Skip to content

Free shipping within Germany from 149 €

Fall in love at your leisure: 30 days to try on & decide

Maximum comfort since 1949

Pay conveniently by invoice

Sign up for our newsletter and save 10%

Language

Cart

Privacy policy

1. Controller

The controller responsible for the processing of personal data in connection with this online shop is:

Rösch Fashion GmbH & Co. KG
Schaffhausenstraße 101
72072 Tübingen
Germany

Telephone: +49 (0)7071 153-499
Email: info@roesch-fashion.com
Website: https://www.roesch-fashion.com

Represented by the managing and personally liable partner:
Rösch Fashion Verwaltungs-GmbH, Schaffhausenstraße 101, 72072 Tübingen, Germany,
represented by its managing directors: Ralf Herrmann, Arnd-Gerrit Rösch.

Where this policy refers to “we” or “us”, this means Rösch Fashion GmbH & Co. KG.

2. Contact Details of the Data Protection Officer

Our Data Protection Officer is:

PROLIANCE GmbH
Leopoldstr. 21
80802 Munich
Germany

Website: www.datenschutzexperte.de
Email: datenschutzbeauftragter@datenschutzexperte.de

You may contact our Data Protection Officer at any time with any questions regarding data protection.

3. Scope

This Privacy Policy applies to the online shop under the domain www.roesch-fashion.com and to the associated subpages and functions provided via the Shopify shop platform, in particular:

  • order and customer account functions
  • returns portal
  • newsletter registration and dispatch
  • review functions via Judge.me
  • chat function via Shopify Inbox

Our offering is aimed at adults. It is not specifically directed at children.

4. Terms and Legal Bases

4.1 Terms

This Privacy Policy uses the terms from the General Data Protection Regulation (GDPR), in particular:

  • Personal data: any information relating to an identified or identifiable natural person.
  • Processing: any operation performed in connection with personal data, such as collection, storage, transmission or deletion.
  • Controller: the body that determines the purposes and means of processing.
  • Processor: a service provider that processes personal data on our behalf.
  • Recipient: a person or body to whom personal data is disclosed.
  • Consent: a freely given, informed and unambiguous indication of wishes regarding processing.

4.2 Legal Bases

We process personal data in particular on the basis of:

  • Art. 6 (1) lit. a GDPR – consent
  • Art. 6 (1) lit. b GDPR – performance of a contract and pre-contractual measures
  • Art. 6 (1) lit. c GDPR – compliance with legal obligations
  • Art. 6 (1) lit. f GDPR – protection of legitimate interests

The use of cookies and similar technologies, such as local storage and pixels, is also governed by Section 25 of the Telecommunications Digital Services Data Protection Act (TDDDG).

5. Provision of the Website / Hosting via Shopify

5.1 Shopify as Platform

Our shop is operated on the Shopify platform. The service provider for customers in the EU is:

Shopify International Ltd.
Victoria Buildings, 2nd Floor
1-2 Haddington Road
Dublin 4
Ireland

Shopify processes data of our visitors, customers and prospective customers, such as IP address, browser information, pages visited, shopping cart contents and order data, on our behalf in order to provide, in particular, the following services:

  • provision of the shop platform
  • display of products, shopping cart and checkout
  • technical infrastructure and data storage
  • security functions, such as protection against misuse

Shopify may pass personal data on to other group companies, in particular Shopify Inc. in Canada and other affiliated companies. Data transfers to third countries are carried out on the basis of appropriate safeguards, such as standard contractual clauses, and, where applicable, on the basis of adequacy decisions by the European Commission.

The legal basis is Art. 6 (1) lit. b GDPR, performance of a contract, as well as our legitimate interest in operating a secure and efficient online shop, Art. 6 (1) lit. f GDPR.

5.2 Server Log Files

When our website is accessed, Shopify or the content delivery network (CDN) used automatically collects the following data:

  • IP address
  • date and time of access
  • accessed URL / file
  • referrer URL
  • browser type and version, operating system
  • error codes, where applicable

These log files are used for the technical provision, stability and security of the website, such as error analysis and defence against attacks.

The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the secure operation of our website.

6. Cookies, Similar Technologies and Consent Management

6.1 Use of Cookies and Similar Technologies

We use cookies and comparable technologies, such as local storage and pixel tags, on our website in order to:

  • provide basic shop functions, such as shopping cart, login and language settings
  • compile statistics and improve our shop
  • implement marketing and remarketing measures, such as Google Ads and Meta
  • better tailor content and offers to user interests

We distinguish between the following categories:

  1. Strictly necessary cookies
    e.g. for displaying the website, using the shopping cart, completing checkout and managing cookie settings.
  2. Statistics/analytics cookies
    e.g. Google Analytics 4, Matomo, Microsoft Clarity.
  3. Marketing/tracking cookies
    e.g. Meta Pixel (Facebook/Instagram), Google Ads remarketing, Klaviyo web tracking, Judge.me.

Strictly necessary cookies may be set without consent in accordance with Section 25 (2) TDDDG.
All other cookies are set only with your consent, Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR.

6.2 Consent Management via “consentmanager”

We use the consentmanager tool, a consent management platform, to obtain and manage your consent for cookies and similar technologies.

On your first visit, you will be asked via a banner which categories of data processing you would like to consent to. Your selection is stored in a cookie or in local storage so that the banner does not appear again on every page view.

You may withdraw or change your consent at any time with effect for the future via the settings in the consent banner or via a corresponding link, “Cookie Settings”.

The legal basis for processing by the consent tool is Art. 6 (1) lit. c GDPR, compliance with legal obligations in connection with Section 25 TDDDG, as well as our legitimate interest in user-friendly and legally compliant consent management, Art. 6 (1) lit. f GDPR.

In the consent banner, you will always find an up-to-date, detailed list of the cookies used, their purpose, storage period and provider.

7. Contacting Us: Contact Form, Email, Telephone, Chat

7.1 Contact Form

If you use our contact form, we process:

  • name
  • email address
  • additional information, where applicable, such as telephone number
  • content of your message

The purpose of processing is to handle your enquiry and, where applicable, to contact you to clarify open questions.

The legal basis is Art. 6 (1) lit. b GDPR, pre-contractual measures / customer enquiries, or Art. 6 (1) lit. f GDPR, our legitimate interest in good customer service.

7.2 Email and Telephone

If you contact us by email, such as service@roesch-fashion.com or info@roesch-fashion.com, or by telephone, the data you provide, such as name, contact details and content of the enquiry, will be processed in order to handle your enquiry.

The legal basis is Art. 6 (1) lit. b GDPR or lit. f GDPR, customer service and internal administration.

7.3 Chat Function and AI-Supported Chat via Shopify Inbox

We use the “Shopify Inbox” chat function on our website, a service provided by Shopify International Limited, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland, or by the Shopify group.

Via Shopify Inbox, you can contact us, ask questions about products, orders or our service, and receive support while shopping. If you actively use the chat function, the following personal data in particular may be processed:

  • content of your chat messages
  • date and time of communication
  • name, email address, telephone number or other information that you provide in the chat, where applicable
  • technical data, in particular IP address, device and browser information
  • information about your customer account or order, where applicable, if you are logged in or if this data is required to handle your enquiry
  • shopping cart contents or product-related information, where applicable, if this is required for advice or to answer your enquiry

Shopify Inbox may use AI-supported functions. In this context, an AI-supported chat assistant provided by Shopify may answer customer enquiries, handle product questions, provide product recommendations, support shopping, add items to the shopping cart or, if you are logged in, assist with retrieving order information. Personalised functions, in particular order enquiries, are only available if you are logged in.

For this purpose, the AI-supported chat assistant uses information from our shop, in particular product data, page content, shop policies and content provided by us. Your chat communication is processed in real time in order to generate responses. Shopify may also process customer data, including chat communication, in order to improve the quality of the Inbox agent over time. According to Shopify, customer data and chat communication are processed on a shop-specific basis and are not shared between different shops.

If an enquiry cannot be answered automatically, if you expressly wish to speak to an employee, or if personal handling is required, the conversation may be transferred to our employees. In this case, the previous chat history may be viewed and used for further processing.

When the AI-supported chat assistant is used, you will receive a notice in the chat stating that the chat is supported by Shopify and that you are communicating with AI. This notice is displayed automatically by Shopify.

Please do not transmit any special categories of personal data within the meaning of Art. 9 GDPR via the chat function, in particular no health data, information about religion, political opinions or other particularly sensitive information, unless this is strictly necessary for your enquiry.

Processing takes place to provide the chat function, answer your enquiries, support shopping, handle service and order enquiries, and improve our customer service.

The legal basis is Art. 6 (1) lit. b GDPR, insofar as the processing is necessary for carrying out pre-contractual measures or for the performance of a contract, in particular for questions about products, orders or returns. Otherwise, processing is carried out on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in efficient customer communication, improving our customer service and providing user-friendly shopping support. Where consent is required for individual functions, in particular for the use of non-technically necessary cookies or comparable technologies, processing is carried out on the basis of Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG.

Further information on data processing by Shopify can be found in Shopify’s privacy notices. Information on possible transfers to third countries in connection with Shopify can also be found in the “Third-Country Transfers” section of this Privacy Policy.

8. Customer Account and Registration

You can create a customer account in our shop, using new Shopify customer accounts, or place an order as a guest.

During registration, we process:

  • name
  • email address
  • password, hashed and not visible to us in plain text
  • billing and delivery addresses
  • order history

The data is used to manage your orders, process returns and complaints, and enable you to access your order history.

The legal basis is Art. 6 (1) lit. b GDPR.

Deletion of the customer account is currently possible via our customer service, for example by email. We will delete the account unless statutory retention obligations prevent us from doing so.

9. Orders in the Online Shop

9.1 Processing of Order Data

As part of an order, we process in particular:

  • title, name and company, where applicable
  • billing and delivery address
  • email address
  • optional: telephone number
  • ordered products, prices, discounts
  • selected shipping and payment method
  • time of order, order number
  • returns, complaints and credit notes, where applicable

Processing is carried out for the performance of the purchase contract, delivery of the goods, processing of payments and returns and, where applicable, the establishment, exercise or defence of legal claims.

The legal basis is Art. 6 (1) lit. b GDPR, performance of a contract, and Art. 6 (1) lit. c GDPR, statutory retention periods, for example under commercial and tax law.

9.2 Internal Systems: Accounting, Bookkeeping, Inventory Management

To process and manage orders, we use internal IT systems for inventory management, invoicing and accounting. In these systems, the data required for the respective purpose is processed, for example:

  • order numbers and transaction identifiers
  • invoice and booking data
  • master data, such as name and address, and payment information to the extent required

The legal basis is Art. 6 (1) lit. b and lit. c GDPR as well as our legitimate interest in efficient IT-supported processing, Art. 6 (1) lit. f GDPR.

10. Payment Processing

In our shop, the following payment methods in particular are available to you:

  • Shopify Payments, such as credit card and, where applicable, other local payment methods
  • Klarna, invoice, instalment purchase, instant bank transfer
  • PayPal
  • advance payment / bank transfer

Depending on the payment method selected, we transmit certain personal data to the respective payment service provider, for example:

  • name
  • billing address
  • email address
  • payment amount
  • order information
  • IP address and other technical data, where applicable

10.1 Shopify Payments

Payments by credit card and other payment methods are processed via Shopify Payments. Depending on the country, Shopify Payments works with external payment service providers.

The payment service providers use the data to process the payment and to prevent fraud and misuse. Creditworthiness or risk checks may be carried out, in particular for payment methods with payment guarantees.

The legal basis is Art. 6 (1) lit. b GDPR, performance of a contract, and Art. 6 (1) lit. f GDPR, fraud prevention and risk management.

10.2 Klarna: Invoice, Instalment Purchase, Sofort

If you use payment methods provided by Klarna Bank AB (publ), such as invoice, instalment purchase or Sofort bank transfer, your data, including name, address, email, IP address and order data, will be transmitted to Klarna. Klarna may obtain information from credit agencies and use its own scoring procedures to assess creditworthiness.

Please refer to Klarna’s Privacy Policy for details.

The legal basis is Art. 6 (1) lit. b GDPR, payment processing, and Art. 6 (1) lit. f GDPR, interest in protection against payment default.

10.3 PayPal

When paying via PayPal, your payment data is transmitted to:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22–24 Boulevard Royal
L-2449 Luxembourg

As part of its own review processes, such as creditworthiness and fraud prevention, PayPal may pass data on to credit agencies.

Please refer to PayPal’s Privacy Policy for details.

10.4 Advance Payment

When paying in advance, you independently transfer the invoice amount to our account. In this context, we only process the data required to allocate the payment to your order, such as name, IBAN and payment reference. No further use takes place.

11. Shipping, Logistics and Returns

11.1 Shipping Service Provider: DHL

For shipping your order, we use in particular:

  • DHL and affiliated companies, where applicable.

For this purpose, we transmit the following to the shipping service provider:

  • name
  • delivery address
  • email address and telephone number, where applicable, for shipping notifications
  • parcel contents in general form, such as product description for customs clearance, where required

The legal basis is Art. 6 (1) lit. b GDPR, performance of a contract, as well as our legitimate interest in efficient logistics, Art. 6 (1) lit. f GDPR.

11.2 Shipping Processing

For the creation of shipping labels and the organisation of parcel shipping, we use specialised logistics and shipping software connected to our internal systems and the shipping service providers. In this context, the data required to create shipping labels is processed, such as name, address and parcel data.

The legal basis is Art. 6 (1) lit. b GDPR.

11.3 Returns Portal: easyReturns

We process returns via a returns portal, such as easyReturns. Via the returns portal, the following data, among others, is processed:

  • order number
  • name
  • contact details, such as email address
  • returned items
  • reason for return, selected from options
  • optional: comments in the free-text field

No bank details are collected via the returns portal; refunds are generally made via the original payment method.

The legal basis is Art. 6 (1) lit. b GDPR, performance of a contract – reversal of the purchase contract.

12. Newsletter and Direct Advertising: Klaviyo

12.1 Newsletter Registration

We send newsletters, including for Rösch and Féraud, containing information about products, offers, trends, competitions and special promotions. For dispatch, we use a newsletter service provider, such as Klaviyo.

When you register, we process:

  • email address, mandatory information
  • additional voluntary information, where applicable
  • time and confirmation of registration, double opt-in

We use the double opt-in procedure: after registration, you will receive a confirmation link by email. Your registration is only completed once you click this link.

The legal basis for sending newsletters is your consent pursuant to Art. 6 (1) lit. a GDPR in conjunction with Section 7 UWG.

You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link in the newsletter or by sending a message to us or to our Data Protection Officer.

12.2 Personalised Newsletters and Tracking

In the newsletter system, we evaluate open, click and unsubscribe rates in order to optimise our newsletters and personalise content. For this purpose, tracking pixels and individual links may be included in the emails, enabling us to determine whether you opened an email and which links you clicked.

We may also segment newsletter content based on purchase history, click behaviour and known interests.

The legal basis is your consent, Art. 6 (1) lit. a GDPR.

13. Customer Reviews via Judge.me

13.1 Integration of Judge.me Review Functions

We use the “Judge.me” review service provided by Judge.me Ltd, c/o Buckworths, 1-3 Worship Street, London EC2A 2AB, United Kingdom, in our online shop.

With Judge.me, we can collect, manage and display product and shop reviews in our online shop. For this purpose, star ratings, review texts, customer feedback, review widgets, review summaries, review badges and voluntarily uploaded content such as photos or videos may be integrated.

When pages on which Judge.me functions are integrated are accessed, technical data may be processed, in particular IP address, browser and device information, date and time of page access, accessed URL, referrer URL and information about the displayed product or displayed review. This processing takes place in order to technically provide the review functions, display reviews correctly, prevent misuse and ensure the security of the review function.

The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the transparent presentation of customer reviews, building trust among shop visitors, quality assurance of our products and user-friendly presentation of our online shop.

Where cookies, pixels, local storage technologies or comparable technologies that are not technically required are used as part of the integration of Judge.me, this is done only on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR in conjunction with Section 25 (1) TDDDG. You may withdraw or change your consent at any time via our consent banner.

13.2 Submission and Publication of Reviews

If you voluntarily submit a review, the following data in particular may be processed:

  • name or display name
  • email address
  • review text
  • star rating
  • reviewed product or reviewed order
  • date and time of the review
  • technical data, in particular IP address and browser information
  • order information for verification of the review, where applicable
  • voluntarily uploaded photos or videos
  • other information that you voluntarily provide as part of the review

If your review is published, the name or display name you provided, the star rating, the review text, the reviewed product, the publication date and, where applicable, voluntarily uploaded photos or videos may be displayed publicly in our online shop.

Your review will be published only if you voluntarily submitted the review and had to expect publication or consented to it. Please do not provide sensitive personal data in reviews, in particular no health data, no information about religion, political opinions or other particularly sensitive information.

The legal basis for submitting and publishing voluntary reviews is Art. 6 (1) lit. a GDPR, insofar as you consent to publication. Where processing is required for verification, misuse prevention, quality assurance or the presentation of authentic customer reviews, it is also carried out on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in providing a transparent and reliable review system.

13.3 Review Requests by Email

After a purchase, we may send you an email asking you to review the purchased products or our shop, provided that you have consented to this or the legal requirements for such contact are met. Dispatch may take place via Judge.me.

For review requests, the following data in particular may be transmitted to Judge.me and processed there:

  • name
  • email address
  • order number or comparable order reference
  • purchased products
  • order date
  • shipping or delivery status
  • language, country and shop assignment
  • status of the review request, e.g. whether a request was sent, opened, clicked, unsubscribed from or skipped

The review request may contain an individual review link through which you can submit a review. Via this link, the review can be assigned to the respective order or product and marked as a verified review.

The legal basis for sending review requests is Art. 6 (1) lit. a GDPR, insofar as you have consented to this. Where contact is exceptionally permitted by law without separate consent, processing is carried out on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in obtaining authentic customer feedback, improving our products and services, and transparently presenting customer experiences. You may object to receiving further review requests at any time with effect for the future, in particular via an unsubscribe link in the respective email or by sending us a message.

13.4 Moderation, Verification and Misuse Prevention

We may review, moderate, respond to, label or remove reviews before or after publication where this is necessary for quality assurance, prevention of misuse, compliance with legal obligations or protection of our rights.

Judge.me may support us in assigning reviews to an order, labelling verified reviews, identifying spam or abusive content, and analysing technical errors. In this context, review data, order data, email address, IP address, technical usage data and review metadata in particular may be processed.

The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in ensuring a trustworthy, manipulation-resistant and legally compliant review system.

13.5 AI-Supported Functions of Judge.me

If activated, Judge.me may provide AI-supported functions for evaluating, summarising or displaying reviews. Published reviews may be analysed in order, for example, to display frequently mentioned topics, sentiments, keywords, brief summaries or highlighted review content.

The AI-supported functions generally relate to reviews that have already been published. They are intended to provide shop visitors with a quicker overview of existing customer feedback. The corresponding summaries or notes may be displayed in the review section of the online shop.

The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in user-friendly presentation of existing customer reviews, improving product selection and transparently presenting customer feedback. Where consent is required for individual AI-supported functions, processing is carried out on the basis of Art. 6 (1) lit. a GDPR.

13.6 Recipients, Third-Country Transfers and Further Information

Judge.me processes personal data on our behalf insofar as the data is transmitted to Judge.me via our shop or via our Shopify integration. A data processing agreement exists for this purpose.

As part of the provision of Judge.me, data may also be processed by subprocessors. Transfers to third countries, in particular to the United Kingdom, the USA or other countries outside the European Union or the European Economic Area, cannot be excluded. Where personal data is transferred to third countries, this is carried out on the basis of appropriate safeguards, in particular adequacy decisions, standard contractual clauses or comparable data protection mechanisms.

Further information on data processing by Judge.me can be found in Judge.me’s privacy notices.

14. Web Analytics and Usage Statistics

We use the following analytics and tracking services only if you have consented in the consent banner.

14.1 Google Analytics 4 (GA4)

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited.

Google processes usage data on our behalf, such as pages accessed, interactions, approximate location information, device and browser type. As a rule, we use GA4 with IP anonymisation, so that your IP address is shortened within the EU.

Google may transfer data to servers in third countries, in particular the USA. The rules of the EU-US Data Privacy Framework apply to certified companies, or appropriate safeguards are used.

The legal basis is your consent, Art. 6 (1) lit. a GDPR, Section 25 (1) TDDDG.

You may withdraw your consent at any time via our consent banner.

14.2 Matomo Cloud

We also use Matomo Cloud for web analytics. In this context, the following data, among others, is processed:

  • accessed pages/URLs
  • date and time of the visit
  • shortened IP address
  • browser and operating system used
  • referrer URL

Processing may take place with cookies or, depending on the configuration, in pseudonymised form. Matomo Cloud’s servers are generally located in the EU.

The legal basis is your consent, Art. 6 (1) lit. a GDPR, Section 25 (1) TDDDG.

14.3 Microsoft Clarity

We use Microsoft Clarity to analyse user behaviour on our website, such as click paths, mouse movements and heatmaps, and to improve our shop. So-called “session replays” may be recorded in this context.

Microsoft processes pseudonymous usage data; cookies may be set. Data may be transferred to servers in third countries, in particular the USA, with appropriate safeguards being used.

We use Clarity exclusively for UX and error analysis and not for creating individual marketing profiles.

The legal basis is your consent, Art. 6 (1) lit. a GDPR, Section 25 (1) TDDDG.

15. Marketing and Remarketing Services

These services are also used only if you have consented in the consent banner.

15.1 Meta Pixel: Facebook/Instagram

We use the Meta Pixel from Meta Platforms Ireland Ltd. to measure the effectiveness of our Facebook/Instagram advertisements, conversion tracking, and to classify users into target groups for advertisements, remarketing.

Meta may link the data collected via the pixel with your Facebook/Instagram account and also process it for its own purposes. For details, we refer to Meta’s privacy notices.

The legal basis is your consent, Art. 6 (1) lit. a GDPR, Section 25 (1) TDDDG.

You may withdraw your consent at any time via the consent banner and additionally adjust settings for interest-based advertising in your Facebook/Instagram account.

15.2 Google Ads: Conversion Tracking and Remarketing

We use Google Ads, including remarketing functions, to advertise our products via Google and the Google advertising network. In this context:

conversion cookies may be set to measure whether users make a purchase after clicking on an advertisement

remarketing cookies may be used to display targeted advertising to users who have visited our shop

The legal basis is your consent, Art. 6 (1) lit. a GDPR, Section 25 (1) TDDDG.

15.3 Klaviyo Web Tracking

In addition to sending emails, our newsletter service provider, such as Klaviyo, may record activities on our website, provided you have consented in the shop and corresponding scripts are integrated, such as opening pop-ups, clicking on newsletter forms and, where applicable, linking these activities to your newsletter profile.

This serves to improve our communication and send you relevant offers.

The legal basis is your consent, Art. 6 (1) lit. a GDPR, Section 25 (1) TDDDG.

15.4 Google Ads Customer Match

We use Google Ads Customer Match lists as part of our Google advertising activities. We use Google Ads Customer Match with your consent or within the scope of our legitimate interest pursuant to Art. 6 (1) lit. a and f GDPR. For the use of Customer Match, lists containing encrypted user data, such as names, email addresses, addresses, mobile advertiser IDs and customer-specific identifiers, are uploaded to Google. Google then compares whether the transmitted user data matches existing Google customers. This can be used to create target groups for the delivery of ads/campaigns. After the Customer Match lists have been created, the encrypted customer data is automatically deleted again. The providers therefore do not receive any new addresses.

The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google LLC, based in California, USA, has joined the EU-U.S. Data Privacy Framework and is certified accordingly.

You may object to this use by preventing the installation of cookies through the appropriate settings in your browser software, deactivation option. You may also adjust personalised advertising in your Google user account according to your preferences under the Privacy tab. To do so, log in to Google and go to “Manage your Google Account” and then to the “Data & privacy” section.

You can find out how Google uses or processes your data overall here:

https://policies.google.com/technologies/partner-sites

16. External Content: Google Maps

On individual pages, such as the contact page, we integrate Google Maps in order to provide you with an interactive map view.

Only when you consent to the display of external content in the consent banner or actively load the map will data such as your IP address and, where applicable, location data be transmitted to Google. Google may set cookies and use the data for its own purposes, such as improving services and statistical analysis.

The legal basis is your consent, Art. 6 (1) lit. a GDPR, Section 25 (1) TDDDG.

You may withdraw your consent at any time via the consent banner.

17. Fonts

To display our website, we use fonts that are integrated locally or via the Shopify CDN. According to the current configuration, no direct connection to Google Fonts servers takes place.

When the fonts are loaded, no personal data is therefore transmitted to Google.

18. Social Media Links

Our website contains links to our profiles on social networks, such as Facebook, Instagram and Pinterest. These are static links, icons, and not active social plugins, such as like buttons with direct data transfer.

Only when you click on the respective icon will a connection to the corresponding social network be established, and the privacy policies of the respective provider will apply.

19. Recipients of Personal Data

Within our company, only those departments that require your data to fulfil our contractual and legal obligations receive access to your data, such as sales, customer service, logistics, accounting and IT.

In addition, we disclose personal data to the following categories of recipients to the extent required:

  • providers of the shop platform and hosting service providers, such as Shopify
  • payment service providers and banks
  • shipping service providers and logistics companies
  • providers of returns and review portals
  • newsletter and marketing service providers
  • web analytics and tracking service providers
  • IT service providers who support us in operating and developing the shop
  • accounting and tax consulting service providers
  • other companies within our group of companies for internal administrative purposes, where applicable

Where we use service providers as processors, corresponding agreements pursuant to Art. 28 GDPR are in place.

20. Data Transfers to Third Countries

Some of the service providers mentioned above are based in or also process data in so-called third countries outside the EU/EEA, in particular the USA, Canada and New Zealand.

In these cases, where required, we ensure that an adequate level of data protection is in place, for example through:

  • adequacy decisions by the European Commission, such as the EU-US Data Privacy Framework and certain countries
  • the conclusion of standard contractual clauses of the European Commission
  • additional technical and organisational measures

Details on the transfer mechanisms used can be found in the privacy policies of the respective service providers.

21. Storage Period

We store personal data only for as long as is necessary for the purposes stated or as required by statutory retention periods.

Typical periods are:

  • Contract and order data: 6 or 10 years after the end of the calendar year in which the contract was fulfilled, retention periods under commercial and tax law.
  • Customer account data: until deletion of the account; certain data may also be archived beyond this in accordance with statutory periods.
  • Newsletter data: until you withdraw your consent; evidence of consent and withdrawal may be stored for up to 3 further years for accountability reasons.
  • Contact enquiries: generally 3 years after completion of processing, unless they lead to contractual relationships.
  • Tracking/cookies: according to the storage period stated in the consent banner.

22. Your Rights as a Data Subject

Under the GDPR, you have the following rights with regard to personal data concerning you:

  • access, Art. 15 GDPR
  • rectification, Art. 16 GDPR
  • erasure, Art. 17 GDPR, provided that no statutory retention obligations prevent this
  • restriction of processing, Art. 18 GDPR
  • data portability, Art. 20 GDPR
  • objection to certain processing, Art. 21 GDPR
  • withdrawal of consent given, with effect for the future, Art. 7 (3) GDPR

To exercise your rights, you may contact us or our Data Protection Officer at any time, using the contact details above.

23. Right to Object under Art. 21 GDPR

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data that we carry out on the basis of Art. 6 (1) lit. f GDPR, legitimate interests.

This applies in particular to:

  • direct advertising
  • profiling, insofar as it is connected with such direct advertising
  • statistical evaluations based on legitimate interests

If you object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

24. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you violates the GDPR.

The supervisory authority responsible for us in particular is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW)
Königstraße 10a
70173 Stuttgart
Germany

However, you may also contact any other competent supervisory authority.

25. No Obligation to Provide Data / No Automated Decision-Making

The provision of your personal data is generally not required by law for visiting our website. However, for orders, setting up a customer account or using certain functions, such as newsletter or returns portal, some information is required in order to provide the respective service.

We do not use any solely automated decision-making within the meaning of Art. 22 GDPR that has legal effects concerning you or similarly significantly affects you. Creditworthiness checks by payment service providers, such as Klarna, are carried out under the responsibility of those providers.

26. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy if the legal situation, our data processing processes or the services used change. The current version is available on our website at all times.