• Free shipping from 90€
  • Purchase on invoice
  • Colour consultancy
Go to homepage
€0.00
Privacy Policy Back

Privacy Policy

1. Responsible person
2. Privacy Officer
3. Technical operation of our website
4. Detection and defence against attacks against our website
5. Creation of a customer account
6. Placing orders
7. Payment service provider
8. Customer service
9. Email newsletter
10. Warning about data transfers to third countries
11. Tools for analysing the use of our website
12. Advertising services
13. Reviews.io and ratings
14. WhatsApp chat
15. Links to our social media presences
16. Privacy policy for our Facebook page
17. Shipping
18. Your rights
19. Explanation of various terms

1. Responsible

MissPompadour GmbH
Am Reitfeld 10, 93161 Sinzing, Germany
Phone: +49 941 206 068 20
E-mail: kontakt@misspompadour. de

2. Data protection officer

Our data protection officer will be happy to assist you at the above address and at datenschutz@misspompadour. de.

3. Technical operation of our website

When you access our website with your browser, it transmits various personal data to us. We use the following data for the following purposes:
We process the so-called IP address so that the browser you use can retrieve content from our website and thus use it. The legal basis for this processing of the IP address is Art. 6 para. 1 lit. f) GDPR, as it is also in your interest that we make it technically possible to use our website when you visit it. If the visit to our website serves the conclusion of a contract or the preparation thereof, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

We also process the following data for statistical purposes
  • Date and time of access
  • Name and URL of the page or file accessed
  • browser used, operating system of the end device
  • HTTP status code

We do not use this data for personal purposes, but to create statistical analyses of how and under what technical conditions our website is used in order to identify errors and make improvements (e.g. in user guidance). The data is not processed in connection with other data that would enable us to establish a personal reference. Therefore, no personal user profiles are created. The legal basis for the use of the data for the creation of statistics is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest in such processing is that these statistics enable us to detect malfunctions of our website and to optimise it so that the use of the website corresponds as closely as possible to the interests of the users and can therefore be used successfully by us.
In addition, the personal data transmitted by your browser is not processed or stored.
Use of Cloudfront
We use the Cloudfront CDN content delivery network of Amazon Web Services EMEA SARL (38 avenue John F. Kennedy, L-1855, Luxembourg; "Cloudfront") on our website. This is a supra-regional network of servers in various data centres to which our web server connects and via which certain content of our website is delivered. The data processing serves the purpose of optimising the loading times of our website and thus making our offer more user-friendly. The following information may be collected in the process IP address, system configuration information, information about traffic from and to customer websites (so-called server log files). Your data may be transmitted to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Cloudfront has certified itself in accordance with the TADPF and is thus committed to complying with European privacy principles. Your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in the needs-based and targeted design of the website. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR. You can find more information on privacy when using Cloudfront here and here.

Individual settings for cookies

We will explain to you below that various cookies are used on our website, although for the majority of cookies this is only the case if you give the corresponding consent.

You can use the links below to find out how you can make the browser settings that are most important to you, whether and how cookies are processed:

Cookies used

We use the following cookies, which are technically necessary for the operation of our website:

Consent & Cookie Settings

NameStorage periodDomainDescription
mpCookieBanner1 yearmisspompadour. comStores whether the Consent Banner has already been displayed to the user
mpCookieSettings1 yearmisspompadour. comSaves the user's settings for the Consent Banner
mpPinterestButton1 yearmisspompadour. comStores whether the user has consented to the display of the Pinterest "Pin-it" button via 2-click solution
mpYoutubeVideos1 yearmisspompadour. comStores whether the user has agreed to the embedding of Youtube videos

Shopware (shop system)

NameStorage periodDomainDescription
timezone30 daysmisspompadour. comDetection of the correct timezone of the user.
csrf[frontend. account. login]Sessionmisspompadour. deSecurity cookie for the login to the customer account.
csrf[frontend. account. register. save]Sessionmisspompadour. comSecurity cookie for the registration in the shop.
csrf[frontend. checkout. line-item. add]Sessionmisspompadour. comSecurity cookie for adding products to the shopping cart.
csrf[*]Sessionmisspompadour. comSecurity cookies for core functions of the shop system.
session*Sessionmisspompadour. comIdentifies the session of a user
AWSALBTGCORS7 daysmisspompadour. deEnsures the technical functionality of the shop during high system loads. Part of Amazon Web Services Elastic Load Balancing, which always connects users to the same server if necessary.
AWSALBTG7 daysmisspompadour. comEnsures the technical functionality of the shop under high system load. Part of Amazon Web Services Elastic Load Balancing, which always connects users to the same server if necessary.
In addition, we use the following cookie with your consent, which is not technically necessary:

MissPompadour Analytics

NameStorage periodDomainDescription
_mpParams1 yearmisspompadour. comThis cookie allows us to identify your visitor source (referrer URL) when you place a new order

4. Detection and defence of attacks against our website

We process your IP addresses together with the date and time of access and the URL or file accessed, limited to this purpose, for the detection and defence of attacks against the systems used to operate our website. Such attacks could impair the intended functionality of the systems, the use of our website or its functionality as well as the safety of visitors to our website. We hereby pursue the legitimate interest of ensuring processing security in accordance with Art. 32 DSGVO, recognising as well as warding off attacks in order to protect us and the visitors to our website from damage. Recipients of this data may be law enforcement authorities as well as (technical) service providers who support us in detecting or defending against the attacks. The legal basis for the processing is Art. 6 para. 1 lit. f) DSGVO. The IP addresses are deleted after 90 days, unless further storage is necessary for the above purposes in individual cases. In this case, we delete the data when the purpose ceases to exist.

5. Creating a customer account

If you create a customer account on our website, we process the data you provide in order to set up and manage the customer account and to enable you to use the services we offer in connection with the customer account. In the customer account, in addition to the data that you provide when setting up the account, we may also process other data that arises in connection with your use of the account and is visible to you, such as an order history. The legal basis for the corresponding processing of your data is Art. 6 para. 1 lit. b) DSGVO.

We will send an e-mail to the e-mail address you provided when registering, asking you to confirm your registration. This is to prevent third parties from opening a customer account by misusing your e-mail address, for your protection and ours. The legal basis for this is Art. 6 Para. 1 lit. f) DSGVO.

This data related to the customer account will be stored until the customer account is deleted. If we are legally obliged to store the data for a longer period (e.g. to fulfil accounting obligations or legally required evidence) or if we are legally entitled to store the data for a longer period (e.g. due to an ongoing legal dispute against the owner of a customer account), the data will be deleted after the storage obligation or entitlement has expired.

Bonus programme "PompCoins

If you register for and use our bonus programme, we process the data you provide and the interactions you have with our website or app in order to set up and manage your bonus programme account, to credit or redeem points and to enable you to use the services we offer in connection with the bonus programme. In the bonus programme account, in addition to the data that you provided when setting up the account, further data is processed that arises in connection with the use of the account, such as which interactions for which points are awarded were carried out, when points were redeemed and when points expire. The legal basis for the corresponding processing of your data is Art. 6 para. 1 lit. b) DSGVO. This data related to the bonus programme account is stored until the customer account is deleted. If we are legally obliged to store the data for a longer period of time (e.g. to fulfil accounting obligations or legally required proofs) or if we are legally entitled to store the data for a longer period of time (e.g. due to an ongoing legal dispute against the owner of a bonus programme account), the data will be deleted after the storage obligation or authorisation has expired.

6. Orders

When you order a service offered by us, we process the data provided by you for the conclusion and implementation of the corresponding contract. The legal basis for the processing is Art. 6 Para. 1 lit. b) DSGVO. Due to legal requirements, when you place an order via our website, we are obliged to send an order confirmation by e-mail to the e-mail address you have provided. Furthermore, upon conclusion of a contract, we are subject to legal record-keeping and storage obligations. The legal basis for the corresponding processing is in each case Article 6 para. 1 lit. c) DSGVO.

We also process the data you provide for the purpose of recognising and warding off attempts at fraud on the basis of Article 6 (1) (f) DSGVO. Our aim here is to protect ourselves from fraudulent transactions.

The data is deleted if a legal obligation exists when the storage obligation ceases to exist, unless we are entitled to further processing (e. g. in a legal dispute). Otherwise, we delete the data when they are no longer required to prove the existence or non-existence of a claim.

7. Payment service provider

For all payment options offered by us, the respective provider is responsible under data protection law. Insofar as data is transferred to the respective payment service provider for the execution of a contract with you (name, address, e-mail address, order number, purchase price to be paid), this is done on the basis of Art. 6 Para. 1 lit. b) DSGVO so that the respective service provider has the data at its disposal that it requires for the execution of the payment transaction and the selection of the available means of payment. If the payment service provider transfers data relating to you to us, we also use this data for the performance of the corresponding contractual relationship with you. The legal basis is therefore also Art. 6 para. 1 lit. b) DSGVO.

Cookies used

Paypal

NameStorage periodDomainDescription
paypalplus_session_v2Sessionmisspompadour. comContains data for the payment transaction of an order.

Klarna

NameStorage periodDomainDescription
thx_global_guid5 yearsonline-metrix. netUsed to detect and prevent fraud.
thx_guid5 yearsonline-metrix. netUsed to detect and prevent fraud.

Stripe

NameStorage periodDomainDescription
__stripe_sidSessionmisspompadour.comUsed to identify the session in the checkout with Stripe.
__stripe_mid1 yearmisspompadour.co.ukUsed to identify the user in the checkout with Stripe.

Amazon Pay

NameStorage periodDomainDescription
session-token1 yearamazon.comContains a token to identify the session in the checkout for Amazon Pay
session-id-*1 yearamazon.comContains additional information such as the time the session was initialised
apay-session-set1 yearmisspompadour.comContains additional information to identify the checkout session for Amazon Pay

8. Customer service via Dixa

We use the "Dixa" system of the provider Dixa ApS, Vimmelskaftet 41A, 1 Sal., 1161 Copenhagen, Denmark, in order to be able to manage and respond more quickly and efficiently to enquiries from users, who may be customers, potential customers or third parties. The legal basis for this is our legitimate interest in processing your request quickly and effectively in accordance with Art. 6 Para. 1 lit. f) DSGVO. If your enquiry serves the conclusion of a contract with us, the further legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO.
As a European company, Dixa is subject to the requirements of the GDPR. Dixa provides us with its software for processing our customer enquiries and only processes customer data in a technical sense. We have concluded a contract with Dixa for commissioned data processing in accordance with Art. 28 DSGVO, in which Dixa undertakes to process the data thus received only in accordance with our instructions and to comply with the EU level of data protection.
Different categories of data are processed: Contact data (e. g. name, address, telephone number, email), content data (e. g. photographs), the data you enter. We have made sure that user data is secure at Dixa. Communication is encrypted using the HTTPS protocol and SSL certificates and data is stored in Europe. Your data will be deleted after your request has been dealt with, unless we are legally obliged to store it for a longer period. In this case, the deletion takes place after the expiry of the corresponding obligation.
You can object to this data processing at any time with effect for the future by informing Dixa of your decision via one of the above-mentioned contact options. Further information about Dixa can be found in the privacy policy

8. 1 Contact form

If you use our contact form, we use the data you provide us with to process your request. The legal basis for this is our legitimate interest in processing your request in accordance with Art. 6 Para. 1 lit. f) DSGVO. If your request serves the conclusion of a contract with us, the further legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO.

Your data will be deleted after your enquiry has been dealt with, unless we are legally obliged to store it for a longer period. In this case, the deletion takes place after the expiry of the corresponding obligation.

8. 2 FAQ via Elevio

We use Elev. io, a service provided by Elevio Pty Ltd, Level 1, 2 Mill Place , Melbourne, Victoria 3000, Australia to provideyou with answers to frequently asked questions / FAQs about our service in context. Elev. io only collects user information on our behalf when you actively submit it to us via the contact form on the help pages provided by Elev. io. Elev. io, is committed to using this data only for direct service delivery in our context. The information collected by Elev. io is generally stored on an Elev. io server in Australia, Elev. io complies with the provisions of the GDPR when processing personal data. As an Australian company, Elev. io is subject to the requirements of the Australian Privacy Act 1988 (Cth). The legal basis for the processing of data is your consent pursuant to Art. 6 para. 1 lit. a DSGVO and our legitimate interest pursuant to Art. 6 para. 1 lit. f) DSGVO to provide you with easy access to help topics. You can findmore information in the Elev. io privacy policy.

9. Email newsletter and postal advertising

When you register for our email newsletter, we process the data you provide. We use this data to create and send our newsletter. The legal basis for the processing is Art. 6 Para. 1 lit. a) DSGVO based on your consent. You can revoke your consent at any time with effect for the future. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.

To confirm your subscription to the newsletter, you must click on the confirmation link in the verification email that we send you after your subscription. When you click on the link provided in the verification message, we process the date and time of the click, the content of the message sent to you and the email address used. This is done in order to be able to prove that you have subscribed to the newsletter and confirmed your consent. The legal basis for this processing is Art. 6 para. 1 lit. c) DSGVO, as we are legally obliged to be able to prove your consent.

We delete your personal data related to the newsletter subscription when you unsubscribe. Data that we need as proof that you have subscribed to the newsletter will be deleted after the expiry of the limitation period for corresponding obligations to provide proof.

If you purchase a product or service via our website or app, we will send you our email newsletter on the basis of Section 7 (3) of the German Unfair Competition Act (UWG) and Article 6 (1) (f) of the German Data Protection Act (DSGVO). For this purpose, we use the email address you provided during the purchase. You can unsubscribe from the newsletter at any time with future effect, e.g. by using the unsubscribe link mentioned in the newsletters

We individualise the dispatch and content of our newsletter on the basis of Art. 6 Para. 1 lit. f) DSGVO on the basis of your purchases made with us in order to offer you products that we assume are of interest to you

We send postal advertising to our customers on the basis of a weighing of interests in accordance with Art. 6 (1) (f) DSGVO. You can object to the corresponding use of your data at any time. Our legitimate interest in this is to inform our customers about our offers.

Use of Klaviyo

We use the service of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; "Klaviyo") for the newsletter dispatch within the scope of an order processing. We pass on the information provided by you during the newsletter registration (e-mail address, if applicable first and last name, if applicable telephone number, products viewed, products in the shopping basket, if applicable order data such as order number, products purchased, coupon codes used) to Klaviyo. The data processing serves the purpose of sending the newsletter and its statistical evaluation. In order to evaluate newsletter campaigns, the sent newsletters contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This enables us to determine whether you have opened the newsletter and whether you have clicked on any integrated links. In this context, we collect your personal data such as IP address, browser type and device as well as the time. These data can be used to create usage profiles under a pseudonym. The data collected will not be used to identify you personally. The collected data is only used for statistical analysis to improve newsletter campaigns. You can also prevent tracking by deactivating the display of images by default in your e-mail programme. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place. As a rule, your data will be transmitted to Klaviyo servers in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo has certified itself in accordance with the TADPF and is thus obliged to comply with European privacy principles

Your personal data is processed on the basis of Art. 6 (1) lit. f DSGVO due to our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation.

You can find more information about privacy at Klaviyo here and here.

10. Warning about data transfers to third countries

For various services which are used on our website with your consent or which process data via our website (e. g. for advertising purposes), you will find a warning in this data protection notice that data may be transferred to third countries.

What does this warning mean?

In the event of a data transfer to a third country, your personal data will leave the local scope of the GDPR. In individual cases, a level of data protection may apply in the third country that does not meet the requirements of the GDPR. For some countries, e. g. Switzerland, there is a so-called adequacy decision. In the opinion of the EU Commission, the level of data protection in these states meets the requirements of the GDPR. They are therefore considered safe for data protection purposes. For other countries, in particular the USA, there is no such decision, as in these countries there is no level of protection for your personal data that corresponds to that of the GDPR. In the case of a data transfer to a third country, it is therefore possible that your personal data will be transferred to a country, e. g. the USA, for which there is no level of data protection that is compatible with the GDPR.

What does this mean for your personal data?

In the context of an economy based on the division of labour, many companies use service providers to process personal data. In other cases, large companies, such as Google, Amazon, Facebook or Apple, have numerous different companies in different countries that do not each carry out data processing on their own. Rather, they use group-wide IT services, so that, for example, a company in Ireland uses services of the parent company in the USA. For this purpose, either personal data is transferred to the USA or the parent company from the USA has access to the data in the EU.

By concluding so-called standard contractual clauses, the GDPR allows you to agree that the contractual partner, e. g. the parent company in the USA, must comply with the requirements of the GDPR for the corresponding data processing, even if these would otherwise not apply to the contractual partner. This is intended to contractually create a level of data protection that corresponds to that of the GDPR, so that data subjects are not placed in a worse position than if their personal data were processed in the EU.

However, contracts only bind the parties to them and not third parties such as government agencies. Therefore, in one country, e. g. the US, government agencies may have the right to access personal data of EU citizens, even if this violates their rights. These accesses can be very broad and can all relate to all your data that is processed there. They can be done without a judge or similar having to order them. They can be secret, so that you don't know about these accesses. And you may have no way to defend yourself against access and any use of your data, especially in a court of law. Furthermore, the data subject rights to which you are entitled under the GDPR (e. g. information, deletion) may also not exist or may not be enforced. The data processed in this way may also be combined with other data concerning you from other sources, for example to create a profile about you.

This possible use of your data could, but does not have to, be associated with disadvantages for you. Since government agencies in third countries in particular are not subject to EU law or German law, it is not possible to specify exactly what disadvantages these might be. Disadvantages can therefore be of any nature, e. g. economic or political. For example, you may not be allowed to enter a country, or your data may be used against you in foreign criminal proceedings. The disadvantages can be very serious in individual cases

How high are my risks?

We cannot give a general answer as to how high the risks presented are in individual cases. We can only point out that the decisive question is which service, and therefore which company, has access to your data in connection with your use of our website. Furthermore, it is decisive which personal data is affected by this. On our website, it is - in our opinion - only about the possible processing of personal data in third countries in connection with advertising services such as Google, Microsoft or Facebook. This will be data on which website you visited and when, how long you stayed on this website, from where the access took place, which end device or which software (browser, app) was used for this purpose, which interactions you carried out on the website, if this is transmitted to the operator of the service (e. g. the purchase of a product after clicking on an advertisement). Please read the information on the respective services) and, if applicable, further data that the respective operator processes. For this, we refer you to the respective data protection information of the services. You will find the links to these in these data protection notices in the explanation of the respective service.

You must weigh up for yourself whether giving your consent and possibly transferring it to a third country could create a situation for you that you do not want to live with. In this case, please do not give your consent to the use of these services.

You will not suffer any disadvantages if you do not give your consent

If you do not wish to give your consent to the use of certain or all services or the storage of cookies, this will not have any disadvantages for you on our website. All our offers are available to our customers under the same conditions, regardless of whether they give their consent or not. Of course, you can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

11. Tools for analysing the use of our website

In order to compile statistics and evaluations of how our website is found and used, as well as for the purpose of optimising our website and our advertising measures, we use the services listed below on the basis of your consent, which can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a) DSGVO. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.

You can revoke your consent at any time with effect for the future here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.

In addition, the services offer you the possibility to object to the use in general, and not only for our website. Please refer to the information provided for the respective services.

a. Google Analytics

We use Google Analytics, a service of Google Ireland Limited, Imprint, using your anonymised IP address within the framework of an order processing agreement. The IP anonymisation is carried out by Google within the EEA. According to Google, only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google also states that the IP address transmitted by your browser will not be merged with other data.

Google Analytics processes the following data about the use of our website:

  • approximate location at the level of a region
  • anonymised IP address
  • technical information on the browser and terminal device used (e.g. language setting, screen resolution)
  • Internet provider of the user
  • via which website/ via which advertising medium a user came to this website
  • the pages called up by the user
  • whether users take certain actions on our website, so-called conversions, e.g. the purchase of a product newsletter registrations, downloads, purchases)
  • user behaviour (e.g. which links are clicked on, how long a user stays on a website, from which website the user leaves our website)

We have deactivated the functions in Google Analytics that would allow Google or another third party to use data as the responsible party.

No personal profiles are created; the corresponding statistics only contain summarised data that do not allow any conclusions to be drawn about a specific person.

The evaluations created by Google Analytics enable us to understand how our website is used and which advertising measures have what success. This allows us to optimise our website (in particular its structure, content, functions) and advertising measures and thus our business success. Based on your consent, the legal basis for the processing is Art. 6 para. 1 lit. a) DSGVO. In Google Analytics, we have set a storage period of 14 months for the personal data concerned. The deletion of data whose retention period has been reached takes place automatically once a month.

In the context of commissioned processing, Google is entitled to engage subcontractors. A list of these subcontractors can be found at https://privacy.google.com/businesses/subprocessors/.

In the course of Google Ireland Limited's activities, data may be exported to a third country within the meaning of Article 44 of the GDPR. Google Ireland Limited states that it will only do so if the applicable requirements are met.

Google only offers a so-called browser plugin as a website-wide function for opting out of the use of Google Analytics. You can find information about this here.

The information generated by this about your use of this website is usually transferred to a Google server in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European privacy principles. Both Google and US government agencies have access to your data. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices and any other data Google may have about you.

We also use the Google Signals service in this context. Google Signals enables cross-device tracking. Your data can thus be analysed across devices if you have activated "personalised advertising" in your account settings and your end devices are linked to your Google account. This makes it possible to identify on which device you search for products and later return to complete purchases on another device such as a tablet. The cross-device reports generated in this context contain aggregated data only. We thus only receive statistics generated on the basis of Google Signals. To prevent data collection and storage by Google Signals across devices, you can deactivate the "personalised ads" function in the settings of your Google account. Formore information, please visit https://support.google.com/ads/answer/2662922?hl=de. For more information on data processing and privacy on Google Signals, please visit https://support.google.com/analytics/answer/7532985?hl=de.

Your consent can be revoked at any time here with effect for the future. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.

Cookies used, responsible: Google Ireland Limited

NameStorage periodDomainDescription
_ga2 yearsmisspompadour. comUsed to distinguish individual users from each other.
_ga_*2 yearsmisspompadour. comUsed to distinguish individual users from each other.
_gid24 hoursmisspompadour. comUsed to distinguish individual users from each other.
_gat_*1 minutemisspompadour. comUsed to throttle the rate of server requests.

b. Google Optimize

If you have given your consent to the use of Google Analytics, you can also give your consent to the use of Google Optimize, which can be revoked at any time. In this case, Google Optimize is a component of Google Analytics. In this respect, we refer to the corresponding explanations in these privacy notices. Google Optimize enables us to test different designs of our website (so-called A/B tests) in order to see how users of our website interact with these different designs. Our aim here is to analyse user behaviour in a non-personal way in order to optimise our website and thus our business success on this basis. The legal basis for this is Art. 6 para. 1 lit. f) DSGVO.

As part of the order processing, Google is entitled to engage subcontractors. A list of these subcontractors can be found at https://privacy.google.com/businesses/subprocessors/.

In the course of the activities of Google Ireland Limited, data may be exported to a third country within the meaning of Article 44 of the GDPR. Google Ireland Limited states that it will only do so if the applicable requirements are met.

Google only offers a so-called browser plugin as a website-wide function for opting out of the use of Google Analytics. Information on this can be found here.

Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is thus obliged to comply with European privacy principles.

Your consent can be revoked at any time here with effect for the future. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.

Cookies used, responsible: Google Ireland Limited

NameStorage periodDomainDescription
_gaexpUp to 90 daysmisspompadour. comDetermines whether a user is included in a particular experiment or not and contains the expiry date of the experiment. The storage period depends on the length of the experiment.
_opt_awcid24 hoursmisspompadour. comUsed for campaigns associated with Google Ads customer IDs
_opt_awmid24 hoursmisspompadour. comUsed for campaigns associated with Google Ads Campaign IDs
_opt_awgid24 hoursmisspompadour. comUsed for campaigns associated with Google Ads Group IDs
_opt_awkid24 hoursmisspompadour. comUsed for campaigns associated with Google Ads criteria IDs
_opt_utmc24 hoursmisspompadour. comStores the last `utm_campaign` URL parameter

c. Microsoft Clarity

We use Clarity, a Microsoft service, to analyse how our website is used. The provider of Microsoft Clarity and the data controller is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA. If you are in the EU when your data is collected by Microsoft Clarity, the data controller is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The privacy notice applicable to Microsoft Clarity can be found here.

We use Clarity to create so-called heat maps. These are visual representations of how our website is used. These are created by recording which page elements visitors click on on a website, where the mouse is moved, how a website is scrolled and which end devices are used for this. This enables us to understand how visitors interact with our website in order to improve and optimise it, to make it easier to use and to improve sales of the services we offer. The legal basis for this is Art. 6 para. 1 lit. f) DSGVO.

For this purpose, the following data is processed by Clarity:
  • Usage data of visitors to our website (which website is called up, where the mouse moves on a website, which page elements are clicked on, where a website is scrolled to;
  • the so-called User Unique User Identifier (UUID), which is used to distinguish the usage data of visitors from each other;
  • the IP address
  • technical data of the device used to visit our website (screen size, device type (Unique Device Identifiers), browser used, language set for displaying our website);
  • The country from which a visitor accesses our website;

Input a visitor makes on our website, e.g. in forms or keystrokes, is not processed. The UUID is not merged with other data that would enable us to identify a specific visitor (such as order data on our website). Therefore, only pseudonymised user profiles are available.
You can revoke your consent to the use of Microsoft Clarity on our site at any time with future effect by clicking here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself in accordance with the TADPF and has thus committed itself to comply with European privacy principles.
We do not transmit any data relating to you in connection with Microsoft Clarity; data is transmitted solely by the browser you use on the basis of the cookies saved with your consent. We have no access to the personal data processed by Microsoft Clarity and are not responsible for this service under data protection law.

Cookies used, responsible party: Microsoft Corporation

NameStorage periodDomainDescription
_clck12 monthsmisspompadour.comContains the Clarity user ID (UUID) and settings unique to this site and associated with the same user ID.
_clsk1 tagclarity.msCombines multiple page views by a user into a single Clarity session record.
CLID12 monthsclarity.ms
Identifies the first time a user was seen on a website by Clarity.
MUID13 monthsclarity.ms
Identifies unique web browsers that visit Microsoft websites. These cookies are used for advertising, website analytics and other operational purposes.
MR7 daysclarity.ms
Indicates whether MUID should be updated.
ANONCHK10 minutesclarity.ms
Specifies whether MUID is transferred to ANID, a cookie used for advertising. Clarity does not use ANID and is therefore always set to 0.

Cookies used, responsible: Hotjar Ltd

NameStorage periodDomainDescription
_hjid1 yearmisspompadour. comUsed to distinguish users from each other.
_hjTLDTestSessionmisspompadour. comUsed to ensure the use of Hotjar across subdomains.
_hjFirstSeenSessionmisspompadour. co. ukUsed to identify a user's first session.
_hjAbsoluteSessionInProgress30 minutesmisspompadour. co. ukUsed to identify a user's first page view during a session.
_hjRecordingEnabledSessionmisspompadour. co. ukUsed as soon as a recording is started.
_hjIncludedInSessionSampleSessionmisspompadour. co. ukUsed to track a user's assignment to a recording or test.
_hjRecordingLastActivitySessionmisspompadour. comStored in session storage. Updated when the a recording is started and data is transferred to Hotjar via a websocket.
hjViewportIdSessionmisspompadour. comStores the user's screen resolution and dimensions

d. Kameleoon

We use the Kameleoon testing and web analysis service provided by Kameleoon SAS, 12 Rue de la Chaussée d'Antin 75009 Paris. This service enables us to analyse user behaviour on the basis of user segmentation. We can thus evaluate how individual user segments visit the website and carry out so-called A/B tests in order to constantly improve our website. For the analyses, the browser's local storage and cookies are used, which are linked to a pseudonymised ID.
Your IP address is completely anonymised and not stored. The information generated by the cookie about the use of our website is transmitted to a Kameleoon server in Germany and stored there in aggregated and pseudonymised form. The IP address transmitted by your browser within the framework of Kameleoon is not merged with other data from Kameleoon.
The storage of and access to information in the end user's terminal equipment is carried out in accordance with § 25 para. 1 TTDSG. The legal basis for the evaluation and optimised presentation of our online offers as well as the storage of the cookie is the given consent according to Art. 6 para. 1 lit. a DS-GVO. The evaluation of the collected anonymised data takes place over a maximum period of 365 days.
Your consent can be revoked at any time here with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Cookies used, responsible: Kameleoon SAS

NameStorage periodDomainDescription
kameleoonVisitorCode1 yearmisspompadour. comUsed to distinguish users from each other.

12. Advertising services

In order to advertise the services we offer and thus to acquire customers, we use the following services on the basis of your consent, which can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a) DSGVO. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy. You can revoke your consent here. The return policy of consent does not affect the lawfulness of the processing carried out on the basis of consent up to the return policy.

In addition, the services offer you the possibility to object to their use in general, and not only for our website. We point this out in the respective services.

Please note that the consent you have given relates to two matters:

  1. The storage of cookies in the terminal device used by you;
  2. The use of the respective service as such

It should also be noted that we do not use cookies for the following services
  • Microsoft Advertising
  • Criteo

are not responsible under data protection law. Rather, these services operate under their own responsibility. We are only a customer who uses these services for advertising purposes and obtains the necessary consent for these services to store cookies on your end device and for the service to be used for you.

a. Microsoft Advertising

With your consent, cookies for the Microsoft Advertising service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this section.

The provider of Microsoft Advertising and the person responsible for data protection is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA. If you are in the EU when your data is collected by Microsoft Advertising, the data controller is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The privacy notice applicable to Microsoft Advertising can be found here.

You can control the use of data to receive interest-based advertising from Microsoft by visiting this page. If you have a Microsoft account, you can set privacy preferences on this site.

You may withdraw your consent to the use of Microsoft Advertising on our site at any time, effective in the future, by clicking here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself in accordance with the TADPF and has thus committed itself to comply with European privacy principles.
We do not transmit any data relating to you in connection with Microsoft Advertising; data is transmitted solely by the browser you use on the basis of the cookies stored with your consent. We have no access to the personal data processed by Microsoft Advertising and are not responsible for this service under data protection law.

Cookies used, responsible party: Microsoft Corporation

NameStorage periodDomainDescription
MUID392 daysbing. comContains a randomly generated user ID. Using this ID, Microsoft can recognise the user anonymously across different websites and display personalised advertising.
_uetsid1 tagmisspompadour. comContains a unique, non-personally identifiable ID that is used to identify a visitor to our website
_uetvid16 daysmisspompadour. comContains a unique, non-personally identifiable ID used to identify a visitor to our website

b. Google Ads

With your consent, cookies for the Google Ads service are stored in the browser you use when you visit our website and this service is used.
We explain which cookies these are at the end of this chapter. The provider of Google Ads in the European Union is Google Ireland Limited, Imprint.
You can access the contractual agreements between Google and us here.
The privacy policy for Google Ads can be found here. You can object to the use of your data for interest-based advertising via Google Ads here. If you use a Google account, you can make these privacy settings here.
Your data may be transmitted to the servers of Google LLC in the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European privacy principles.
We also use Google's remarketing or "similar target groups" function on our website. The application serves the purpose of analysing visitor behaviour and visitor interests. Google uses cookies to carry out the analysis of website usage, which forms the basis for the creation of interest-based advertisements. The cookies are used to record visits to the website as well as anonymised data on the use of the website. No personal data of visitors to the website is stored. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas.
We do not transmit any data relating to you in connection with Google Ads; data is transmitted solely by the browser or app you use.
You can revoke your consent to the use of Google Ads on our site with effect for the future by clicking here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.

Cookies used, responsible: Google Ireland Limited

NameStorage periodDomainDescription
IDE1 yeardoubleclick. netContains a randomly generated user ID. Using this ID, Google can recognise the user across different websites and display personalised advertising.
RUL1 yeardoubleclick. netUsed to track whether ads have been displayed and to increase the efficiency of ads.
test_cookie15 minutesdoubleclick. netIs set as a test to check whether the browser allows cookies to be set. Does not contain any identification features.
_gcl_au90 daysmisspompadour. comUsed to distinguish individual users from each other.
NID182 daysgoogle. comUsed to store preferences and other information about the user. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter.
DV7 minutesgoogle. comUsed to store preferences and other information about the user. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter.
CONSENT20 yearsgoogle. comThis cookie is used to store the user's preferences and other information. This includes in particular the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google's SafeSearch filter.
AID3 monthsgoogle. comUsed to enable targeted advertising.
1P_JAR1 monthgoogle. comCollects website statistics and tracked conversion rates.

c. Criteo

With your consent, cookies for the Criteo service are stored in the browser you use when you visit our website. At the end of this chapter, we will explain which cookies these are.

The provider and data protection officer for advertising campaigns in Germany is Criteo GmbH, Munich. The data protection information applicable to Criteo can be found here. You can also object to the use of your data for interest-based advertising by Criteo on this website.

Please note our warnings regarding third countries, as Criteo's personal data may be processed in countries that do not have a level of data protection that meets the standards of the GDPR.

We do not transmit any data relating to you in connection with Criteo; data is transmitted solely by the browser you use on the basis of the cookies saved with your consent. We have no access to the personal data processed by Criteo and are not responsible for this service under data protection law.

You can revoke your consent to the use of Criteo on our site at any time with future effect by clicking here. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Cookies used, person responsible: Criteo GmbH

NameStorage periodDomainDescription
uid1 yearcriteo. comContains a randomly generated user ID. Based on this ID, Criteo can recognise the user across different websites and display personalised advertising.

d. Facebook Pixel & Conversion API

With your consent, the so-called Facebook Pixel is stored in your browser when you visit our website. The provider of this function for the EU is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland.

We use the Facebook pixel to display our adverts on Facebook and on partners cooperating with Facebook (so-called "Audience Network") via Facebook only to those people who have visited our website and for whom we therefore assume that they are interested in our offers and thus our advertising. The Facebook pixel also allows us to measure the effectiveness of these adverts by determining whether a person has been redirected to our website after clicking on a corresponding advert.

Under privacy law, Meta Platforms Ireland Ltd. acts partly as a processor for us and partly we are jointly responsible with them in accordance with Art. 26 GDPR. In all other respects, Meta Platforms Ireland Ltd. is solely responsible for the corresponding processing of personal data.

Order processing

Meta Platforms Ireland Ltd. acts as a processor insofar as so-called event data is processed on our behalf in order to create reports for us on the impact of our advertising campaigns operated via Facebook and other Facebook content (e.g. our posts on facebook.com) as well as analyses and insights about users of our website and their use of the website. For this purpose, no profiles are created that we can assign to specific users of our website. "Event data" is information that we share with Facebook using the Facebook pixel and relates to people and the actions they take on our website, such as visiting our website and purchasing the products we offer. Event data includes information that is collected and transmitted when people access our website using Facebook login or Facebook plugins (e.g. the "Like" button). However, they do not collect information that is created when a user interacts with our website via the Facebook login, Facebook plugins or in any other way (for example, by logging in or "liking" or sharing an article).
The contractual basis for order processing by Meta Platforms Ireland Ltd. is the Terms of Use for Facebook Business Tools and the corresponding Data Processing Terms. In addition, the standard contractual clauses, the "Meta-EU Data Transfer Addendum", apply with regard to the processing of personal data by Facebook in the USA

Joint responsibility

In accordance with Art. 26 GDPR, we are joint controllers with Meta Platforms Ireland Ltd. for the use of event data generated by our use of the Facebook pixel, insofar as this is used to improve the display of our advertisements played via Facebook and the delivery optimisation of these advertising campaigns. For this purpose, Meta Platforms Ireland Ltd. uses this event data in relation to people who use products of Facebook companies in order to show our advertising campaigns only to people who have visited our website (so-called ad targeting) or who are assumed to be interested in our services. In connection with ad targeting and the optimisation of ad delivery, Facebook Ireland Ltd. only uses the event data generated by us to optimise the delivery of ads after it has been aggregated with other data collected by other Facebook advertisers or otherwise on Facebook products. Facebook does not allow other advertisers or other third parties to target ads based solely on the event data we submit. A description of which personal data is processed by us and Meta Platforms Ireland Ltd. as joint controllers due to the use of the pixel can be found here. According to Facebook, this is the following data
  • HTTP header information such as information about the web browser or app used (e.g. user agent, language setting country/language)
  • Information on standard/optional events such as "page view" or "app installation", other object properties and buttons clicked by visitors to the website, products placed in the shopping basket and products purchased, in each case in accordance with the configuration of the business tool
  • Online identifiers such as IP addresses and, if provided, Facebook-related identifiers or device IDs (such as advertising IDs for mobile operating systems) and information on the status of deactivation/restriction of ad tracking;

The legal basis for joint controllership is the contract available here in accordance with Art. 26 GDPR. This was concluded in order to determine the respective responsibilities for the fulfilment of the obligations under the GDPR with regard to joint processing. The information required under Article 13(1)(a) and (b) GDPR can be found in Facebook's Data Policy. The Facebook pixel is used as set out in the terms of use for this product.

For information on how Meta Platforms Ireland Ltd. processes personal data, including the legal basis on which Meta Platforms Ireland Ltd. relies and the ways in which data subjects can exercise their rights vis-à-vis Facebook Ireland, please refer to Meta Ireland's Data Policy.Under the contract concluded with us, Meta Platforms Ireland Ltd. is responsible for enabling data subjects to exercise their rights under Articles 15-20 of the GDPR with regard to the personal data stored by Meta Platforms Ireland Ltd. after joint processing. Of course, this does not affect your existing rights vis-à-vis us under the GDPR (see "Your rights"). You can assert these rights against us in parallel.

Sole responsibility of Facebook

Meta Platforms Ireland Ltd. is solely responsible under data protection law for the processing of personal data in connection with the Facebook Pixel that goes beyond the above. The privacy policy of Meta Platforms Ireland Ltd. can be found here. You can find further options for objecting to Facebook using your personal data for these purposes here.
Finally, you can withdraw your consent to the use of the Facebook pixel on our site by clicking here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and is therefore committed to complying with European privacy principles.
Facebook Conversion API
In addition to the Facebook Pixel, we use the Facebook Conversion API, a server-side event tracking interface. The functionality and processing of data as part of the Conversions API corresponds to the functionality and processing as part of the use of the Facebook pixel.

Cookies used, responsible person: Facebook Ireland Ltd

NameStorage periodDomainDescription
_fbp90 daysmisspompadour. comUsed to distinguish individual users from each other.
fr90 daysfacebook. comUsed to distinguish individual users from each other.
ATN2 yearsatdmt. comContains a randomly generated user ID. This ID allows Facebook to recognise the user across different websites and serve personalised ads.

e. Pinterest Tag

With your consent, cookies for the Pinterest Tag service are stored in the browser you use when you visit our website. We explain which cookies these are at the end of this chapter.

The provider of Pinterest Tag in the European Union and the data protection controller is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. The privacy policy for Pinterest Tag can be found here.

You can find information on how to object to the use of your data for interest-based advertising via Pinterest Tag here. If you use a Pinterest account, you can make privacy settings for it here.

You can revoke your consent to the use of Pinterest on our site at any time with future effect by clicking here. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the return policy.
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified according to the TADPF. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate safeguards for the protection of personal data, viewable here.
We do not transmit any data relating to you in connection with the Pinterest tag; data is transmitted solely by the browser you use on the basis of the cookies saved with your consent. We have no access to the personal data processed via Pinterest Tag and are not responsible for this service under data protection law.

Cookies used, responsible person: Pinterest

NameStorage periodDomainDescription
_pin_unauth1 yearmisspompadour. comIs a first-party cookie that groups actions for users who cannot be identified by Pinterest.
_pinterest_ct_ua1 yearpinterest. comIdentical to _pin_unauth, but as a third-party cookie.
_pinterest_sess1 yearpinterest. comIs the cookie for logging into Pinterest. It contains user IDs, authentication tokens and timestamps. When users log out, the authentication tokens are deleted, but the cookies remain. We use the logged out user IDs to optimise usage and measurability.
_pinterest_ctSessionpinterest. comContains a user ID and the timestamp when the cookie was created.
_pinterest_ct_rtSessionpinterest. comIdentical to _pinterest_ct
_epikSessionpinterest. comPlaced by JavaScript tag based on information sent by Pinterest with advertised traffic to identify user
_derived_epikSessionpinterest. comPlaced by the Pinterest tag when a match is detected without cookies being present, e. g. with Enhanced Match.

f. TikTok Pixel

With your consent, we use the advertising services of TikTok, a service provided by TikTok Technology Limited, a company registered in the Republic of Ireland with its registered office at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

We use this function to display our advertising on TikTok to people who have visited our website or for whom we assume that they are interested in our offers and thus our advertising. Furthermore, TikTok allows us to measure the effectiveness of our adverts by determining whether a person has been redirected to our website after clicking on a corresponding advert

In terms of privacy law, TikTok acts partly as a processor for us and partly we are jointly responsible with it in accordance with Art. 26 GDPR. Otherwise, TikTok alone is responsible for the corresponding processing of personal data. You will find a description of the respective legal responsibility here under Part B, Section 1.4. Of the services listed there (as of December 2022), we use services a), b), c), d) and i). You will also find the agreements we have concluded with TikTok in this respect under the above link.

If you have an account with TikTok, you can make settings for the processing of your personal data, in particular for advertising purposes. You can find the privacy policy for TikTok here and further information here

You can revoke your consent to the use of TikTok on our site at any time with effect for the future by clicking here Link to Consent Layer. The return policy of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the return policy.

Please note our warnings about third countries, as TikTok may process personal data in countries where there is no level of privacy that meets the standards of the GDPR. Your data may be transferred to third countries, such as the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified under the TADPF. The transfer of data to the USA and to third countries without an adequacy decision is based, among other things, on standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed here.

Cookies used, responsible: TikTok Technology Limited

NameStorage periodDomainDescription
_ttp13 monthsmisspompadour.comContains an anonymous user ID. Used to display ads relevant to the user.
_tt_enable_cookie13 monthsmisspompadour.co.ukSaves that cookies have been set by TikTok

13. Reviews.io and ratings

Use of the reviews portal

In order to constantly improve our service, we offer you the possibility to rate us via the independent portal reviews.io of REVIEWS.io 2020 GmbH, Stralauer Allee 6, 10245 Berlin, Germany. If you are registered for our newsletter, we will send you an email a few days after your order has been sent to rate your experience with MissPompadour, our customer service and our products. In the evaluation e-mail you will find a link that will take you to our evaluation form at reviews.io. When you call up this link, your browser transmits your email address, your customer name, the order ID and the IDs of the products ordered to reviews.io (privacy notice). As long as you do not submit a rating, reviews.io informs you that this data will not be saved despite clicking on the link. When you submit a review, only your first name will be published. The submission of a rating is of course voluntary.
You can find our review profile at reviews.io here.

Widgets and badges with ratings

REVIEWS.io badges and widgets are displayed on our website. This is a seal that allows visitors to our website to see how customers have rated us. We have commissioned REVIEWS.io 2020 GmbH, Stralauer Allee 6, 10245 Berlin, as a processor to provide us with this rating function and the seal so that we can integrate this into our website.
When the REVIEWS.io badge is displayed on our website, the date and time of the request and the amount of data transferred are stored in a log file as part of the order processing. The log files are automatically deleted no later than 5 days after creation.
Our interest in this evaluation system and the integration of the badge into our website is to inform potential customers about the satisfaction of our customers, so that this can be used to our advantage when deciding whether to purchase services from us. The legal basis for this is Art. 6 para. 1 lit. f) DSGVO.

14. WhatsApp chat

For the WhatsApp chat, we use MessengerPeople, a software solution of MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, within the scope of an order processing agreement. The WhatsApp Business API is used for this service, so that WhatsApp does not have access to personal data in the area of our responsibility. The messages exchanged with us are of course also encrypted when using the Business API so that third parties do not have access to the content. The legal basis for the corresponding data processing is Art. 6 para. 1 lit. f) DSGVO, as the respective user makes it clear by using the chat function that he/she would like to communicate with us via this channel and therefore the corresponding processing of personal data is in his/her interest.

The use of WhatsApp by the respective user is solely subject to the agreements made by him with the provider of WhatsApp.

16. Privacy policy for our Facebook page

For our presence on facebook. com, the following applies in addition to this privacy notice: Due to the use of Facebook Insights, we are a joint controller of our Facebook page with Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. The legal basis for this is the contract available on this page. The joint responsibility includes the creation of so-called events and their aggregation in page insights provided to us. What events are is described on the aforementioned Facebook Insights webpage. According to Facebook, these events are in particular
  • View a page, post, video, story or other content associated with a page
  • Interact with a story
  • Subscribe or unsubscribe to a page
  • Tag a page or post with "Like" or "Stop liking"
  • Recommend a page in a post or comment
  • Comment, share or respond to a Page post (including how you respond)
  • Hide a Page post or report it as spam
  • Hover over a link to a page or the name or profile picture of a page to preview page content
  • Click on the website button, phone number button, "plan route" button or any other button on a page
  • See a page's event, respond to an event (including how to respond), click on a link for event tickets
  • Start a Messenger conversation with the page
  • View or click on items in a page shop
  • Information about the action, the person who took the action and the browser/app used to do it. These are for example:
  • Date and time of the action
  • Country/city (estimated from the IP address or imported from the user profile if the user is logged in)
  • Language code (from the HTTP header of the browser and/or the language setting)
  • Age/gender group (from user profile, only for logged in users)
  • Previously visited websites (from the browser HTTP header)
  • Whether the action was taken on a computer or on a mobile device (from the browser user agent or app attributes)
  • Facebook user ID (only for logged in users)

Facebook Ireland ensures that it has a legal basis for processing Insights data, which is set out in Facebook Ireland's Data Policy. Facebook Ireland undertakes compliance with the obligations under the GDPR for the processing of Insights Data (including Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR). Facebook Ireland takes appropriate technical and organisational measures in accordance with Article 32 of the GDPR to ensure the security of the processing. This includes the measures set out on this page below (this will be updated from time to time to take account of, for example, technological developments). All Facebook Ireland employees involved in the processing of Insights data are bound by appropriate agreements to maintain the confidentiality of Insights data.

Facebook Ireland provides data subjects with the essentials of this Page Insights supplement (Article 26(2) GDPR). This is currently done through the Page Insights Data information, which can be accessed from all pages.

If a data subject asserts the rights to which he or she is entitled under the GDPR with respect to the processing of Insights data against us, we are obliged to forward all relevant information regarding such requests to Facebook Ireland without undue delay, but no later than within seven calendar days. Facebook Ireland is committed to responding to requests from data subjects in accordance with our obligations under this Policy.

The above statements do not affect the claims to which every data subject is entitled directly against us, in particular those arising from Art. 15 et seq. DSGVO.

The legal basis for the corresponding data processing is Art. 6 para. 1 lit. f) DSGVO. Only persons who purposefully call up our page on facebook. com and therefore deliberately use a website to which the data policy for facebook. com applies are affected by the data processing. The data processing to which the data subject is subject as a result of visiting our website on facebook. com therefore does not go beyond the data processing which Facebook would also carry out without our website existing on facebook. com. If the data subject did not agree to this, he or she would not visit facebook. com. From the visit to our website on facebook. com, it therefore follows that the data subject has an overriding interest in visiting our page there in order to be able to consume the content offered by us there and to interact with it, taking into account the resulting data processing. Our legitimate interest is therefore to use this site for our corporate communication in order to directly or indirectly promote the sales of the services we offer.

17. Shipping

Order-relevant data (contact and delivery data) can be transmitted to our shipping partner for shipping processing.

Shipping with dropp - Same-Day Delivery

For express delivery of orders, we work together with dropp in Berlin, Hamburg and Munich in order to be able to offer you fast delivery within the next few hours. This shipping service provider receives the following data from us for the execution of the respective order:

  • Your name
  • Your delivery address
  • If applicable, your e-mail address or alternatively your telephone number for coordinating the delivery date via SMS

Shipping to Switzerland

We work with our shipping partner exporto GmbH to ship your order to Switzerland.

Switzerland - Shipping within Germany:
exporto GmbH
Max-Stromeyer-Str. 172
DE-78467 Konstanz

Register court: Freiburg Local Court
Register number: HRB 721808
VAT number: DE331284697

Switzerland - Shipping within Switzerland:
exporto Schweiz GmbH
Hafenstrasse 50C
CH-8280 Kreuzlingen

UID: CHE-130.123.814
 VAT: CHE-130.123.814 VAT

Contact:
Phone: +49 7531 3027860
E-mail: info@exporto.de

18. Your rights

You are entitled to the following rights in particular in connection with your personal data under the GDPR. For details, please refer to the legal regulations (in particular Art. 15 et seq. DSGVO).

Right to information

According to Article 15 of the GDPR, you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have the right to be informed about this personal data and to further information, which are mentioned in Art. 15 of the GDPR.

Right to rectification

According to Article 16 of the GDPR, you have the right to demand that we correct inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

Right to erasure ("right to be forgotten")

Within the limits of Article 17 of the GDPR, you have the right to demand that we delete personal data relating to you without delay. We are obliged to delete personal data without delay if the relevant requirements of Article 17 of the GDPR are met. For details, please refer to Art. 17 of the GDPR.

Right to restriction of processing

In accordance with Art. 18 DSGVO, you have the right under certain conditions to demand that we restrict the processing of your personal data. For the details, please refer to Art. 18 DSGVO.

Right to data portability

Under the conditions of Art. 20 DSGVO, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Pursuant to Article 20 of the GDPR, you also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out using automated procedures.

Right to lodge a complaint with the supervisory authority

Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority, without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

Right to object

Pursuant to Article 21 of the GDPR, you have the right to object to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

19. Explanation of various terms

Browser - this is the software you use to browse the internet and access our website.
EEA - is the European Economic Area. In addition to the EU member states, this includes Iceland, Liechtenstein and Norway.
Third countries - are countries that do not belong to the EEA and for which there is no EU Commission adequacy decision
IP address - every device that exchanges data via the internet needs a unique identifier, otherwise data (e. g. web pages) that are to be sent to this device cannot be delivered. The computer, smartphone, tablet etc. that you use therefore uses an IP address so that it can retrieve and receive data from the internet. As a rule, you do not use a separate IP address for each end device. Instead, the technology used to connect to the Internet (e. g. your Internet router at home) allows all end devices in a network to appear to the outside world under a common IP address.
lit. - is a Latin abbreviation for "letter" used when quoting legal texts. Art. 6 para. 1 lit. a) DSGVO therefore means "letter a)".
Standard contractual clauses - are a set of contracts provided by the EU Commission that can be the basis for a data transfer to a third country according to Art. 46 (2) (d) GDPR.