privacy preferences here.

You can revoke your consent to the use of Pinterest on our site at any time with future effect by clicking here. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Please note our warnings regarding third countries, as Pinterest Tag may process personal data in countries that do not have a level of data protection that meets the standards of the GDPR.

We do not transmit any data relating to you in connection with Pinterest Tag; data is transmitted solely by the browser you use on the basis of the cookies saved with your consent. We have no access to the personal data processed via the Pinterest tag and are not responsible for this service under data protection law.

Cookies used, responsible person: Pinterest

Name Storage period Domain Description
_pin_unauth 1 year misspompadour. com Is a first-party cookie that groups actions for users who cannot be identified by Pinterest.
_pinterest_ct_ua 1 year pinterest. com Identical to _pin_unauth, but as a third-party cookie.
_pinterest_sess 1 year pinterest. com Is the cookie for logging into Pinterest. It contains user IDs, authentication tokens and timestamps. When users log out, the authentication tokens are deleted, but the cookies remain. We use the logged out user IDs to optimise usage and measurability.
_pinterest_ct Session pinterest. com Contains a user ID and the timestamp when the cookie was created.
_pinterest_ct_rt Session pinterest. com Identical to _pinterest_ct
_epik Session pinterest. com Placed by JavaScript tag based on information sent by Pinterest with advertised traffic to identify user
_derived_epik Session pinterest. com Placed by the Pinterest tag when a match is detected without cookies being present, e. g. with Enhanced Match.

f. Reddit

With your consent, cookies for the Reddit Conversion Pixel service are stored in the browser you use when you visit our website. At the end of this chapter, we will explain which cookies these are.
The provider and data protection controller for advertising campaigns in Germany is Reddit Ireland Limited, Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland. The data protection information applicable to Reddit can be found here. You can also opt out of having your information used for interest-based advertising through Reddit on this website. If you have a Reddit account, you can disable the remarketing feature in your account settings
Please note our warnings on third countries, as Reddit may process personal data in countries that do not have a level of data protection that meets the standards of the GDPR
We do not transmit any data relating to you in connection with Reddit; data is transmitted solely by the browser you use on the basis of the cookies saved with your consent. We have no access to the personal data processed via Reddit and are not responsible for this service under data protection law.
You can revoke your consent to the use of Reddit on our site at any time with future effect by clicking here. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Cookies used, responsible: Reddit Inc.

Name Storage period Domain Description
_rdt_uuid 3 months reddit. com Contains an anonymous user ID. Used to display ads relevant to the user.
session_tracker Session reddit. com Contains the session ID of a user

14. Reviews. io and ratings

Use of the review portal

In order to constantly improve our service, we offer you the possibility to rate us via the independent portal reviews. io of REVIEWS. io 2020 GmbH, Stralauer Allee 6, 10245 Berlin, Germany. If you are registered for our newsletter, we will send you an email a few days after your order has been sent to rate your experience with MissPompadour, our customer service and our products. In the evaluation e-mail you will find a link that will take you to our evaluation form at reviews. io. When you call up this link, your browser transmits your email address, your customer name, the order ID and the IDs of the products ordered to reviews. io (data protection information). As long as you do not submit a rating, reviews. io informs you that this data will not be saved despite clicking on the link. When you submit a review, only your first name will be published. The submission of a rating is, of course, voluntary.
You can find our review profile at reviews. io here.

Widgets and badges with ratings

REVIEWS. io badges and widgets are displayed on our website. This is a seal that allows visitors to our website to see how customers have rated us. We have commissioned REVIEWS. io 2020 GmbH, Stralauer Allee 6, 10245 Berlin, as a processor to provide us with this rating function and the seal so that we can integrate this into our website.
When the REVIEWS. io badge is displayed on our website, the date and time of the request and the amount of data transferred are stored in a log file as part of the order processing. The log files are automatically deleted no later than 5 days after creation.
Our interest in this evaluation system and the integration of the badge into our website is to inform potential customers about the satisfaction of our customers, so that this can be used to our advantage when deciding whether to purchase services from us. The legal basis for this is Art. 6 para. 1 lit. f) DSGVO.

14. WhatsApp chat

For the WhatsApp chat, we use MessengerPeople, a software solution of MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, within the scope of an order processing agreement. The WhatsApp Business API is used for this service, so that WhatsApp does not have access to personal data in the area of our responsibility. The messages exchanged with us are of course also encrypted when using the Business API so that third parties do not have access to the content. The legal basis for the corresponding data processing is Art. 6 para. 1 lit. f) DSGVO, as the respective user makes it clear by using the chat function that he/she would like to communicate with us via this channel and therefore the corresponding processing of personal data is in his/her interest.

The use of WhatsApp by the respective user is solely subject to the agreements made by him with the provider of WhatsApp.

16. Privacy policy for our Facebook page

For our presence on facebook. com, the following applies in addition to this privacy notice: Due to the use of Facebook Insights, we are a joint controller of our Facebook page with Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. The legal basis for this is the contract available on this page. The joint responsibility includes the creation of so-called events and their aggregation in page insights provided to us. What events are is described on the aforementioned Facebook Insights webpage. According to Facebook, these events are in particular
  • View a page, post, video, story or other content associated with a page
  • Interact with a story
  • Subscribe or unsubscribe to a page
  • Tag a page or post with "Like" or "Stop liking"
  • Recommend a page in a post or comment
  • Comment, share or respond to a Page post (including how you respond)
  • Hide a Page post or report it as spam
  • Hover over a link to a page or the name or profile picture of a page to preview page content
  • Click on the website button, phone number button, "plan route" button or any other button on a page
  • See a page's event, respond to an event (including how to respond), click on a link for event tickets
  • Start a Messenger conversation with the page
  • View or click on items in a page shop
  • Information about the action, the person who took the action and the browser/app used to do it. These are for example:
  • Date and time of the action
  • Country/city (estimated from the IP address or imported from the user profile if the user is logged in)
  • Language code (from the HTTP header of the browser and/or the language setting)
  • Age/gender group (from user profile, only for logged in users)
  • Previously visited websites (from the browser HTTP header)
  • Whether the action was taken on a computer or on a mobile device (from the browser user agent or app attributes)
  • Facebook user ID (only for logged in users)

Facebook Ireland ensures that it has a legal basis for processing Insights data, which is set out in Facebook Ireland's Data Policy. Facebook Ireland undertakes compliance with the obligations under the GDPR for the processing of Insights Data (including Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR). Facebook Ireland takes appropriate technical and organisational measures in accordance with Article 32 of the GDPR to ensure the security of the processing. This includes the measures set out on this page below (this will be updated from time to time to take account of, for example, technological developments). All Facebook Ireland employees involved in the processing of Insights data are bound by appropriate agreements to maintain the confidentiality of Insights data.

Facebook Ireland provides data subjects with the essentials of this Page Insights supplement (Article 26(2) GDPR). This is currently done through the Page Insights Data information, which can be accessed from all pages.

If a data subject asserts the rights to which he or she is entitled under the GDPR with respect to the processing of Insights data against us, we are obliged to forward all relevant information regarding such requests to Facebook Ireland without undue delay, but no later than within seven calendar days. Facebook Ireland is committed to responding to requests from data subjects in accordance with our obligations under this Policy.

The above statements do not affect the claims to which every data subject is entitled directly against us, in particular those arising from Art. 15 et seq. DSGVO.

The legal basis for the corresponding data processing is Art. 6 para. 1 lit. f) DSGVO. Only persons who purposefully call up our page on facebook. com and therefore deliberately use a website to which the data policy for facebook. com applies are affected by the data processing. The data processing to which the data subject is subject as a result of visiting our website on facebook. com therefore does not go beyond the data processing which Facebook would also carry out without our website existing on facebook. com. If the data subject did not agree to this, he or she would not visit facebook. com. From the visit to our website on facebook. com, it therefore follows that the data subject has an overriding interest in visiting our page there in order to be able to consume the content offered by us there and to interact with it, taking into account the resulting data processing. Our legitimate interest is therefore to use this site for our corporate communication in order to directly or indirectly promote the sales of the services we offer.

17. Shipping

Data relevant to the order (contact and delivery data) may be transmitted to our shipping partner for shipping purposes.

Shipping to Switzerland

We work with our shipping partner exporto GmbH to ship your order to Switzerland.

Switzerland - Shipping within Germany:
exporto GmbH
Max-Stromeyer-Str. 172
DE-78467 Konstanz

Register court: Freiburg Local Court
Register number: HRB 721808
VAT number: DE331284697

Switzerland - Shipping within Switzerland:
exporto Schweiz GmbH
Hafenstrasse 50C
CH-8280 Kreuzlingen

UID: CHE-130. 123. 814
VAT: CHE-130. 123. 814 VAT

Contact:
Phone: +49 7531 3027860
E-mail: info@exporto. de

18. Your rights

You are entitled to the following rights in particular in connection with your personal data under the GDPR. For details, please refer to the legal regulations (in particular Art. 15 et seq. DSGVO).

Right to information

According to Article 15 of the GDPR, you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have the right to be informed about this personal data and to further information, which are mentioned in Art. 15 of the GDPR.

Right to rectification

According to Article 16 of the GDPR, you have the right to demand that we correct inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

Right to erasure ("right to be forgotten")

Within the limits of Article 17 of the GDPR, you have the right to demand that we delete personal data relating to you without delay. We are obliged to delete personal data without delay if the relevant requirements of Article 17 of the GDPR are met. For details, please refer to Art. 17 of the GDPR.

Right to restriction of processing

In accordance with Art. 18 DSGVO, you have the right under certain conditions to demand that we restrict the processing of your personal data. For the details, please refer to Art. 18 DSGVO.

Right to data portability

Under the conditions of Art. 20 DSGVO, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Pursuant to Article 20 of the GDPR, you also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out using automated procedures.

Right to lodge a complaint with the supervisory authority

Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority, without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

Right to object

Pursuant to Article 21 of the GDPR, you have the right to object to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

19. Explanation of various terms

Browser - this is the software you use to browse the internet and access our website.
EEA - is the European Economic Area. In addition to the EU member states, this includes Iceland, Liechtenstein and Norway.
Third countries - are countries that do not belong to the EEA and for which there is no EU Commission adequacy decision
IP address - every device that exchanges data via the internet needs a unique identifier, otherwise data (e. g. web pages) that are to be sent to this device cannot be delivered. The computer, smartphone, tablet etc. that you use therefore uses an IP address so that it can retrieve and receive data from the internet. As a rule, you do not use a separate IP address for each end device. Instead, the technology used to connect to the Internet (e. g. your Internet router at home) allows all end devices in a network to appear to the outside world under a common IP address.
lit. - is a Latin abbreviation for "letter" used when quoting legal texts. Art. 6 para. 1 lit. a) DSGVO therefore means "letter a)".
Standard contractual clauses - are a set of contracts provided by the EU Commission that can be the basis for a data transfer to a third country according to Art. 46 (2) (d) GDPR.