Privacy Policy
PRIVACY POLICY
1) INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE RESPONSIBLE PARTY
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data means any data that can be used to identify you personally.
1.2 The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Lily & Rose. The “responsible party” is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (for example, orders or inquiries sent to the responsible party), this website uses SSL/TLS encryption. You can recognize an encrypted connection by “https://” and the lock symbol in your browser’s address bar.
2) DATA COLLECTION WHEN VISITING OUR WEBSITE
If you use our website for informational purposes only (meaning you do not register or otherwise provide us with information), we collect only the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary to display the website to you:
-
The website you visited on our site
-
Date and time of access
-
Amount of data transmitted (in bytes)
-
Source/referrer from which you came to the site
-
Browser used
-
Operating system used
-
IP address (if applicable, in anonymized form)
Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not shared or used for other purposes. However, we reserve the right to review the server log files later if there are concrete indications of unlawful use.
3) COOKIES
To make visiting our website attractive and to enable the use of certain features, we use cookies on various pages. Cookies are small text files stored on your device.
Some of the cookies we use are deleted after your browser session ends (that is, when you close your browser) (so-called “session cookies”). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser the next time you visit (“persistent cookies”). When cookies are set, they collect and process certain user information to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
In some cases, cookies help simplify the ordering process by saving settings (for example, remembering the contents of a virtual shopping cart for a later visit). If any cookies we implement process personal data, processing takes place pursuant to Art. 6(1)(b) GDPR for the performance of a contract, or pursuant to Art. 6(1)(f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly, effective website experience.
We may work with advertising partners who help make our online offering more interesting for you. For this purpose, when you visit our website, cookies from partner companies may also be stored on your hard drive (third-party cookies). If we work with such advertising partners, you will be informed individually and separately in the sections below about the use of these cookies and the scope of information collected.
You can set your browser so that you are informed about the use of cookies and can decide individually whether to accept them, or you can exclude the acceptance of cookies for certain cases or generally. Each browser manages cookie settings differently. This is described in each browser’s help menu, which explains how you can change your cookie settings. You can find this information at the links below:
-
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manag e-cookies
-
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
-
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
-
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that if you do not accept cookies, the functionality of our website may be limited.
4) CONTACTING US
When you contact us (for example, via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective form. This data is stored and used exclusively for the purpose of responding to your request and for contacting you, as well as for the related technical administration.
The legal basis for processing is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at entering into a contract, the additional legal basis is Art. 6(1)(b) GDPR.
Your data will be deleted after your request has been fully processed, provided it can be concluded from the circumstances that the matter has been conclusively clarified and there are no statutory retention obligations requiring otherwise.
5) DATA PROCESSING WHEN CREATING A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING
Pursuant to Art. 6(1)(b) GDPR, personal data is also collected and processed when you provide it to us for the performance of a contract or when creating a customer account. Which data is collected can be seen from the respective input forms.
You may delete your customer account at any time by sending a message to the address of the responsible party listed above. We store and use the data you provide to process the contract. After full performance of the contract or deletion of your customer account, your data will be restricted in accordance with tax and commercial retention periods and deleted after those periods expire, unless you have expressly consented to further use of your data or we have reserved legally permitted further data use, about which we will inform you below.
6) USE OF YOUR DATA FOR DIRECT ADVERTISING
6.1 Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only required information for receiving the newsletter is your email address. Providing additional data is optional and is used to address you personally.
We use the double opt-in procedure. This means we will only send you a newsletter after you have expressly confirmed that you consent to receiving it. We will send you a confirmation email asking you to confirm via a link that you wish to receive newsletters in the future.
By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6(1)(a) GDPR. When you register for the newsletter, we store your IP address entered by your internet service provider (ISP), as well as the date and time of registration, in order to be able to trace possible misuse of your email address later.
The data collected when subscribing to the newsletter is used exclusively for advertising purposes via the newsletter. You can unsubscribe at any time using the link provided in the newsletter or by sending a message to the responsible party listed above. After unsubscribing, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve further legally permitted data use, about which we inform you in this policy.
6.2 Sending the Email Newsletter to Existing Customers
If you provided your email address when purchasing goods or services, we reserve the right to send you regular offers by email for similar goods or services from our range. No separate consent is required for this. Data processing is based solely on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR.
If you initially objected to the use of your email address for this purpose, we will not send such emails. You may object to the use of your email address for advertising purposes at any time with effect for the future by notifying the responsible party named at the beginning of this policy. You will only incur transmission costs according to basic rates. Once your objection is received, the use of your email address for advertising purposes will be stopped immediately.
7) DATA PROCESSING FOR ORDER FULFILLMENT
7.1 The personal data we collect is passed on to the shipping company commissioned with delivery to the extent necessary to deliver the goods. We pass your payment data on to the commissioned credit institution as part of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we explicitly inform you of this below. The legal basis for the transfer of data is Art. 6(1)(b) GDPR.
7.2 Use of Payment Service Providers
PayPal
If you pay via PayPal, credit card via PayPal, direct debit via PayPal, or, if offered, “purchase on account” or “installment payment” via PayPal, we provide your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) as part of payment processing. The transfer is carried out pursuant to Art. 6(1)(b) GDPR and only insofar as necessary for payment processing.
PayPal reserves the right, for the payment methods credit card via PayPal, direct debit via PayPal, or, if offered, “purchase on account” or “installment payment” via PayPal, to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies pursuant to Art. 6(1)(f) GDPR based on PayPal’s legitimate interest in determining your ability to pay.
PayPal uses the result of the credit check regarding the statistical probability of payment default to decide whether to provide the respective payment method. The credit check may contain probability values (so-called score values). If score values are included in the credit check result, they are based on a scientifically recognized mathematical-statistical procedure. Address data may be included in the calculation of score values, among other factors.
Further data protection information, including information about the credit agencies used, can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You may object to this processing of your data at any time by contacting PayPal. However, PayPal may still be entitled to process your personal data insofar as this is necessary for contractually compliant payment processing.
SOFORT
If you select “SOFORT” as your payment method, payment processing is carried out via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (“SOFORT”). We transfer the information you provided during the ordering process, along with information about your order, to SOFORT pursuant to Art. 6(1)(b) GDPR.
SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is transferred exclusively for the purpose of processing payment with SOFORT and only to the extent necessary. Further information about SOFORT’s data protection provisions can be found at:
https://www.klarna.com/sofort/datenschutz
8) CONTACT FOR REVIEW REMINDER
Internal review reminder (no dispatch through a customer review system)
We use your email address to send you a one-time reminder to submit a review of your order for the review system we use, provided you have given us your express consent during or after your order pursuant to Art. 6(1)(a) GDPR.
You may revoke your consent at any time by sending a message to the party responsible for data processing.
9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS
9.1 Facebook Plugins Using the Shariff Solution
Any additional customs clearance costs and/or import duties are not included in the price and must be paid by the customer.
Our website uses so-called social plugins (“plugins”) from the Facebook social network, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”).
To increase the protection of your data when visiting our website, these buttons are not integrated as full plugins, but only via an HTML link. This type of integration ensures that when you access a page on our website that contains such buttons, no connection to Facebook servers is established yet. When you click the button, a new browser window opens and loads the Facebook page, where you can (if necessary, after entering your login data) interact with the plugins there.
Facebook Inc., headquartered in the USA, is certified under the “Privacy Shield” framework, which ensures compliance with the level of data protection applicable in the EU.
For the purpose and scope of data collection and Facebook’s further processing and use of the data, as well as your related rights and settings options to protect your privacy, please refer to Facebook’s privacy policy:
https://www.facebook.com/policy.php
9.2 Google+ Plugins Using the Shariff Solution
Our website uses social plugins (“plugins”) from the Google+ social network, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
To increase the protection of your data when visiting our website, these buttons are not integrated as full plugins, but only via an HTML link. This ensures that when you access a page that contains such buttons, no connection to Google+ servers is established yet. When you click the button, a new browser window opens and loads the Google+ page, where you can (if necessary, after entering your login data) interact with the plugins there.
Google LLC, headquartered in the USA, is certified under the “Privacy Shield” framework, which ensures compliance with the level of data protection applicable in the EU.
For the purpose and scope of data collection and Google’s further processing and use of the data, as well as your related rights and settings options, please refer to Google’s privacy policy:
https://www.google.com/intl/de/policies/privacy/
9.3 Instagram Plugin Using the Shariff Solution
Our website uses social plugins (“plugins”) from the online service Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”).
To increase the protection of your data when visiting our website, these buttons are not integrated as full plugins, but only via an HTML link. This ensures that when you access a page that contains such buttons, no connection to Instagram servers is established yet. When you click the button, a new browser window opens and loads the Instagram page, where you can (if necessary, after entering your login data) interact with the plugins there.
Instagram LLC, headquartered in the USA, is certified under the “Privacy Shield” framework, which ensures compliance with the level of data protection applicable in the EU.
For the purpose and scope of data collection and Instagram’s further processing and use of the data, as well as your related rights and settings options, please refer to Instagram’s privacy policy:
https://help.instagram.com/155833707900388/
10) ONLINE MARKETING
10.1 DoubleClick by Google
This website uses the online marketing tool DoubleClick by Google, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“DoubleClick”).
DoubleClick uses cookies to show users relevant ads, improve campaign performance reports, or prevent users from seeing the same ads multiple times. Google uses a cookie ID to track which ads are displayed in which browser and can thus prevent them from being shown multiple times. Processing is based on our legitimate interest in the optimal marketing of our website pursuant to Art. 6(1)(f) GDPR.
DoubleClick can also use cookie IDs to record so-called conversions related to ad requests. This happens, for example, when a user sees a DoubleClick ad and later visits the advertiser’s website using the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence over the scope and further use of the data collected by Google through this tool and therefore inform you based on our knowledge: by integrating DoubleClick, Google receives the information that you accessed the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or not logged in, it is possible that the provider may learn and store your IP address.
If you want to object to this tracking procedure, you can disable conversion tracking cookies by setting your browser to block cookies from the domain www.googleadservices.com (https://www.google.de/settings/ads). This setting is deleted if you delete your cookies. Alternatively, you can learn about cookies and manage settings through the Digital Advertising Alliance at www.aboutads.info. You can also configure your browser to inform you about cookies and allow you to decide individually whether to accept them, or to exclude acceptance for certain cases or generally. If you do not accept cookies, the functionality of our website may be limited.
Google LLC, headquartered in the USA, is certified under the “Privacy Shield” framework, which ensures compliance with the level of data protection applicable in the EU.
More information about DoubleClick by Google’s data protection provisions can be found at:
https://www.google.de/policies/privacy/
10.2 Use of Google AdWords Conversion Tracking
This website uses the online advertising program “Google AdWords” and, as part of Google AdWords, conversion tracking by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use Google AdWords to draw attention to our attractive offers on external websites using advertising materials (so-called Google AdWords ads). Based on the data from ad campaigns, we can determine how successful individual advertising measures are. This serves our interest in showing you ads that are relevant to you, making our website more interesting, and ensuring a fair calculation of advertising costs.
The conversion tracking cookie is set when a user clicks on an AdWords ad placed by Google. Cookies are small text files stored on your computer system. These cookies typically expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked the ad and was redirected to that page.
Each AdWords customer receives a different cookie. Cookies therefore cannot be tracked across the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that would personally identify users.
If you do not want to participate in tracking, you can block this use by disabling the Google conversion tracking cookie in your browser under user settings. You will then not be included in conversion tracking statistics.
We use Google AdWords based on our legitimate interest in targeted advertising pursuant to Art. 6(1)(f) GDPR.
Google LLC, headquartered in the USA, is certified under the “Privacy Shield” framework, which ensures compliance with the level of data protection applicable in the EU.
Further information about Google’s data protection provisions can be found at:
https://www.google.de/policies/privacy/
You can permanently disable cookies for ad preferences by preventing them via your browser settings or by downloading and installing the browser plug-in available at:
https://www.google.com/settings/ads/plugin?hl=de
Please note that certain functions of this website may not be available or may be limited if you disable cookies.
11) WEB ANALYTICS SERVICES
Google (Universal) Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies, which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server in the USA and stored there.
This website uses Google Analytics only with the extension “_anonymizeIp()”, which ensures anonymization of the IP address by shortening it and excludes direct personal identification. Through this extension, your IP address is shortened by Google within EU Member States or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. In these exceptional cases, processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide us with other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; however, please note that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting and processing the data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plug-in available at:
https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plug-in, or within browsers on mobile devices, please click the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in the future (this opt-out cookie works only in this browser and only for this domain; if you delete your cookies in this browser, you must click this link again): Disable Google Analytics
Google LLC, headquartered in the USA, is certified under the “Privacy Shield” framework, which ensures compliance with the level of data protection applicable in the EU.
This website also uses Google Analytics for cross-device analysis of visitor flows carried out via a user ID. When a page is first accessed, the user is assigned a unique, permanent, anonymized ID that is set across devices. This makes it possible to associate interaction data from different devices and sessions with a single user. The user ID does not contain personal data and does not transmit such data to Google.
You may object to the collection and storage via the user ID at any time with effect for the future. To do this, you must disable Google Analytics on all systems you use, for example in another browser or on your mobile device.
You can disable Google Analytics using Google’s browser plug-in:
https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plug-in, or within browsers on mobile devices, click the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in the future (this opt-out cookie works only in this browser and only for this domain; if you delete your cookies in this browser, you must click this link again): Disable Google Analytics
More information on Universal Analytics can be found here:
https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376
12) RETARGETING / REMARKETING / REFERRAL ADVERTISING
Facebook Custom Audiences via Pixel
This website uses the “Facebook Pixel” from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). If you give explicit consent, this allows tracking of users’ behavior after they have viewed or clicked a Facebook ad. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising measures.
The data collected is anonymous to us and does not allow us to draw conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with Facebook’s data use policy:
https://www.facebook.com/about/privacy/
You can allow Facebook and its partners to show ads on and outside Facebook. A cookie may also be stored on your computer for these purposes. These processing operations are carried out only with explicit consent pursuant to Art. 6(1)(a) GDPR.
Consent to use the Facebook Pixel may only be given by users who are at least 13 years old. If you are younger, please ask your parent or guardian for permission.
Facebook Inc., headquartered in the USA, is certified under the “Privacy Shield” framework, which ensures compliance with the level of data protection applicable in the EU.
To disable the use of cookies on your computer, you can configure your internet browser so that no cookies are stored in the future or so that existing cookies are deleted. Disabling all cookies may prevent some functions of our website from working.
You can also disable cookies from third-party providers such as Facebook via the Digital Advertising Alliance website:
https://www.aboutads.info/choices/
Google AdWords Remarketing
Our website uses Google AdWords Remarketing functions. We use them to advertise this website in Google search results and on third-party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For this purpose, Google sets a cookie in your device’s browser that automatically enables interest-based advertising based on a pseudonymous cookie ID and the pages you have visited. Processing is based on our legitimate interest in the optimal marketing of our website pursuant to Art. 6(1)(f) GDPR.
Further data processing only takes place if you have agreed with Google that your web and app browsing history will be linked to your Google account and that information from your Google account may be used to personalize ads you see on the web. If you are logged into Google while visiting our website, Google uses your data together with Google Analytics data to create and define target audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to form target groups.
You can permanently disable cookies for ad preferences by downloading and installing the browser plug-in available at:
https://www.google.com/settings/ads/onweb/
Alternatively, you can learn about cookies and manage settings through the Digital Advertising Alliance at www.aboutads.info. You can also configure your browser to inform you about cookies and allow you to decide individually whether to accept them, or to exclude acceptance for certain cases or generally. If you do not accept cookies, the functionality of our website may be limited.
Google LLC, headquartered in the USA, is certified under the “Privacy Shield” framework, which ensures compliance with the level of data protection applicable in the EU.
Further information and Google’s privacy policy regarding advertising can be found at:
https://www.google.com/policies/technologies/ads/
13) RIGHTS OF THE DATA SUBJECT
13.1 Applicable data protection law grants you extensive rights regarding the processing of your personal data. We inform you about these rights below:
-
Right of access (Art. 15 GDPR): You have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients, the planned storage period or criteria for determining that period, the existence of rights to rectification, erasure, restriction of processing, objection, and the right to lodge a complaint with a supervisory authority, the source of your data (if not collected from you), the existence of automated decision-making including profiling, and meaningful information about the logic involved and the significance and envisaged consequences for you, as well as your right to be informed about safeguards pursuant to Art. 46 GDPR when your data is transferred to third countries.
-
Right to rectification (Art. 16 GDPR): You have the right to request the immediate correction of inaccurate personal data and/or completion of incomplete data stored by us.
-
Right to erasure (Art. 17 GDPR): You have the right to request deletion of your personal data if the requirements of Art. 17(1) GDPR are met. This right does not apply in particular where processing is necessary to exercise the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
-
Right to restriction of processing (Art. 18 GDPR): You have the right to request restriction of processing of your personal data while the accuracy of your data is being verified, if you refuse deletion due to unlawful processing and request restriction instead, if you need your data for legal claims after we no longer need it for the purpose, or if you have objected due to your particular situation while it is being determined whether our legitimate grounds override yours.
-
Right to notification (Art. 19 GDPR): If you have asserted a right to rectification, erasure, or restriction of processing, we must inform all recipients to whom your data has been disclosed of the correction, deletion, or restriction, unless this is impossible or involves disproportionate effort. You have the right to be informed about those recipients.
-
Right to data portability (Art. 20 GDPR): You have the right to receive your personal data that you provided to us in a structured, commonly used, machine-readable format, or to request transfer to another controller where technically feasible.
-
Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw consent at any time with effect for the future. Upon withdrawal, we will delete the affected data without undue delay unless further processing can be based on another legal basis. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
-
Right to lodge a complaint (Art. 77 GDPR): If you believe that processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.
13.2 Right to Object
If we process your personal data based on our overriding legitimate interests (balancing of interests), you have the right to object at any time, on grounds relating to your particular situation, with effect for the future.
If you exercise your right to object, we will stop processing the relevant data. Further processing may remain reserved if we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if processing serves the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. You can exercise the objection as described above.
If you object, we will stop processing your personal data for direct marketing purposes.
14) DURATION OF STORAGE OF PERSONAL DATA
The duration of storage of personal data is determined by the respective statutory retention period (for example, retention periods under commercial and tax law). After the period expires, the relevant data will routinely be deleted, provided it is no longer required for contract performance or contract initiation and/or we no longer have a legitimate interest in continued storage.