Privacy policy
The data controller is:
Hey Marly GmbH
Vogelsanger Str. 80a,
50823 Cologne, Germany
service@heymarly.com
Thank you for your interest in our online shop. The protection of your privacy is very important to us. Below we inform you in detail about the handling of your data
1. access data and hosting
You can visit our website without providing any personal information. Each time a website is accessed, the web server only automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access.
When you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymised form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on Base our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
Hosting services by a third-party provider
As part of processing on our behalf, a third-party provider provides us with the services for hosting and displaying the website. This serves to safeguard our legitimate interests in the correct presentation of our website, which are overriding in the context of a balancing of interests. All data collected as part of the use of this website or in the forms provided for this purpose in the online store as described below are processed on its servers. Processing on other servers only takes place within the scope described here.
Hosting by Shopify
We use the store system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online store on Base processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc. in the USA are certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on Shopify servers other than those mentioned above will only take place within the framework specified below.
2. data collection and use for contract processing, contacting
We collect personal data if you voluntarily provide it to us in the context of your order or when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such because in these cases we need the data to process the contract or to process your contact and you cannot send the order or contact without providing it. Which data is collected can be seen from the respective input forms. We use the data provided by you in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO for contract processing and processing your enquiries. If you have given your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO by deciding to open a customer account, we will use your data for the purpose of opening a customer account. After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described below or via a function provided for this purpose in the customer account.
3. data transfer
In order to fulfil the contract in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
Data transfer to shipping service providers
If you have given us your express consent to this during or after your order, we will pass on your email address to the selected shipping service provider in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR so that they can contact you before delivery for the purpose of delivery notification or coordination.
You can revoke your consent at any time by sending a message to the contact option described below or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
FIEGE E-COM WEST SP. Z O.O,
UL. MAGAZYNOWA 8
72-100 LOZIENIC
DHL Paket GmbH
Sträßchensweg 10
53113
Bonn
UPS
Görlitzer Str. 1
41460
Neuss
4. e-mail newsletter
E-mail advertising with registration for the newsletter
If you register for our newsletter, we will use the data required for this or separately provided by you to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address unless you have expressly consented to further use of your data or we reserve the right to use data in a manner that goes beyond this, which is permitted by law and about which we inform you in this declaration.
The newsletter is sent as part of processing on our behalf by a service provider, to whom we pass on your e-mail address for this purpose.
Our email newsletters are sent via the technical service provider "Klaviyo", 225 Franklin St, Boston, MA 02110, USA(http://www.klaviyo.com), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a Klaviyo server in the USA and stored there.
Klaviyo uses this information to send the newsletter on our behalf. Klaviyo does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
To protect your data in the USA, we have a data processing agreement with Klaviyo in which Klaviyo undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties.
Klaviyo is also certified under the us-European data protection agreement "Privacy Shield" and thus undertakes to comply with the EU data protection requirements.
You can view Klaviyo's privacy policy here: https://www.klaviyo.com/privacy
5. cookies and web analysis
In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in an optimized presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of your web browser. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:
Internet Explorer™: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Safari™: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Chrome™: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Firefox™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™ : https://help.opera.com/de/latest/web-preferences/#cookies
If cookies are not accepted, the functionality of our website may be restricted.
Use of Google (Universal) Analytics for web analysis
This website uses Google (Universal) Analytics for website analysis. The web analytics service is provided by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in an optimized presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. Google (Universal) Analytics uses methods that enable your use of the website to be analyzed, such as cookies. The automatically collected information about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, the IP address is shortened before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The anonymized IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. Once the purpose and use of Google Analytics by us has ceased, the data collected in this context will be deleted.
Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.
You can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plug-in, you can click this link to prevent Google Analytics from collecting data on this website in the future. An opt-out cookie will be stored on your device. If you delete your cookies, you must click the link again
6. online marketing
Google Ads Remarketing
We use Google Ads to advertise this website in Google search results and on third-party websites. For this purpose, the so-called remarketing cookie is set by Google when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our website in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. After the end of the purpose and the end of the use of Google Ads Remarketing by us, the data collected in this context will be deleted.
Any further data processing will only take place if you have consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalize ads you see on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data to create target groups.
Google Ads is a service provided by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).
Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield.
A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.
You can deactivate the remarketing cookie via this link. You can also obtain information from the Digital Advertising Alliance about the setting of cookies and make settings for this.
Clear attribution
We use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany) on our website. Klar collects, processes and stores data on this website and its subpages for reach measurement and statistical analysis on our behalf. This collection takes place on the following legal basis:
If the user has given consent in accordance with Article 6 (1) sentence 1 a GDPR and Section 25 (1) sentence 1 TTDSG, the data to be processed will be collected on a user-related basis.
Different cookies are used for the different types of recording mentioned above in order to guarantee the respective type of recording.
Cookie - Objection
To object to the use of Klar in principle, please use this link. This will set a cookie with the name "do_not_track" from the domain "pascal.sh". Please do not delete this, as otherwise it cannot be guaranteed that you will not be tracked by Klar.
Information on data protection and data use by Klar can be found on the following website: https://www.getklar.com/data-protection
Google reCAPTCHA
On this website, we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is primarily used to differentiate whether an entry is made by a natural person or abusively by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 lit. f GDPR on Base our legitimate interest in determining individual responsibility on the Internet and avoiding abuse and spam. As part of the use of Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. in the USA.
In the event that personal data is transferred to Google LLC. based in the USA, Google LLC. has certified itself for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
Further information on Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/
Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please follow the option described above for making an objection.
BingAds Remarketing
We use BingAds to advertise this website in the Bing, Yahoo and MSN search results and on third-party websites. For this purpose, a cookie is automatically set when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our website in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. After the end of the purpose and the end of the use of BingAds Remarketing by us, the data collected in this context will be deleted.
BingAds is an offer from Microsoft Corporation (www.microsoft.com). Microsoft Corporation is headquartered in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.
You can deactivate the remarketing cookie via this link. You can also obtain information from the Digital Advertising Alliance about the setting of cookies and make settings for this.
AdRoll Retargeting
We advertise this website in search results and on third-party websites via our advertising partner AdRoll Advertising Limited, Level 6, 1, Burlington Plaza, Burlington Road, Dublin 4, Ireland. For this purpose, when you visit our website, a cookie is automatically set by these providers or their partners, which enables interest-based advertising by means of a pseudonymous cookie ID and based on the pages you visit. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our website in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. After the end of the purpose and the end of the use of AdRoll Retargeting by us, the data collected in this context will be deleted.
You can deactivate the retargeting cookie by clicking on one of the following links: https://app.adroll.com/optout/safari
Alternatively, you can deactivate the use of cookies by third-party providers by visiting the deactivation page of the network advertising initiative.
Google Maps
This website uses Google Maps to visually display geographical information. Google Maps is a service provided by Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in an optimized presentation of our offer and easy accessibility of our locations in accordance with Art. 6 para. 1 lit. f) GDPR.
When Google Maps is used, Google transmits or processes data on the use of the Maps functions by website visitors, which may include in particular the IP address and location data. We have no influence on this data processing.
Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.
To deactivate the Google Maps service and thus prevent the transfer of data to Google, you must deactivate the Java Script function in your browser. In this case, Google Maps cannot be used or can only be used to a limited extent.
Further information about data processing by Google can be found in Google's privacy policy. The terms of use for Google Maps contain detailed information about the map service.
Data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR, which you can view here.
Our online presence on Facebook, Google, Instagram, Pinterest
Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. We provide information there about our products and current special offers.
When you visit our online presence on social media, your data may be automatically collected and stored for market research and advertising purposes. This data is used to create so-called user profiles using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally placed on your device for this purpose. The visitor behavior and the interests of the users are stored in these cookies. This serves in accordance with Art. 6 para. 1 lit. f. GDPR to safeguard our legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties, which predominate in the context of a balancing of interests. If you are asked by the respective social media platform operators for consent to data processing, e.g. by means of a checkbox, the legal basis for data processing is Art. 6 para. 1 lit. a GDPR.
If the aforementioned social media platforms have their headquarters in the USA, the following applies: There is an adequacy decision by the European Commission for the USA. This is based on the EU-US Privacy Shield. A current certificate for the respective company can be viewed here.
For detailed information on the processing and use of data by the providers on their pages as well as a contact option and your rights and setting options in this regard to protect your privacy, in particular opt-out options, please refer to the providers' data protection notices linked below. If you still need help in this regard, you can contact us.
Facebook: https://www.facebook.com/about/privacy/
Data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR, which you can view here:
https://www.facebook.com/legal/terms/page_controller_addendum
Google/ YouTube: https://policies.google.com/privacy
Instagram: https://help.instagram.com/519522125107875
Pinterest: https://about.pinterest.com/de/privacy-policy
Option to object (opt-out):
Facebook: https://www.facebook.com/settings?tab=ads
Google/ YouTube: https://adssettings.google.com/authenticated
Instagram: https://help.instagram.com/519522125107875
Pinterest: https://www.pinterest.de/?next=/settings/
7. use of product availability reminder tools
Klaviyo Back in Stock Alert (product availability reminder).
Through the features, we collect user data to re-engage customers via personalised campaigns by leveraging their contextual/shopping history. Re-engagement only happens when users explicitly opt-in to these campaigns.
Note that these opt-in permissions also include sharing user-specific behaviour with our email service provider so that personalised campaigns can be created.
In Klaviyo's privacy policy https://www.klaviyo.com/privacy you can find out what data is collected from users and how this data is stored and used. You can also find more information here: http://www.klaviyo.com
In accordance with GDPR principles, personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. All Klaviyo customer data is stored and processed via cloud partners, Microsoft Azure, which uses best-in-class security and risk management protocols and is also fully GDPR compliant. For more information on Microsoft Azure's GDPR compliance, please visit the Resource Center.
Klaviyo processes all Customer Data in the United States, and the transfer of Customer Data to its systems complies with all applicable laws, including but not limited to the GDPR. Please note that the Terms also incorporate the EU Standard Contractual Clauses of Decision 2010/87/EU of February 5, 2010 with respect to the EU Standard Contractual Clauses.
8. use of Pre-Order Manager (pre-orders)
SpurIT Pre-Order Manager 2 (pre-orders)
Through the Pre-Order Manager function, we enable customers to pre-order/secure sold-out products.
The data entered during your pre-order will be passed on to the service provider of the tool. This transfer takes place in accordance with Art. 6 para. 1 lit. f DSGVO and serves our legitimate interest in the use of an effective, secure and user-friendly pre-ordering system.
The service provider uses this information for processing on our behalf and does not use the data to write to them themselves or pass them on to third parties.
To protect your data, we have a data processing agreement with SpurIT, in which SpurIT undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties.
SpurIT's privacy policy https://spur-i-t.com/privacy-policy-pre-order-manager-2/ explains what data is collected from users and how this data is stored and used.
9. contact options and your rights
As a data subject, you have the following rights:
- In accordance with Art. 15 DSGVO, you have the right to request information about your personal data processed by us to the extent specified therein;
- In accordance with Art. 16 DSGVO, you have the right to request the correction of incorrect or incomplete personal data stored by us without delay;
- in accordance with Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation;
- for reasons of public interest or
- to assert, exercise or defend legal claims
is required; - in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personal data if
- the accuracy of the data is disputed by you;
- the processing is unlawful, but you refuse to delete it;
- we no longer need the data, but you need it to assert, exercise or defend legal claims or
- you have lodged an objection to the processing in accordance with Art. 21 GDPR; - in accordance with Art. 20 DSGVO, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
- In accordance with Art. 77 DSGVO, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of consent given or objection to a specific use of data, please contact us directly using the contact details in our imprint.
********************************************************************
Right to object
If we process personal data as explained above in order to safeguard our legitimate interests, which are overriding in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object if there are grounds relating to your particular situation.
After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.
This does not apply if the processing is carried out for direct marketing purposes. In this case, we will no longer process your personal data for this purpose. ********************************************************************