Online Shop Privacy Policy
1. Access data and hosting
Hosting
2. Data processing for contract execution and contact purposes
2.1 Data processing for contract execution
2.2 Customer account
Contact
2.3 Data processing for appointment booking/reservation
3. Data processing for shipping purposes Data transfer to shipping service providers for the purpose of
shipping notification
4. Data processing for payment processing
4.1 Data processing for transaction processing
4.2 Data processing for fraud prevention and optimization of our payment processes
5. Email advertising
5.1 Email newsletter with registration and newsletter tracking Email newsletter without registration and your right to object
5.2 Newsletter dispatch
6. Cookies and other technologies
6.1 General information
6.2 Use of Usercentrics Consent Management Platform for consent management
6.3 Information on third-country transfers (data transfer to third countries)
7. Use of cookies and other technologies
7.1 Use of Google services
7.2 Use of Facebook services
8. Social Media
Our online presence on Facebook (by Meta), Instagram (by Meta), YouTube, Pinterest, LinkedIn
9. Contact options and your rights
9.1 Your rights
9.2 Contact options
The data controller is:
MIMOS eGbR (Company Register: Local Court Wuppertal, GsR 853)
Authorized partners: Lea-Charlotte Mattler-Strötgen and Pia Strötgen-Janßen
Friedrich-Ebert-Str. 6
42103 Wuppertal
Email: hello@mimosring.com
Phone: 0202 - 39309572
We appreciate your interest in our website. The protection of your privacy is very important to us. Below, we inform you in detail about the handling of your data.
1. Access data and hosting
You can visit our websites without providing any personal information. With each visit to a website, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of retrieval, the amount of data transferred, and the requesting provider (access data) and documents the retrieval. This access data is evaluated exclusively for the purpose of ensuring the smooth operation of the site and improving our offer. This serves to protect our legitimate interests in a correct presentation of our offer, which are overriding in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. All access data will be deleted no later than thirty days after the end of your visit to the site. All access data is processed only as long as it is necessary to achieve the above-mentioned processing purposes.
Hosting
The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in designated forms on this website are processed on their servers. For questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: Canada, New Zealand, Japan, United Kingdom, USA.
The adequacy decision for the USA applies as the basis for the third-country transfer, insofar as the respective service provider is certified. Until certification by our service providers, data transfer continues to be based on this: Standard contractual clauses of the European Commission.
Our service providers are located and/or use servers in these countries: Australia, India, Singapore.
There is no adequacy decision from the European Commission for these countries. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.
2. Data processing for contract execution and for contact purposes
2.1 Data processing for contract execution
For the purpose of contract execution (incl. inquiries regarding and handling of any existing warranty and performance disruption claims as well as any legal update obligations) in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us during your order. Mandatory fields are marked as such, as in these cases we absolutely need the data for contract execution and cannot ship the order without their provision. Which data is collected can be seen from the respective input forms.
Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and shipping processing, can be found in the following sections of this privacy policy. After complete processing of the contract, your data will be restricted for further processing and deleted after the expiry of the tax and commercial law retention periods in accordance with Art. 6 Para. 1 S. 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.
Merchandise management system
For order and contract processing, we use merchandise management systems from external service providers. Our service providers act for us within the framework of order processing. For questions about our service providers and the basis of our cooperation with them, please contact the contact option described in thisPrivacy Policy.
2.2 Customer account
If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account and for storing your data for further future orders on our website. You can delete your customer account at any time either by sending a message to the contact option described in this data protection declaration or by using a function provided for this purpose in the customer account. After deleting your customer account, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.
Contact
Within the framework of customer communication, we collect personal data for processing your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR if you voluntarily provide it to us when contacting us (e.g., via contact form, live chat tool, or email). Mandatory fields are marked as such, as in these cases we absolutely need the data to process your contact. Which data is collected can be seen from the respective input forms. After your inquiry has been fully processed, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.
2.3 Data processing for appointment booking/reservation
We collect personal data if you voluntarily provide it to us when booking an appointment/making a reservation. Mandatory fields are marked as such, as in these cases we absolutely need the data for booking the appointment/reservation and you cannot send the appointment booking/reservation without providing them. Which data is collected can be seen from the respective input forms. Information in free text fields is voluntary and does not necessarily have to be filled in for sending the appointment booking/reservation. We ask you to refrain from providing sensitive data (e.g. health-related information such as illnesses) in such free text fields.
We use the data provided by you for appointment booking/reservation in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. After complete processing of the booked appointment/reservation, your data will be restricted for further processing and deleted after the expiry of any tax and commercial law retention periods in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.
Appointment booking solution by Calendly
For the purpose of appointment booking, we use a booking solution from Calendly LLC, 115 E Main St., Ste A1B, Buford, GA 30518, USA. The service provider acts on our behalf.
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA.
The adequacy decision for the USA serves as the basis for third-country transfers, insofar as the respective service provider is certified. A certification is available.
3. Data processing for the purpose of shipping
For the fulfillment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. For questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this data protection declaration.
Data transfer to shipping service providers for the purpose of shipping notification
If you have given us your express consent during or after your order, we will pass on your email address and telephone number to the selected shipping service provider in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, so that they can contact you before delivery for the purpose of delivery notification or coordination.
The consent can be revoked at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration. For questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
4. Data processing for payment processing
When processing payments in our online shop, we work with the following partners: technical service providers, credit institutions, payment service providers.
4.1 Data processing for transaction processing
Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves the fulfillment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, the payment service providers collect the data required for payment processing themselves, e.g. on their own website or via technical integration in the order process. In this respect, the data protection declaration of the respective payment service provider applies.
Depending on the selected payment method, data transfers to third countries outside the EU/EEA may occur, for which the European Commission has determined an adequate level of data protection by decision. If data transfers to third countries outside the EU/EEA occur for which the European Commission has not issued a decision on an adequate level of data protection, the cooperation is based on standard contractual clauses of the European Commission.
If you have questions about our partners for payment processing or about the basis of our cooperation with them, please contact the contact option specified in this privacy policy.
4.2 Data processing for the purpose of fraud prevention and optimization of our payment processes
If necessary, we may provide the aforementioned service providers with additional data, which they use together with the data necessary for payment processing for the purpose of fraud prevention and optimizing our payment processes (e.g., invoicing, processing of disputed payments, accounting support). This serves to protect our legitimate interests in safeguarding against fraud and efficient payment management, which are overriding in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
5. Advertising by email
5.1 Email newsletter with registration and newsletter tracking
If you subscribe to our newsletter, we use the data required for this or separately provided by you to regularly send you our email newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.
We would like to point out that when we send the newsletter, we evaluate your user behavior. For this purpose, we also analyze your interaction with our newsletter by measuring, storing and evaluating opening rates and click-through rates for the purpose of designing future newsletter campaigns ("newsletter tracking").
For this evaluation, the emails sent contain one-pixel technologies (e.g. so-called web beacons, tracking pixels), which are stored on our website. For the evaluations, we link in particular the following "newsletter data"the page from which the page was requested (so-called referrer URL), the date and time of the retrieval, the description of the type of web browser used,
the IP address of the requesting computer,the email address,
the date and time of registration and confirmationand the one-pixel technologies with your email address or your IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.
If you do not wish for newsletter tracking, it is possible to unsubscribe from the newsletter at any time – as described above.
The information is stored as long as you are subscribed to the newsletter.
Email newsletter without registration and your right to object
If we receive your email address in connection with the sale of a good or service, we reserve the right to regularly send you offers for similar products from our range that you have already purchased via email. This serves to protect our legitimate interests in advertising to our customers, which are overriding in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. We will not send you such offers if you have already objected to the use of your email address or are listed on a legally required Robinson list.
You can object to this use of your e-mail address at any time, easily and free of charge, by sending a message to the contact option described in this privacy policy or via a dedicated link in the promotional e-mail, i.e., without incurring any costs other than the transmission costs at the basic rates. After unsubscribing, we will delete your e-mail address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.
5.2 Newsletter Dispatch
The newsletter and the newsletter tracking described above may also be sent by our service providers as part of processing on our behalf. For questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: USA, United Kingdom.
The adequacy decision for the USA serves as the basis for the third-country transfer, provided that the respective service provider is certified. A certification exists.
Our service providers are located and/or use servers in these countries: Australia, Singapore. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.
Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: USA, Canada.
A decision by the European Commission regarding an adequate level of data protection for the USA exists as a basis for a third-country transfer, provided that the respective service provider is certified. Until certification by our service providers, data transfer continues to be based on this foundation: standard contractual clauses of the European Commission.
Our service providers are located and/or use servers in these countries: India. For this country/these countries, there is no adequacy decision from the European Commission. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.
6. Cookies and other technologies
6.1 General Information
To make visiting our website attractive and to enable the use of certain functions, we use technologies, including so-called cookies, on various pages. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies). You can find the storage duration in the overview in your web browser's cookie settings.
Privacy protection for end devices
When using our online service, we use strictly necessary technologies to provide the telemedia service explicitly requested. The storage of information in your end device or access to information already stored in your end device does not require consent in this respect.
For functions that are not absolutely necessary, the storage of information in your end device or access to information already stored in your end device requires your consent. We point out that if consent is not given, parts of the website may not be fully usable. Any consents you have given remain valid until you adjust or reset the respective settings in your end device.
Any downstream data processing by cookies and other technologies
We use technologies that are absolutely necessary for the use of certain functions of our website. These technologies collect and process IP address, time of visit, device and browser information, and information about your use of our website. This serves, in the context of a balancing of interests, overriding legitimate interests in an optimized presentation of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
In addition, we use technologies to fulfill legal obligations to which we are subject (e.g., to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy. We may also use technologies that are not individually listed in this privacy policy. Further information on these technologies, including the respective legal basis for data processing, can be found on the Usercentrics platform. You can reach this platform via this link: Cookie Settings
The cookie settings for your browser can be found at the following links:
Microsoft EdgeTM / SafariTM / ChromeTM / FirefoxTM / OperaTM
If you have consented to the use of the technologies in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy. Alternatively, you can also access the following link: https://mimosring.com/pages/cookie-einstellungen. If cookies are not accepted, the functionality of our website may be limited.
6.2 Use of Usercentrics Consent Management Platform to manage consents
On our website, we use the Usercentrics Consent Management Platform ("Usercentrics") to inform you about the cookies and other technologies we use on our website, and to obtain, manage, and document your legally required consent to the processing of your personal data by these technologies. This is necessary in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR to fulfill our legal obligation under Art. 7 para. 1 GDPR to be able to demonstrate your consent to the processing of your personal data, to which we are subject. Usercentrics is a service of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, which processes your data on our behalf. When you visit our website, Usercentrics' web server stores a so-called server log file, which also contains your anonymized IP address, date and time of visit, device and browser information, and information about your consent behavior. Your data will be deleted after three years, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.
Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: USA.
The adequacy decision for the USA serves as the basis for the third-country transfer, provided that the respective service provider is certified. A certification exists.
6.3 Information on third-country transfers (data transfer to third countries)
We use technologies from service providers on our website whose registered office and/or server locations may be in third countries, outside the EU or the EEA. If there is no adequacy decision by the EU Commission for this country, an adequate level of data protection must be ensured by other suitable guarantees.
Suitable safeguards in the form of contractually agreed standard contractual clauses of the EU Commission or binding corporate rules (Binding Corporate Rules) are generally possible, but require prior verification by the contracting parties as to whether an adequate level of protection can be guaranteed. According to the case law of the ECJ, it may be necessary to take additional protective measures in this regard.
We have generally agreed to the standard contractual clauses issued by the EU Commission with the technology providers we use who process personal data in a third country. Where possible, we also agree to additional safeguards designed to ensure adequate data protection in third countries without an adequacy decision.
Nevertheless, it can happen that, despite all contractual and technical measures, the level of data protection in the third country does not correspond to that of the EU. In these cases, we ask you, if necessary, as part of the cookie consent, for your consent pursuant to Art. 49 Para. 1 lit. a GDPR for the transfer of your personal data to a third country.
In particular, there is a risk that local authorities in the third country may receive access rights to your personal data that are not sufficiently restricted from a European data protection perspective, that we as data exporter or you as data subject may not be aware of this, and/or that you may not have sufficient legal remedies available to prevent this and/or to take action against such access.
In particular, the following countries are currently considered third countries without an adequacy decision by the EU Commission (example list):
China Russia Taiwan
Information on which third countries we transfer data to can be found in the data protection notices for the respective tool and/or consent management/Consent Manager Platform (CMP) used by us.
7. Use of cookies and other technologies
On our website, we use the following cookies and other third-party technologies. Unless otherwise specified for the individual technologies, this is done on the basis of your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR. After the purpose has ceased and the use of the respective technology by us has ended, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your revocation options can be found in the section "Cookies and other technologies". Further information, including the basis of our cooperation with the individual providers, can be found in the individual technologies. For questions about the providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
7.1 Use of Google services
We use the technologies of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google") described below. The information automatically collected by Google technologies about your use of our website is usually transmitted to a Google LLC server, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there. Unless otherwise specified for the individual technologies, data processing is carried out on the basis of an agreement between joint controllers concluded for the respective technology in accordance with Art. 26 GDPR. Further information on data processing by Google can be found in Google's privacy policy.
Our service providers are located and/or use servers in countries outside the EU and EEA for which the European Commission has determined an adequate level of data protection by decision.
Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on the Standard Contractual Clauses of the European Commission.
Google Analytics
For the purpose of website analysis, data (IP address, time of visit, device and browser information, and information about your use of our website) is automatically collected and stored with Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address is stored on a server located in the EU for the derivation of location data and then immediately deleted before the traffic is forwarded to other Google servers for processing. Data processing is carried out on the basis of an agreement on commissioned processing by Google.
For the purpose of optimizing the marketing of our website, we have activated the data sharing settings for "Google products and services". This allows Google to access the data collected and processed by Google Analytics and then use it to improve Google services. The data sharing with Google within the scope of these data sharing settings is based on an additional agreement between controllers. We have no influence on the subsequent data processing by Google.
If you do not give us consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR for the use of Google Analytics, no cookies will be stored or read on your device. The data processing described in the preceding paragraphs does not take place. To close gaps in web analytics through behavioral and conversion modeling, pings with data (user-agent, information about your consent behavior, screen resolution, IP address) are sent to Google.
Google Ads
For advertising purposes in Google search results and on third-party websites, the Google Remarketing cookie is set when you visit our website. This automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information, and information about your use of our website) using a pseudonymous cookie ID and based on the pages you visit. Further data processing only takes place if you have activated the "personalized advertising" setting in your Google account. If you are logged into Google during your visit to our website in this case, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing.
For website analysis and event tracking, we measure your subsequent user behavior via Google Ads Conversion Tracking if you have reached our website via a Google Ads advertisement. For this purpose, cookies can be used and data (IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter) can be collected, from which usage profiles are created using pseudonyms.
If you do not give us consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR for the use of Google Ads, no cookies will be stored or read on your device. The data processing described in the preceding paragraphs does not take place. To close gaps in web analysis through behavioral and conversion modeling, pings with data (user-agent, information about your consent behavior, screen resolution, IP address, page URL, information about ad clicks in URL parameters) are sent to Google. Your IP address is used to derive the IP country.
Google Fonts
For the uniform display of content on our website, data (IP address, time of visit, device and browser information) is collected by the script code "Google Fonts", transmitted to Google, and then processed by Google. We have no influence on this subsequent data processing.
Google Tag Manager
The Google Tag Manager allows us to manage various codes and services on our website. When implementing individual tags, Google may also process personal data (e.g., IP address, online identifiers (including cookies)). Data processing is carried out based on a data processing agreement with Google.
The use of Google Tag Manager enables the integration of various services/technologies.
If you do not wish to use individual tracking services and have therefore deactivated them, the deactivation will remain in effect for all affected tracking tags integrated via Google Tag Manager.
7.2 Use of Facebook services
Use of Facebook Pixel
We use the Facebook Pixel within the scope of the technologies described below from Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”). With the Facebook Pixel, data (IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us, such as a website visit or newsletter registration) is automatically collected and stored, from which usage profiles are created using pseudonyms. As part of the extended data matching, information for matching purposes that can identify individuals (e.g., names, email addresses, and phone numbers) is also collected and stored in hashed form. For this purpose, when you visit our website, the Facebook Pixel automatically sets a cookie that automatically enables your browser to be recognized with a pseudonymous cookie ID when visiting other websites. Facebook (by Meta) will combine this information with other data from your Facebook account and use it to compile reports on website activities and to provide other services related to website use, in particular personalized and group-based advertising.
The information about your use of our website automatically collected by Facebook (by Meta) technologies is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Further information on data processing by Facebook can be found in Facebook (by Meta)’s privacy policy.
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Certification is available.
Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. There is no adequacy decision from the European Commission for these countries. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.
Facebook Analytics
Within the scope of Facebook Business Tools, statistics on visitor activities on our website are created from the data collected by the Facebook Pixel regarding your use of our website. Data processing is carried out based on a data processing agreement with Facebook (by Meta). Your analysis serves the optimal presentation and marketing of our website.
Facebook Ads (Ad Manager)
We advertise this website on Facebook (by Meta) and other platforms via Facebook Ads. We determine the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the exact implementation, in particular the decision on the placement of ads for individual users. Unless otherwise specified for individual technologies, data processing is carried out based on an agreement between jointly controllers according to Art. 26 GDPR. Joint responsibility is limited to the collection of data and its transmission to Meta Platforms Ireland. Subsequent data processing by Meta Platforms Ireland is not covered by this.
Based on the statistics created via Facebook Pixel on visitor activities on our website, we conduct group-based advertising on Facebook (by Meta) via Facebook Custom Audience by determining the characteristics of the respective target group. In the context of the extended data matching that takes place to determine the respective target group (see above), Facebook (by Meta) acts as our data processor.
Based on the pseudonymous cookie ID set by the Facebook Pixel and the collected data on your usage behavior on our website, we conduct personalized advertising via Facebook Pixel Remarketing.
Via Facebook Pixel Conversions, we measure your subsequent usage behavior for web analysis and event tracking when you have reached our website via a Facebook Ads advertisement. Data processing is carried out based on a data processing agreement with Facebook (by Meta).
8. Social Media
Our online presence on Facebook (by Meta), Instagram (by Meta), YouTube, Pinterest, LinkedIn
Insofar as you have given your consent to the respective social media provider in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, when you visit our online presences on the social media mentioned above, your data will be automatically collected and stored for market research and advertising purposes, from which usage profiles will be created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. Detailed information on the processing and use of data by the respective social media provider, as well as contact options and your rights and settings options for protecting your privacy, can be found in the providers' privacy notices linked below. Should you still require assistance in this regard, you can contact us.
Facebook (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information about your use of our online presence on Facebook (by Meta) automatically collected by Meta Platforms Ireland is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Data processing within the scope of visiting a Facebook (by Meta) fan page takes place on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Certification is available.
Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. There is no adequacy decision from the European Commission for these countries. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.
Instagram (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information about your use of our online presence on Instagram automatically collected by Meta Platforms Ireland is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, and stored there. Data processing within the scope of visiting an Instagram (by Meta) fan page takes place on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Certification is available.
Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. There is no adequacy decision from the European Commission for these countries. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.
YouTube is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information about your use of our online presence on YouTube automatically collected by Google is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has determined an adequate level of data protection by decision.
Our service providers are located and/or use servers in countries outside the EU and the EEA. There is no adequacy decision from the European Commission for these countries. Our cooperation with them is based on the Standard Contractual Clauses of the European Commission.
Pinterest is a service of Pinterest Europe Ltd., Waterloo Exchange, 3rd Floor, Waterloo Road, Dublin 4, Ireland (“Pinterest”). The information about your use of our online presence on Pinterest automatically collected by Pinterest is usually transferred to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has determined an adequate level of data protection by decision.
Our service providers are located and/or use servers in countries outside the EU and the EEA. There is no adequacy decision from the European Commission for these countries. Our cooperation with them is based on the Standard Contractual Clauses of the European Commission.
LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The information about your use of our online presence on LinkedIn automatically collected by LinkedIn is usually transferred to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, and stored there.
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA.
The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Certification is available.
9. Contact options and your rights
9.1 Your rights
As a data subject, you have the following rights:
pursuant to Art. 15 GDPR, the right to obtain information about your personal data processed by us to the extent specified therein;
pursuant to Art. 16 GDPR, the right to obtain without undue delay the rectification of inaccurate personal data stored by us or to have incomplete personal data completed;
pursuant to Art. 17 GDPR, the right to obtain the erasure of your personal data stored by us, unless further processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest or
for the establishment, exercise or defense of legal claims;
pursuant to Art. 18 GDPR, the right to obtain restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you; the processing is unlawful, but you oppose its erasure;
we no longer need the data, but you require it for the establishment, exercise or defense of legal claims, or
you have objected to processing pursuant to Art. 21 GDPR;
pursuant to Art. 20 GDPR, the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller;
pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our company headquarters for this purpose.
Right to object
Insofar as we process personal data as explained above to safeguard our overriding legitimate interests within the framework of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you have a right to object only if there are reasons arising from your particular situation.
After exercising your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.
This does not apply if the processing is carried out for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.
9.2 Contact options
For questions regarding the collection, processing or use of your personal data, for information, rectification, restriction or erasure of data, as well as revocation of granted consents or objection to a specific data use, please contact us directly via the contact details in our impressum.
Privacy Policy created with the Trusted Shops Legal Text Generator
Status January 2026
Note:
You can find the privacy information for our brick-and-mortar store at Privacy information for brick-and-mortar store.
Additions:
Further data protection information on our hosting provider Shopify (Shopify International Ltd., c/o Intertrust Ireland, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland):
https://www.shopify.com/legal/cookies
https://www.shopify.com/legal/privacy
https://www.shopify.com/legal/privacy/customers
https://www.shopify.com/legal/dpa
Further data protection information about our newsletter provider Klaviyo (Klaviyo Inc., 125 Summer St Floor 7, Boston, MA 02111, USA):
https://www.klaviyo.com/legal/privacy-notice
https://www.klaviyo.com/legal/data-processing-agreement
https://www.klaviyo.com/legal/subprocessors
Further data protection information regarding our newsletter provider Brevo (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany): https://www.brevo.com/de/legal/privacypolicy/
If you wish to subscribe to the newsletter offered on the website, we require an email address from you, as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter.
To ensure that the newsletter is sent with your consent, we use the so-called double opt-in procedure. As part of this, the potential recipient can be added to a distribution list. Subsequently, the user receives a confirmation email allowing them to legally confirm the registration. The address is only actively added to the distribution list if confirmation is given.
Sendinblue GmbH is used as the newsletter software. Your data will be transmitted to Sendinblue GmbH. Sendinblue GmbH is prohibited from selling your data and from using it for purposes other than sending newsletters. Sendinblue GmbH is a German, certified provider that was selected according to the requirements of the General Data Protection Regulation and the Federal Data Protection Act. You can find more information here: https://www.brevo.com/de/informationen-newsletter-empfaenger/? rtype=n2go. You can revoke your consent to the storage of data, the email address, and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.
Data protection measures are subject to constant technical renewal, which is why we ask you to inform yourself about our data protection measures at regular intervals by reviewing our data protection information.
Further data protection information regarding our appointment booking provider Calendly (Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA):
https://calendly.com/legal/privacy-notice
https://calendly.com/legal/data-processing-addendum
Further data protection information regarding our invoicing and accounting software sevDesk (sevDesk GmbH, Im unteren Angel 1, 77652 Offenburg, Germany):
https://sevdesk.de/datenschutz/
Information on the EU standard contractual clauses: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en?prefLang=de)
As of January 2026


