1. CONTROLLER

1.1 The controller in terms of the General Data Protection Regulation (GDPR) is Schott-RP GmbH, Odenthaler Straße 2, 51515 Kürten, Germany.

1.2 Contact details of the controller are: Email: support@heimweh-home.de, Phone: +49 151 6100 1106.

1.3 Further company information: Website: www.heimweh-home.de, Managing Director: Marvin Schott.

2. GENERAL NOTES ON DATA PROCESSING

2.1 The protection of your personal data is important to us, and we process personal data exclusively in compliance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

2.2 Personal data means any information relating to an identified or identifiable natural person.

2.3 This privacy policy informs you about a) what data we collect, b) for what purposes we process it, c) on what legal basis this occurs, d) how long the data is stored, and e) what rights you have.

3. DATA PROCESSING WHEN VISITING OUR WEBSITE

3.1 When you access our website, information is automatically transmitted by your device's browser to our server.

3.2 The following data, in particular, are processed: a) IP address, b) date and time of access, c) browser used, d) operating system, e) referrer URL, f) pages visited, and g) device type.

3.3 This data is stored in so-called server log files.

3.4 Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interest in a) the technical stability of the website, b) system security, and c) preventing misuse.

4. HOSTING AND SHOP SYSTEM (SHOPIFY)

4.1 Our online shop is operated via Shopify.

4.2 The provider is Shopify International Limited, Victoria Buildings, 1–2 Haddington Road, Dublin 4, Ireland.

4.3 When you visit our online shop, personal data is processed by Shopify, in particular a) IP address, b) device information, c) browser data, d) interactions in the shop, and e) order information.

4.4 Shopify provides the technical infrastructure of the shop.

4.5 Data processing is carried out on the basis of a) Art. 6 para. 1 lit. b GDPR (performance of contract) and b) Art. 6 para. 1 lit. f GDPR (legitimate interest in operating our online shop).

5. ORDERING IN THE ONLINE SHOP

5.1 If you place an order in our shop, we process personal data for the purpose of executing the contract.

5.2 The following data may be processed: a) name, b) billing address, c) delivery address, d) email address, e) phone number, f) order data, g) payment information, and h) IP address.

5.3 Processing is carried out for a) contract execution, b) order processing, c) delivery of goods, and d) communication about orders.

5.4 The legal basis is Art. 6 para. 1 lit. b GDPR.

6. PAYMENT PROCESSING

6.1 Depending on the chosen payment method, payment data is transmitted to the respective payment service providers.

6.2 The following payment methods are available in our shop: a) PayPal, b) Klarna, c) credit card, d) Apple Pay, e) Google Pay, f) Shop Pay, and g) bank transfer.

6.3 Payment data is processed directly by the respective payment provider.

6.4 Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (performance of contract).

6.5 Depending on the payment method, the payment provider may conduct a credit check.

7. SHIPPING SERVICE PROVIDERS

7.1 To deliver the ordered goods, we transmit the necessary data to shipping service providers.

7.2 The shipping companies used are a) DHL, b) DPD, and c) GLS.

7.3 The data that may be transmitted includes, in particular, a) name, b) delivery address, c) possibly telephone number, and d) order information.

7.4 The transfer is solely for the purpose of carrying out the delivery.

7.5 The legal basis is Art. 6 para. 1 lit. b GDPR.

8. CUSTOMER ACCOUNT

8.1 You have the option to create a customer account.

8.2 The following data is processed: a) name, b) email address, c) password (stored encrypted), d) order history, and e) address data.

8.3 The customer account particularly enables you to a) place faster orders, b) view orders, and c) manage your data.

8.4 The legal basis is Art. 6 para. 1 lit. b GDPR.

9. CONTACT

9.1 If you contact us, for example by email or phone, your details will be processed to handle your request.

9.2 The following data may be processed: a) name, b) email address, c) phone number, d) order number, and e) message.

9.3 The legal basis is Art. 6 para. 1 lit. b GDPR or Art. 6 para. 1 lit. f GDPR.

10. NEWSLETTER AND MARKETING

10.1 If you subscribe to our newsletter, we use your email address to send you information about products, promotions, and offers.

10.2 The newsletter is sent via the service provider Klaviyo.

10.3 Subscription is done via a double opt-in procedure.

10.4 The following data is logged in particular: a) IP address and b) date and time of subscription.

10.5 The legal basis is Art. 6 para. 1 lit. a GDPR (consent).

10.6 You can unsubscribe from the newsletter at any time.

11. ANALYTICS AND MARKETING TOOLS

11.1 We use various tracking and marketing tools to analyze and optimize our online shop.

11.2 These include, in particular, a) Google Analytics, b) Meta Pixel (Facebook and Instagram), c) TikTok Pixel, d) Pinterest Tag, and e) Google Ads Conversion Tracking.

11.3 These tools use cookies or similar technologies.

11.4 Processing is carried out exclusively on the basis of your consent via our cookie banner.

11.5 The legal basis is Art. 6 para. 1 lit. a GDPR.

12. DATA TRANSFER TO THIRD COUNTRIES

12.1 Some of the services and providers we use may transfer personal data to countries outside the European Union or the European Economic Area, in particular to the United States of America (USA).

12.2 Such transfers may occur, for example, when using services such as Shopify, Google, Meta (Facebook and Instagram), TikTok, Pinterest, or Klaviyo.

12.3 For data transfers to third countries, we ensure that an adequate level of data protection is guaranteed.

12.4 This is done in particular by concluding so-called standard contractual clauses of the European Commission in accordance with Art. 46 GDPR or by other appropriate safeguards within the meaning of the General Data Protection Regulation.

12.5 Further information on the respective data protection measures of the providers used can be found in the privacy policies of the respective providers.

13. COOKIES

13.1 Our website uses cookies.

13.2 Cookies are small text files that are stored on your device.

13.3 We use cookies in particular for a) technical functionality, b) analysis, c) marketing, and d) personalization.

13.4 The management of your consent is carried out via our Consent Manager.

14. CONSENT MANAGEMENT

14.1 We use Shopify Consent Mode to manage your cookie consents.

14.2 This allows you to individually decide which cookies may be set.

15. SOCIAL MEDIA

15.1 We maintain profiles on the following platforms: a) Instagram, b) TikTok, c) Pinterest, d) Facebook, and e) YouTube.

15.2 If you visit these pages, the privacy policies of the respective providers apply.

15.3 The platform operators may collect data about your usage behavior.

16. CONTESTS AND PROMOTIONS

16.1 If you participate in contests, we process the data you provide exclusively for the purpose of conducting the contest.

16.2 This may include, in particular, the following data: a) name, b) email address, and c) possibly address.

16.3 The legal basis is Art. 6 para. 1 lit. b GDPR.

17. STORAGE DURATION

17.1 We store personal data only for as long as necessary for the respective purpose.

17.2 In addition, legal retention periods apply, in particular a) commercial law retention obligations and b) tax law retention obligations.

17.3 These generally amount to up to 10 years.

18. YOUR RIGHTS

18.1 You have the following rights: a) right of access, b) right to rectification, c) right to erasure, d) right to restriction of processing, e) right to data portability, f) right to object, and g) right to withdraw consent.

18.2 To exercise your rights, please contact: support@heimweh-home.de.

19. RIGHT TO COMPLAIN

19.1 You have the right to lodge a complaint with a data protection supervisory authority.

19.2 The competent authority is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia.