Privacy Policy

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 Introduction

We are pleased that you are visiting our website and thank you for your interest. The following information informs you about the handling of your personal data when using our website. Personal data refers to all data with which you can be personally identified.

1.2 Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Lais Morgenthal
Make-Unique
Alma-Rogge Straße 10
28816 Stuhr, Germany
Tel.: +49 176 23930525
Email: lais.morgenthal16@gmail.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 Server Log Files

When you use our website for informational purposes only, without registering or otherwise transmitting information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary to display the website:

  • Our visited website

  • Date and time of access

  • Amount of data sent in bytes

  • Source/reference from which you accessed the site

  • Browser used

  • Operating system used

  • IP address used (if applicable, in anonymized form)

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used in any other way. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.

2.2 SSL/TLS Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries). You can recognize an encrypted connection by the "https://" prefix and the lock symbol in your browser bar.

3) Hosting & Content Delivery Network

Shopify

For hosting our website and displaying the page content, we use the system of the following provider:

Shopify International Limited
Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to:

Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors' data and prohibiting unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

To make our website attractive and enable certain functions, we use cookies. These are small text files stored on your device. Some cookies are deleted when you close your browser ("session cookies"), while others remain stored longer and allow us to save settings ("persistent cookies"). The storage duration can be found in your browser's cookie settings.

If personal data is processed by cookies, processing is based on:

  • Art. 6 (1) lit. b GDPR (contract fulfillment)

  • Art. 6 (1) lit. a GDPR (consent)

  • Art. 6 (1) lit. f GDPR (legitimate interest in website functionality and usability)

You can configure your browser to inform you about cookie settings and individually decide whether to accept them or to generally exclude them. Please note that disabling cookies may limit website functionality.

5) Contacting Us

When you contact us (e.g., via contact form or email), personal data is processed solely for handling and responding to your request.

Legal basis:

  • Art. 6 (1) lit. f GDPR (legitimate interest in responding to inquiries)

  • Art. 6 (1) lit. b GDPR (contract-related inquiries)

Your data will be deleted when it is no longer necessary, unless legal retention periods apply.

6) Comment Function

When using the comment function on this website, your comment, the time of its creation, and your chosen commentator name are stored and published. Your IP address is also recorded and stored for security reasons and to prevent illegal activity.

Your email address is required to contact you in case of legal complaints about your comment.

Legal basis:

  • Art. 6 (1) lit. b and f GDPR

We reserve the right to delete comments if they are legally disputed.

7) Use of Customer Data for Direct Marketing

7.1 Email Newsletter Subscription

If you subscribe to our newsletter, we will send you regular information about our offers. The only required information is your email address. Providing additional data is voluntary and allows us to address you personally.

We use the "double opt-in" process to ensure consent. You must confirm your subscription via a verification link sent to your email.

Legal basis:

  • Art. 6 (1) lit. a GDPR (consent)

You can unsubscribe anytime via the link in the newsletter or by contacting us. Upon unsubscribing, your email address will be removed unless further use is permitted by law.

7.2 Klaviyo

Our newsletter is sent via:

Klaviyo, Inc.
125 Summer St., Ste 600, Boston, MA 02110, USA

Based on our legitimate interest in effective email marketing, we share your data with this provider per Art. 6 (1) lit. f GDPR.

With your explicit consent (Art. 6 (1) lit. a GDPR), Klaviyo tracks newsletter performance using web beacons or tracking pixels.

We have concluded a data processing agreement with Klaviyo to protect our visitors' data.

For data transfers to the USA, Klaviyo complies with the EU-US Data Privacy Framework.

7.3 SMS Marketing

You can subscribe to SMS notifications for updates, promotions, and order information. The required data is your phone number; providing additional data is voluntary.

We use the "double opt-in" process to ensure consent.

Legal basis:

  • Art. 6 (1) lit. a GDPR (consent)

You can unsubscribe anytime by contacting us. Upon unsubscribing, your phone number will be removed unless further use is permitted by law.

8) Data Processing for Order Handling

8.1 To the extent necessary for contract execution for delivery and payment purposes, the personal data we collect will be transmitted to the commissioned transport company and the commissioned credit institution in accordance with Article 6(1)(b) GDPR.

If, based on a corresponding contract, we owe you updates for goods with digital elements or for digital products, we will process the contact data you provided during the order (name, address, email address) to personally inform you via an appropriate communication channel (e.g., postal mail or email) about upcoming updates within the legally prescribed period, in accordance with Article 6(1)(c) GDPR. Your contact data will be strictly used for notifications about updates owed by us and will only be processed to the extent necessary for this purpose.

To process your order, we also cooperate with the following service provider(s) who support us in fulfilling concluded contracts in whole or in part. Certain personal data will be transmitted to these service providers as outlined below.

8.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We will transmit your name and delivery address, and, if necessary for delivery, your phone number, exclusively for the purpose of goods delivery in accordance with Article 6(1)(b) GDPR to a shipping partner selected by us.

8.3 Use of Payment Service Providers

  • Amazon Pay

One or more online payment methods from the following provider are available on this website: Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg.

If you choose a payment method from the provider that requires an advance payment (such as credit card payment), your payment data (including name, address, bank and card details, currency, and transaction number) as well as order content details will be shared with the provider in accordance with Article 6(1)(b) GDPR. Your data will only be shared to the extent necessary for payment processing.

  • Google Pay

If you select "Google Pay" as your payment method, provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment is processed via the "Google Pay" application on your Android device (version 4.4 or later) with NFC functionality, charging a payment card stored in Google Pay or another verified payment method (e.g., PayPal). Payments over €25 require prior device unlocking via facial recognition, password, fingerprint, or pattern.

For payment processing, the order details are transmitted to Google. Google then transmits the stored payment details in the form of a unique transaction number to the originating website to verify the payment. This transaction number does not contain real payment data but is generated and transmitted as a unique numerical token.

If personal data is processed in these transmissions, it is exclusively for payment processing in accordance with Article 6(1)(b) GDPR.

Google may collect, store, and analyze transaction-specific data, including date, time, transaction amount, merchant location, product descriptions, images, and payment method. This processing is based on Article 6(1)(f) GDPR for legitimate interests in proper accounting, verification of transaction data, and optimization of the Google Pay service.

Google may also link transaction data with other information collected through its services.

Terms of use for Google Pay: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en Privacy information: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

  • PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you choose a payment method requiring advance payment, your payment data (name, address, bank and card details, currency, and transaction number) and order details will be shared with the provider under Article 6(1)(b) GDPR solely for payment processing.

For payment methods where we advance payment, you may be asked to provide personal details (name, address, date of birth, email, phone number, and alternative payment data). To ensure our legitimate interest in verifying your creditworthiness, we transmit this data under Article 6(1)(f) GDPR to the provider for a credit check.

  • Shopify Payments

Online payment methods from Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, are available. If you choose an advance payment method, your payment data and order details will be shared with the provider under Article 6(1)(b) GDPR solely for payment processing.

  • SOFORT

Online payment methods from SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany, are available. Payment data and order details will be shared with the provider under Article 6(1)(b) GDPR solely for payment processing.

9) Retargeting/Remarketing and Conversion Tracking

9.1 Meta Pixel with Enhanced Data Matching

We use "Meta Pixel" from Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Meta") for tracking and optimizing Facebook and Instagram ads. When a user clicks an ad, the linked page URL is expanded with a parameter recorded by a cookie. This cookie collects specific customer data (e.g., email address) and allows transmission to Meta for ad optimization ("Custom Audiences").

Processing occurs only with your explicit consent under Article 6(1)(a) GDPR, which can be revoked anytime through the "cookie consent tool."

Meta's information is generally stored on Meta servers, including in the U.S. Meta is part of the EU-US Data Privacy Framework, ensuring compliance with EU data protection standards.

9.2 TikTok Pixel

We use TikTok Pixel from TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, to track ad performance. Cookies or similar technologies collect device and browser data, including IP addresses, to evaluate user interactions.

Processing occurs only with explicit consent under Article 6(1)(a) GDPR, revocable via the "cookie consent tool."

10) Site Functionalities

We use services from Endereco UG, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany, to validate address inputs during checkout, preventing errors and ensuring correct deliveries.

11) Data Subject Rights

You have rights under GDPR, including access (Art. 15), rectification (Art. 16), erasure (Art. 17), processing restriction (Art. 18), data portability (Art. 20), and the right to withdraw consent (Art. 7(3)).

11.2 Right to Object

You may object to data processing based on legitimate interests (Art. 6(1)(f)) at any time. We will cease processing unless we demonstrate overriding legitimate grounds. If data is used for direct marketing, you can object at any time, and we will stop processing for marketing purposes.