The original - Since 2005

  Truly sustainable

  More than 150 000 happy parents

  Great design made to last

Go to homepage
icon header wishlist
icon header cart
icon instagram icon youtube icon facebook

Privacy Policy – clear & concise

Data protection at a glance

Have you ever read a full privacy policy and understood every part of it? Neither have we. But because we want to offer you transparency that actually works for you, and just like our products strive for ease of use and usability, we’ve laid out the data protection for you in the first part in understandable and manageable words. The detailed, legally compliant part of the privacy policy follows afterward…

Who we are

We are mamalila GmbH, In der Herrnau 3, 90518 Altdorf, Germany, and develop and sell babywearing jackets and accessories.

Phone: +49 (0) 91 87 / 90 79 89 ‑ 0

E‑mail: info@mamalila.de

Which data do we collect?

  • Directly from you: e.g., when placing an order, registering, subscribing to the newsletter or contacting us.
  • Automatically: e.g., your IP address, browser, device type or time of page visit (server log files).
  • With your consent: e.g., via analytics and marketing tools (cookies, pixels, tracking).

What do we use your data for?

  • So that the shop works technically and orders can be processed.
  • For payments, shipping and customer service. To analyse and optimise our offer (only with your consent).
  • For advertising on Google, Meta/Facebook, Pinterest (also only with your consent).
  • For our newsletter, if you have signed up.

Which third-party services we use?

Hosting: Our shop runs on servers by Timme Hosting GmbH & Co. KG, Lüneburg. These are located in Germany.

Analytics & advertising: Google Analytics, Google Ads, Google Tag Manager, Meta/Facebook Pixel, Pinterest Tag, server‑side tracking.

Consent management: Cookiebot – so you can manage your consents via the cookie banner that appears on your first visit.

Newsletter: Brevo – if you have signed up for the newsletter.

Payment providers: PayPal and Mollie – both process the necessary payment data solely for the payment transaction. Very important: your payment data, such as credit card information, does not remain with us, but is processed securely by these providers.

Social media: We run profiles on Instagram, Pinterest, TikTok and Facebook. When you interact with us there, the rules of the respective platforms apply in addition.

Privacy

Your data is transmitted encrypted (SSL/TLS).

Payments always run through secure connections!

Your rights

You have the right at any time to:

  • request information about the data we store about you
  • have incorrect data corrected or deleted
  • restrict the processing of your data
  • request that your data be transferred to you (data portability)
  • withdraw any consent you have previously given
  • object to the use of your data for advertising purposes at any time.

And: You can complain to a data protection supervisory authority if you wish.

Good to know

Some services (e.g., Google, Meta) may also process data in the USA. We ensure the necessary safeguards are in place.

Our data protection officer:

Vicki Marx, In der Herrnau 3, 90518 Altdorf, Germany

Phone: +49 (0) 91 87 / 90 79 89 ‑ 0, E‑mail: info@mamalila.de

Analytics, Marketing & Social Media 

 1. Analytics and Tracking Services

Google Analytics (incl. IP anonymisation, e‑commerce tracking, possibly User‑ID)

We use Google Analytics 4, a web analysis service by Google Ireland Limited. With your consent, we collect statistical data about your surfing behaviour (e.g., page views, dwell time, click behaviour, transactions, e‑commerce activities). To minimise data, your IP address is anonymised before storage. If you use the User‑ID function, a user profile across devices may be created. Legal basis: Art. 6 (1) lit. a GDPR (consent) and in some cases Art. 6 (1) lit. f GDPR (legitimate interest, if analysed but no consent given).

server‑side tracking

For certain evaluations we use server‑side tracking (e.g., for sending order or transaction data). Here data may first be transferred to our own server and from there to Google Analytics – always with your consent or if legally permissible.

Google Tag Manager

We use Google Tag Manager to centrally and flexibly manage the embedding of further scripts (analysis or marketing tools). The Tag Manager itself does not collect personal data; it only loads the relevant tags/scripts after your consent.

2. Marketing, Advertising & Social Media Tools

Facebook / Meta Pixel

The Meta Pixel is used to measure and optimise our advertising campaigns on Meta/Facebook/Instagram. With your consent, clicks, ad interactions and conversions are tracked.

Pinterest tag

With the Pinterest Tag, actions (e.g., product view, “interested”) on our website can be measured and targeted ads on Pinterest can be placed – also only after your consent.


Google Ads / Remarketing / Conversion‑Tracking / DoubleClick

We run campaigns via Google Ads and use remarketing functions and conversion tracking, e.g., to see which ads lead to purchases. This also includes DoubleClick cookies. Again, this only happens with your consent via the consent banner.


3. Consent Management & Newsletter

Cookiebot

We use Cookiebot as a consent management tool to make the setting of cookies and tracking technologies transparent and document your consents. Only after your consent will non‑essential cookies and tracking scripts be activated.

Brevo Newsletter

If you sign up for our newsletter, we store and process your email address and possibly other details (e.g., name) to execute the newsletter dispatch. Legal basis: your consent (Art. 6 (1) lit. a GDPR). You can withdraw this consent at any time.


4. Social Media

We maintain social media profiles on Instagram, Pinterest, TikTok and Facebook. If you interact with us via those platforms (comments, messages, likes), data is processed that you as user provide and/or the platform collects (username, profile picture, content, IP). We are jointly responsible if platforms use shared data. Further info can be found in the privacy policies of the respective platforms.

Storage & Data Processing

The data we collect through tracking and marketing tools are stored only as long as necessary for the respective purposes or as legally required.

Sensitive data or personal information required for transactions are securely transmitted (TLS/SSL) and protected by appropriate technical measures.

Payments – a quick overview

When you shop with us, we of course need some data from you so that everything runs smoothly: name, address, payment info. We use this only to process your order – afterwards only the data remains which we must retain for legal reasons.

For payment we work with reliable payment services:

PayPal: classically via PayPal account, credit card or direct debit. PayPal may conduct a credit check for certain payments.

Mollie: e.g., credit card, Sofort transfer, Apple Pay or Giropay.

Klarna (via Mollie): If you choose “purchase on invoice” or “installments”, Klarna handles the processing and may check your creditworthiness.

Your payment data are thus sent directly and securely to the respective provider – not to us. Their privacy rules apply there.

Our goal: a secure, comfortable and straightforward payment for you.


Privacy Policy – detailed & legally compliant

1. Privacy at a glance

General information

The following information provides you with a detailed overview of what happens with your personal data when you visit this website. Personal data are all data with which you can be personally identified. For detailed information on data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. The contact details of this party can be found in the imprint (“Impressum”) of this website.

How do we collect your data?

Your data are collected partly because you voluntarily provide them to us. This can include, for example, data you enter into a contact form. Other data are collected automatically or after your consent when you visit the website via our IT systems. These are primarily technical data (e.g., browser type, operating system, or time of the page visit). The collection of this data occurs automatically as soon as you access this website.

What do we use your data for?

Part of the data is collected in order to ensure error‑free provision of the website. Other data may be used to analyze your user behaviour.

What rights do you have regarding your data?

You have the right at any time to request information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request correction or deletion of these data. If you have given your consent to data processing, you may withdraw this consent at any time for the future. Additionally, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this purpose and for any further questions regarding data protection, you can contact us at any time using the address given in the imprint.

Analysis tools and third‑party tools

When visiting this website, your surfing behaviour may be statistically evaluated. This happens primarily using so‑called analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting and Content Delivery Networks (CDNs)

External hosting

This website is hosted by an external service provider (hosting provider). The personal data that are collected on this website are stored on the hosting provider’s servers. These may include in particular IP addresses, contact requests, meta‑ and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The use of the hosting provider is for the purpose of fulfilling the contract towards our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR).

Our hosting provider will process your data only to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to these data.

The technical provision of our web shop is carried out by Timme Hosting GmbH & Co. KG, Ovelgönner Weg 43, 21335 Lüneburg, Germany

Conclusion of a processing agreement

In order to ensure data‑protection compliant processing, we have concluded a data processing agreement (contract for commissioned processing) with our hosting provider.

3. General information and mandatory disclosures

Data protection

We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy. When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains what data we collect and what we use them for. It also explains how and for what purpose this is done. We point out that data transmission over the Internet (e.g., when communicating by e‑mail) can have security gaps. Complete protection of data against third‑party access is not possible.

Note on the responsible entity

The responsible entity for data processing on this website is:

mamalila GmbH

In der Herrnau 3

90518 Altdorf Germany

Phone: +49 (0) 91 87 / 90 79 89‑0

E‑mail: info@mamalila.de

The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses or similar).

Storage period

If a more specific storage period is not stated within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you request deletion of your data or withdraw your consent to processing, your data will be deleted unless we have a legally permissible reason for storing your personal data (for example tax or commercial law retention periods); in the latter case the deletion will take place after the retention reason ends.

Legally required data protection officer

We have appointed a data protection officer for our company.

Vicki Marx

In der Herrnau 3

90518 Altdorf

Germany

Phone: +49 (0) 91 87 / 90 79 89‑0

E‑mail: info@mamalila.de

Note on data transfer to the USA

On our website, tools from companies based in the USA are used among others. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We point out that the USA are not a secure third country within the meaning of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action. It therefore cannot be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence on these processing activities.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You may withdraw any consent already given at any time. The legality of the data processing carried out up to the time of the withdrawal remains unaffected. 

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data; this also applies to profiling based on these provisions. The respective legal basis on which processing is based is shown in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or processing serves the establishment, exercise or defence of legal claims (objection pursuant to Art. 21(1) GDPR). If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it relates to direct marketing. If you object, your personal data will no longer be used for such purposes (objection pursuant to Art. 21(2) GDPR).

Right to complain to the competent supervisory authority 

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their workplace or the place of the alleged infringement. This does not affect other administrative or judicial remedies.

Right to data portability

You have the right to receive data that we process about you on the basis of your consent or in fulfilment of a contract in a structured, commonly used and machine‑readable format, and you have the right to transmit such data to another controller. If you request direct transmission to another controller, this will only be carried out to the extent technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as operator of the website, this site uses SSL or TLS encryption. You can recognise a secure connection by looking at your browser address line as it changes from “http://” to “https://” and by the lock‑symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If after conclusion of a paid contract you transfer your payment data (e.g., bank account number for direct debit) to us, these data are required for payment processing. The payment transactions using common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. A secure connection is indicated by the change of the browser address line from “http://” to “https://” and by the lock‑symbol in your browser line.

With encrypted communication your payment details transmitted to us cannot be read by third parties.

Access, deletion and correction

You have the right at any time, within the scope of applicable laws, to request free information about your stored personal data, their origin and recipients, and the purpose of the data processing. You also have the right to request correction or deletion of these data. For this purpose as well as for any further questions about personal data you can contact us at any time using the address stated in the imprint. 

Right to restriction of processing

You have the right to request restriction of processing of your personal data. To do so you may contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases: If you contest the accuracy of your personal data stored with us, we normally need time to verify this. During the verification period you have the right to request restriction of processing of your personal data. If processing of your personal data was/is unlawful, you may request restriction instead of deletion. If we no longer require your personal data but you need them to establish, exercise or defend legal claims, you have the right to request restriction instead of deletion. If you have filed an objection pursuant to Art. 21(1) GDPR, a balancing of interests is needed between your interests and ours. Until it is clear whose interests prevail, you have the right to request restriction of processing of your personal data. If you have restricted processing, these data – apart from storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the EU or a Member State.

Objection to advertising emails

The use of contact data published in the legal notice (imprint) for the sending of unsolicited advertising and information materials is hereby contradicted. The operators of the pages explicitly reserve the right to take legal action in case of unsolicited sending of advertising information, e.g., by spam emails.

4. Data collection on this website

Cookies

Our websites use so‑called “cookies”. Cookies are small text files and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain on your device until you delete them yourself or the browser automatically deletes them.

In some cases, cookies from third‑party companies may also be stored on your device when you visit our site (third‑party cookies). These enable us or you to use certain services of the third‑party company (e.g., cookies for payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies serve to evaluate user behaviour or to display advertisements.

Cookies that are necessary for the electronic communication process (necessary cookies) or for the provision of certain functions you request (functional cookies, e.g., for the shopping cart function) or for website optimisation (e.g., cookies to measure web audiences) are stored based on Art. 6(1)(f) GDPR if no other legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically fault‑free and optimised provision of its services. If consent to storage of cookies has been obtained, storage occurs exclusively based on Art. 6(1)(a) GDPR; the consent is revocable at any time.

You can configure your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or entirely, and enable automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be limited.

Insofar as cookies from third‑party providers or for analysis purposes are used, we will inform you separately within this privacy policy and, if applicable, obtain your consent.

Server‑log files

The provider of this website automatically collects and stores information in so‑called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

A merging of this data with other data sources will not be carried out.

The collection of these data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the error‑free presentation and optimisation of its website — for this purpose the server log files must be collected.

Contact form

If you send us inquiries via a contact form, your details from the inquiry form—including the contact data you provided there—will be stored by us for the purpose of handling your inquiry and in case follow‑up questions arise. We will not share your data without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR if your inquiry is related to the fulfilment of a contract or to pre‑contractual measures; in all other cases the processing is based on our legitimate interest in effective handling of the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if requested. The data you entered into the contact form remain with us until you ask us to delete them, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully handled). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Request by email or telephone

If you contact us by email or telephone, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of handling your matter. We will not share these data without your consent.

 Processing of these data is based on Art. 6(1)(b) GDPR if your request is related to fulfilling a contract or to pre‑contractual measures; in all other cases it is based on our legitimate interest in effective handling of the inquiries addressed to us (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR) if obtained.

The data you send to us by contact enquiry will remain with us until you ask us to delete them, withdraw your consent to storage, or the purpose for storage no longer applies (e.g., after your request has been fully dealt with). Mandatory statutory provisions, in particular statutory retention periods, remain unaffected.

Registration on this website

You may register on this website in order to use additional functions on the site. The data you enter for registration will be used strictly for the purpose of using the respective offering or service for which you registered. The mandatory data requested during registration must be provided in full; otherwise we will refuse registration. For important changes (e.g., in the scope of offerings) or for technically necessary changes we will use the e‑mail address provided during registration to inform you. 

Processing of the data entered at registration is for the purpose of executing the usage relationship established by registration and possibly for initiating further contracts (Art. 6(1)(b) GDPR). 

The data recorded during registration will remain stored by us as long as you are registered on this website and will be deleted thereafter. Statutory retention periods remain unaffected.

5. Analysis tools and advertising

Google Analytics

This website uses features of the web analysis service Google Analytics. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In this process the website operator receives various usage data, such as page views, dwell time, operating systems used and origin of users. These data may be combined by Google into a user profile and associated with the respective user or device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g., cookies or device‑fingerprinting). The information generated by your use of this website (including your IP address) will usually be transferred to a Google server in the USA and stored there. Use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its web offering and its advertising. If corresponding consent has been obtained (e.g., consent to store cookies), processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; consent may be revoked at any time.

Data transmission to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

We have activated the IP anonymisation function on this website. As a result your IP address is truncated by Google within member states of the European Union or in other member states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide further services related to website usage and Internet usage for the website operator. The IP address transmitted by your browser in the context of Google Analytics will not be combined with other Google data.

Browser add‑on

You can prevent the collection and processing of your data by Google by downloading and installing the browser add‑on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information about how Google handles user data can be found in the Google privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Commissioned processing

We have concluded a commissioned processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics e‑commerce tracking

This website uses the “e‑commerce tracking” function of Google Analytics. With the help of e‑commerce tracking the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. In this process information such as the orders placed, average order value, shipping costs and time from product view to purchase are recorded. This data can be combined by Google under a transaction ID that is associated with the respective user or device.

Storage period

Data stored by Google on user and event level linked to cookies, user identifiers (e.g., User ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months. More details are available here: https://support.google.com/analytics/answer/7667196?hl=de

Google Tag Manager

We use Google Tag Manager. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool which we use to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It only serves to manage and fire the tools embedded via it. However, the Google Tag Manager loads your IP address which may be transferred to the parent company of Google in the United States. The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in fast and simple integration and management of several tools on its website. If consent was requested, processing occurs exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the end device of the user (e.g., device‑fingerprinting) within the meaning of TTDSG. The consent can be withdrawn at any time.

The company is certified under the “EU‑US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF commits to comply with these data protection standards. More information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Browser add‑on

You can prevent the collection and processing of your data by Google by downloading and installing the browser add‑on available at: https://tools.google.com/dlpage/gaoptout?hl=de.

More information about how Google handles user data can be found in the Google privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Signals

We use Google Signals. When you visit our website Google Analytics collects, among other things, your location, search history and YouTube history as well as demographic data (visitor data). This data may be used via Google Signals for personalized advertising. If you have a Google account, the visitor data may be linked to your Google account and used for personalized advertising. The data are also used to compile anonymized statistics on user behaviour.

Google Analytics e‑commerce measurement

This website uses the “e‑commerce measurement” function of Google Analytics. With the help of e‑commerce measurement the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. In this process information such as orders placed, average order value, shipping costs and time from product view to purchase are recorded. The data can be combined by Google under a transaction ID associated with the respective user or device.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to place advertising in the Google search engine or on third‑party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertising can be delivered based on user data available at Google (e.g., location data and interests) (audience targeting). As website operator we can evaluate these data quantitatively, for example by analysing which keywords led to the display of our ads and how many ads resulted in corresponding clicks.

Use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. The consent may be revoked at any time. Data transfer to the USA is supported by the EU Commission’s standard contractual clauses. Details can be found here: https://policies.google.com/technologies/ads?hl=de and https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the “EU‑US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in the USA. Each company certified under the DPF commits to comply with these data protection standards. More information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With Google Ads Remarketing we can assign people who have interacted with our online offering to certain target groups and then show them interest‑based advertising in the Google advertising network (remarketing / retargeting). Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to the cross‑device functions of Google. In this way, interest‑based, personalized advertising messages that were tailored to you on one device (e.g., mobile phone) based on your previous usage and surfing behaviour may also be shown on another of your devices (e.g., tablet or PC). If you have a Google account, you can opt out of personalized advertising at: https://www.google.com/settings/ads/onweb/ Use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. The consent may be revoked at any time. More information and the privacy policy can be found in Google’s privacy policy under: https://policies.google.com/technologies/ads?hl=de. The company is certified under the “EU‑US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in the USA. Each company certified under the DPF commits to comply with these data protection standards. More information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Conversion‑Tracking

This website uses Google Conversion Tracking. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking Google and we can determine whether the user has performed certain actions. For example, we can evaluate which buttons on our website are clicked how often and which products are viewed or purchased particularly frequently. This information serves to compile conversion statistics. We learn the total number of users who clicked on our advertisements and what actions they performed. We do not receive any information which would allow us to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification. Use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. The consent may be revoked at any time. More information on Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de The company is certified under the “EU‑US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in the USA. Each company certified under the DPF commits to comply with these data protection standards.

More information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search?contact=true&id=a2zt000000001L5AAI&status=Active 

Google DoubleClick

This website uses functions of Google DoubleClick. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereafter “DoubleClick”).

DoubleClick is used to show interest‑based advertising in the entire Google advertising network. The advertisements can be adapted to the interests of the respective viewer using DoubleClick. In order to show interest‑based advertising it is necessary for DoubleClick to recognise the respective viewer and to assign their visited websites, clicks and other usage information to them. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g., device‑fingerprinting). The collected information is combined into a pseudonymous user profile in order to display relevant advertising to the respective user. Use of Google DoubleClick is in the interest of targeted advertising measures. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If corresponding consent has been obtained (e.g., for cookie storage), processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; consent may be revoked at any time.

More information on objection options against advertising displayed by Google can be found at the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

Meta Pixel (formerly Facebook Pixel)

This website uses visitor action‑pixels from Facebook/Meta to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

According to Meta the collected data are also transferred to the USA and other third‑countries. Thus the behaviour of page visitors can be tracked after they have been redirected to the website of the provider via a click on a Facebook advertisement. This enables evaluation of the effectiveness of Facebook advertisements for statistical and market research purposes and optimisation of future advertising campaigns. The collected data are anonymous to us as the operators of this website; we cannot infer the identity of the users. However, the data are stored and processed by Facebook in such a way that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Use Policy (https://de-de.facebook.com/about/privacy/). As a result Facebook may enable the display of advertisements on Facebook and outside Facebook. This use of data by Facebook is beyond our control.

Use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. The consent may be revoked at any time. Where personal data are collected on our website using the tool described above and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for these data processing operations (Art. 26 GDPR). Joint responsibility is limited to collection of data and their forwarding to Facebook; subsequent processing by Facebook is not part of the joint responsibility. The obligations owed by us jointly are laid down in a joint‑processing addendum (controller addendum). The text of the addendum can be viewed here: https://www.facebook.com/legal/controller_addendum. According to this addendum we are responsible for giving you the privacy information when using the Facebook tool and for the data‑protection compliant implementation of the tool on our website. Facebook is responsible for the data security of its products. You can assert your data‑subject rights (e.g., right of access) directly with Facebook. If you assert rights with us we must pass them on to Facebook. Data transfers to the USA are supported by the EU Commission’s standard contractual clauses. Details can be found at: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

More information on Facebook’s privacy policy can be found at: https://de-de.facebook.com/about/privacy/. You can also deactivate the remarketing function “Custom Audiences” in the ad‑settings at https://www.facebook.com/ads/preferences/entry_product=ad_settings_screen (you must be logged into Facebook). If you do not have a Facebook account you can disable usage‑based advertising from Facebook via the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/. The company is certified under the “EU‑US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in the USA. Each company certified under the DPF commits to comply with these data protection standards. More information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Pinterest Tag

We use a Pinterest Tag on this website. Provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

The Pinterest Tag is used to capture certain actions you take on our website. The data may subsequently be used to display interest‑based advertising to you on our website or on another site of the Pinterest‑Tag advertising network. For this purpose the Pinterest Tag collects among other things a tag ID, your location and the referrer URL. In addition, action‑specific data such as order value, quantity, order number, category of purchased items and video views may be collected.

The Pinterest Tag uses technologies that enable cross‑site recognition of the user for analysis of user behaviour (e.g., cookies or device‑fingerprinting). If consent has been obtained, use of the above‑mentioned service is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 TTDSG. The consent may be revoked at any time. If no consent has been obtained, use of the service is based on Art. 6(1)(f) GDPR; the website operator has a legitimate interest in the most effective marketing measures possible. Pinterest is a global company and data transfers to the USA may occur. According to Pinterest these transfers are based on the EU Commission’s standard contractual clauses. Details can be found here: https://policy.pinterest.com/de/privacy-policy. Further information on the Pinterest Tag can be found here: https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag.

Back‑in‑stock notification via e‑mail

If we offer the option in our online shop to notify you by e‑mail when selected temporarily unavailable items become available again, you can register for our e‑mail notification service for product availability. If you register for our product availability email notification service, we will send you a one‑time message by email about the availability of the item you selected. The only mandatory information for sending this notification is your email address. Provision of further data is voluntary and is used to personally address you. For sending this notification we use the so‑called double opt‑in procedure. This means that we will only send you a notification after you have explicitly confirmed that you consent to receive such a message. We will then send you a confirmation email with a link that you must click to confirm you wish to receive such notification. By activating the confirmation link you give us your consent for the use of your personal data pursuant to Art. 6(1)(a) GDPR. When registering for our product‑availability email notification service we store your IP address recorded by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace any misuse of your email address at a later date. The data collected by us when registering for our product‑availability email notification service are used exclusively for the purpose of notifying you about availability of a specific item in our online shop.

You may unsubscribe from the product‑availability email notification service at any time by sending a corresponding message to the responsible entity named above. After unsubscription your email address will be deleted immediately from our distribution list unless you have expressly consented to further use of your data or we reserve further use permitted by law and inform you about it in this policy.

Feedback reminder via e‑mail

Own review reminder (not sent by a customer‑rating system) We use your email address to send a one‑time reminder to provide a review of your order for the rating system we use, provided you have given us your explicit consent for this during or after your order pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time by sending a message to the controller responsible for data processing.

6. Newsletter

Newsletter data

If you wish to receive the newsletter offered on the website, we require your email address and information that enables us to verify that you are the owner of the specified email address and consent to receiving the newsletter. Further data are not collected or are collected only on a voluntary basis. These data are used exclusively for sending the requested information and are not passed on to third parties.

Processing of the data entered in the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR). The consent you have given to storage of the data, your email address and its use for sending the newsletter may be revoked at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing carried out prior to revocation remains unaffected.

The data you provide us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will then be deleted. Data collected for other purposes remain unaffected.

After you unsubscribe your email address may be stored by us or the newsletter service provider in a blacklist, in order to prevent future mailings. The data from the blacklist are used only for this purpose and are not combined with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests override our legitimate interest.

7. Plugins and tools

YouTube with enhanced‑privacy mode

This website embeds YouTube videos. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced‑privacy mode. According to YouTube this mode ensures that YouTube does not store any information about visitors on this website before they play the video. However, the sharing of data with YouTube partners is not fully excluded by enhanced‑privacy mode. For example, YouTube – regardless of whether you play the video – may establish a connection to the Google DoubleClick network.

Once you start a YouTube video on this website a connection to YouTube’s servers is established. The YouTube server is notified which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to link your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, once you start a video YouTube may store various cookies on your device or use comparable recognition technologies (e.g., device‑fingerprinting). In this way YouTube may collect information about visitors to this website. This information is used, among other things, to compile video statistics, to improve user friendliness and to prevent fraudulent behaviour.

Where applicable, further data processing operations may be triggered after the start of a YouTube video over which we have no influence. Use of YouTube is in our interest in an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where corresponding consent has been obtained, processing occurs exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as consent includes the storage of cookies or access to information on the user’s end device (e.g., device‑fingerprinting) within the meaning of TTDSG. The consent may be revoked at any time. Further information on YouTube’s privacy policy can be found here: https://policies.google.com/privacy?hl=de.

Live‑Chat Smartsupp

We use on our website a plugin from Smartsupp.com, s.r.o (Milady Horakove 13, 602 00 Brno, Czech Republic, European Union). If no operator is available for chat you may send us a request by clicking “Send us a message”. For us to answer your request you will then need to enter your name and email address, compose your message, and send it to us.

If an operator is available for chat you will see “Can we help? – We respond instantly”. Through clicking the button the chat dialog window opens. You can generally chat with us without providing personal data. However, it may be that during the chat we ask for personal data in order to provide you with an offer after the chat. The legal basis for processing the data is our legitimate interest in responding to your request (Art. 6(1)(f) GDPR). If your contact aims at concluding a contract, then the additional legal basis is Art. 6(1)(b) GDPR. Storage of the chat history (including personal user data) on the Smartsupp servers is limited to three months. Furthermore, Smartsupp provides some statistical functions to us, such as motion‑profiles on our website. However, this information does not allow us to draw conclusions about your person. Processing of these data arises when you visit the website. Smartsupp describes its handling of the data transparently in accordance with the GDPR at https://www.smartsupp.com/de/privacy.

Google Maps

This site uses the Google Maps service. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps it is necessary to store your IP address. This information is generally transferred to a Google server in the USA and stored there. The provider of this website has no influence over the transmission of data. If Google Maps is activated, Google may use Google Fonts for the uniform display of fonts. When you access Google Maps, your browser loads the required web fonts into its browser cache to correctly display text and fonts. Use of Google Maps is in our interest in an appealing presentation of our online offerings and in making the locations we indicate on the website easy to find. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where corresponding consent has been obtained, processing occurs exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, to the extent consent includes storage of cookies or access to information on the user’s device (e.g., device‑fingerprinting) under TTDSG. The consent may be revoked at any time. Data transfer to the USA is supported by the EU Commission’s standard contractual clauses. Details: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on how Google handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU‑US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in the USA. Each company certified under the DPF commits to comply with these data protection standards. More information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

8. E‑commerce and payment providers

Processing of data (customer and contract data)

We collect, process and use personal data only to the extent that it is necessary for establishing, designing or changing the legal relationship (inventory data). This is carried out on the basis of Art. 6(1)(b) GDPR, which permits processing of data for the performance of a contract or pre‑contractual measures. Personal data about use of the website (usage data) are only collected, processed and used to the extent necessary to enable the user to use the service or to settle it.

The collected customer data are deleted after completion of the order or termination of the business relationship.

 Statutory retention periods remain unaffected.

Data transfer upon conclusion of contract for online‑shops, retailers and goods shipping

We transmit personal data to third parties only if this is necessary in the course of contract processing, for example to the companies entrusted with delivery of goods or the bank engaged with payment processing. Further transmission of data does not occur unless you have explicitly consented. We do not pass on your data to third parties for advertising purposes without your explicit consent. The legal basis for data processing is Art. 6(1)(b) GDPR which permits processing of data for performance of a contract or pre‑contractual measures.

Payment services

We integrate payment services of third‑party companies on our website. If you make a purchase with us, your payment data (e.g., name, payment amount, account details, credit‑card number) will be processed by the payment service provider for the purpose of payment processing. The contractual and data protection provisions of the respective providers apply to those transactions. Use of the payment service providers is based on Art. 6(1)(b) GDPR (contract processing) as well as in the interest of the most smooth, comfortable and secure payment process possible (Art. 6(1)(f) GDPR). To the extent that your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis of processing; consents are revocable at any time.

The following payment services/payment providers are used on this website:

PayPal

When selecting the payment method “PayPal” (PayPal, credit card via PayPal, direct debit via PayPal or “Pay later”) payment processing takes place via PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L‑2449 Luxembourg 

PayPal may perform a credit check for certain payment methods. More information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Mollie

If you use a payment method via Mollie B.V. (e.g., credit card, Sofort transfer, Giropay, Apple Pay or Klarna), technical processing takes place via: Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands

More information: https://www.mollie.com/de/privacy 

Klarna (via Mollie)

When you select a Klarna payment method (e.g., purchase on invoice or instalment payment) the processing is done via Mollie and subsequently via Klarna Bank AB (publ): Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden Klarna may carry out a credit check and collects personal data such as name, address, date of birth, phone number, payment information and order data.

More on Klarna’s privacy policy: https://www.klarna.com/de/datenschutz/

Our Social Media Presence

This privacy policy applies to all our social media profiles. You can find links to them in the footer of our website.

Data Processing by Social Networks

We maintain publicly accessible profiles on social media platforms. The specific networks we use are listed below.

Social networks such as Facebook, TikTok, etc., can typically analyze your user behavior in detail when you visit their websites or a site with integrated social media content (e.g., like buttons or ad banners). Visiting our social media profiles triggers numerous data processing operations relevant to privacy.

Details:

If you are logged into your social media account and visit our profile on the same platform, the operator of that platform may link your visit to your user account. Your personal data may also be collected if you are not logged in or do not have an account on the respective platform. In this case, data collection can occur via cookies stored on your device or by capturing your IP address.

Using the collected data, social media platform operators can create user profiles that store your preferences and interests. This allows interest-based advertising to be displayed to you both on and off the platform. If you have an account on the respective platform, such personalized advertising may appear on all devices you are or were logged in on. Please also note that we do not have access to all data processing activities conducted by social media platforms. Depending on the provider, additional operations may be carried out by the platforms’ operators. For details, please consult the respective terms of service and privacy policies of the platforms.

Legal Basis

Our social media presence is intended to ensure the broadest possible visibility on the Internet, which constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR. Any analysis processes initiated by social networks may be based on different legal grounds which must be specified by the platform providers (e.g., user consent under Art. 6(1)(a) GDPR).

Joint Responsibility and Your Rights

If you visit one of our social media pages (e.g., Facebook), we are jointly responsible with the operator of that platform for the data processing operations triggered during the visit. You may exercise your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) both against us and the respective platform operator (e.g., Facebook). Please note that despite this shared responsibility, we do not have full influence over how these platforms process data. Our level of control is primarily determined by the policies of the respective provider.

Retention Period

The data we collect directly through our social media presence is deleted from our systems once you request its deletion, withdraw your consent to storage, or the purpose for storage no longer applies. Cookies remain on your device until deleted by you. Mandatory legal provisions — especially retention periods — remain unaffected. We have no control over the storage duration of your data retained by social media operators for their own purposes. For details, please consult the respective operators' privacy policies.

Your Rights

You have the right to request information about the origin, recipient, and purpose of your stored personal data at any time, free of charge. You also have the right to object, to data portability, and to file a complaint with the competent supervisory authority. Furthermore, you may request correction, blocking, deletion, or restriction of processing of your personal data under certain conditions.

Social Networks in Detail

Facebook

We maintain a profile on Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta"). According to Meta, collected data may also be transferred to the USA or other third countries. We have entered into a joint controller agreement ("Controller Addendum") with Meta. This agreement outlines the responsibilities of each party regarding data processing when you visit our Facebook page. You can view the agreement here: https://www.facebook.com/legal/terms/page_controller_addendum You can manage your ad preferences in your Facebook account here: https://www.facebook.com/settings?tab=ads Data transfers to the US are based on the EU Commission’s standard contractual clauses.

More info: https://www.facebook.com/legal/EU_data_transfer_addendum https://de-de.facebook.com/help/566994660333381

Facebook’s privacy policy: https://www.facebook.com/about/privacy/

Meta is certified under the EU-U.S. Data Privacy Framework (DPF): https://www.dataprivacyframework.gov/...

Instagram

We maintain a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Data transfers to the US are based on EU Commission standard contractual clauses. More info: https://www.facebook.com/legal/EU_data_transfer_addendum https://privacycenter.instagram.com/policy/ https://de-de.facebook.com/help/566994660333381 Meta is certified under the DPF: https://www.dataprivacyframework.gov/... 

Pinterest

We maintain a profile on Pinterest. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

Privacy policy: https://policy.pinterest.com/de/privacy-policy

YouTube

We maintain a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://policies.google.com/privacy?hl=de Google is certified under the DPF: https://www.dataprivacyframework.gov/...