Privacy policy
The data controller is:
Hey Marly GmbH
Vogelsanger Str. 80a,
50823 Cologne, Germany
service@heymarly.com
Thank you for your interest in our online store. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data
1. Access Data and Hosting
You can visit our website without providing any personal information. Each time a website is accessed, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access.
When you use our website solely for informational purposes—that is, if you do not register or otherwise provide us with information—we collect only the data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- The website we visited
- Date and time at the time of access
- Amount of data sent in bytes
- Source or reference that led you to this page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not disclosed or used in any other way. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.
Hosting services provided by a third-party provider
As part of processing on our behalf, a third-party provider provides us with services for hosting and displaying the website. This serves to safeguard our legitimate interests in the proper presentation of our website, which take precedence in the context of a balancing of interests. All collected as part of the use of this website or through the forms provided for this purpose in the online store, as described below, is processed on its servers. Processing on other servers takes place only within the scope described here.
Hosted by Shopify
We use the store system provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), to host and display the online store on Base, which processes this data on our behalf. All collected on our website is processed on Shopify’s servers. As part of Shopify’s aforementioned services, data may also be transferred to Shopify Inc., 150 Elgin St., Ottawa, ON K2P 1L4, Canada; Shopify Data Processing (USA) Inc.; Shopify Payments (USA) Inc.; or Shopify (USA) Inc. for further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., and Shopify (USA) Inc. in the USA are certified under the U.S.-EU data protection agreement “Privacy Shield,” which guarantees compliance with the data protection standards applicable in the EU.
Further information on Shopify’s data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on Shopify servers other than those mentioned above will only take place within the framework specified below.
2. Data collection and use for contract processing and contacting
We collect personal data if you voluntarily provide it to us in connection with your order or when contacting us (e.g., via the contact form or email). Required fields are marked as such because, in these cases, we need the data to fulfill the contract or to process your inquiry, and you cannot submit the order or inquiry without providing it. The specific data collected is indicated in the respective input forms. We use the data you provide in accordance with Article 6(1)(b) of the GDPR for contract processing and to handle your inquiries. If you have given your consent in accordance with Article 6(1)(a) of the GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account. After the contract has been fully processed or your customer account has been deleted, your data will be restricted from further processing and deleted upon expiration of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement. You may delete your customer account at any time by either sending a message to the contact option described below or using the function provided for this purpose within the customer account.
3. Data Transfer
In order to fulfill the contract in accordance with Article 6(1)(b) of the GDPR, we share your data with the shipping company responsible for delivery, to the extent necessary for the delivery of the ordered goods. Depending on which payment service provider you select during the ordering process, we will share the payment data collected for this purpose with the financial institution responsible for processing the payment and, if applicable, with payment service providers we have engaged or with the selected payment service. In some cases, the selected payment service providers may also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider using your login credentials during the ordering process. In this regard, the privacy policy of the respective payment service provider applies.
Data transfer to shipping service providers
If you have given us your express consent to this during or after your order, we will pass on your email address to the selected shipping service provider in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR so that they can contact you before delivery for the purpose of delivery notification or coordination.
You may revoke your consent at any time by sending a message to the contact option described below or directly to the shipping service provider at the contact address listed below. After revocation, we will delete the data you provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.
FIEGE E-COM WEST SP. Z O.O.,
UL. MAGAZYNOWA 8
72-100 LOZIENIC
DHL Paket GmbH
Sträßchensweg 10
53113
Bonn
UPS
Görlitzer Str. 1
41460
Neuss
4. Email newsletter
Email advertising with newsletter subscription
If you subscribe to our newsletter, we will use the data required for this purpose or provided separately by you to send you our email newsletter on a regular basis, based on your consent in accordance with Article 6(1), first sentence, (a) of the GDPR.
You can unsubscribe from the newsletter at any time by either sending a message to the contact option described below or by clicking the link provided for this purpose in the newsletter. After you unsubscribe, we will delete your email address unless you have expressly consented to further use of your data or we reserve the right to use your data in a manner that goes beyond this, which is permitted by law and about which we inform you in this statement.
The newsletter is sent as part of processing carried out on our behalf by a service provider, to whom we provide your email address for this purpose.
Our email newsletters are sent via the technical service provider "Klaviyo," 225 Franklin St, Boston, MA 02110, USA(http://www.klaviyo.com), to whom we provide the data you submitted when you subscribed to the newsletter. This transfer is carried out in accordance with Article 6(1)(f) of the GDPR and serves our legitimate interest in using an effective, secure, and user-friendly newsletter system. Please note that your data is typically transferred to a Klaviyo server in the United States and stored there.
Klaviyo uses this information to send the newsletter on our behalf. Klaviyo does not use the data of our newsletter recipients to contact them directly or to share it with third parties.
To protect your data in the United States, we have a data processing agreement with Klaviyo under which Klaviyo agrees to protect our users' data, to process it on our behalf in accordance with its data protection provisions, and, in particular, not to disclose it to third parties.
Klaviyo is also certified under the U.S.-European data protection agreement "Privacy Shield" and is therefore committed to complying with EU data protection requirements.
You can view Klaviyo's privacy policy here:https://www.klaviyo.com/privacy
5. Cookies and Web Analytics
In order to make visiting our website more appealing and to enable the use of certain features, to display relevant products, or for market research, we use so-called cookies on various pages. This serves to safeguard our legitimate interests—which prevail in the context of a balancing of interests—in presenting our offerings in an optimized manner, in accordance with Article 6(1)(f) of the GDPR. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted at the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). The storage duration can be found in the overview in your web browser’s cookie settings. You can configure your browser to notify you when cookies are set and decide on a case-by-case basis whether to accept them or to block cookies in certain cases or in general. Each browser manages cookie settings differently. This is described in the help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browsers at the following links:
Internet Explorer™:https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Safari™:https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Chrome™: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Firefox™https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™ :https://help.opera.com/de/latest/web-preferences/#cookies
If cookies are not accepted, the functionality of our website may be limited.
Use of Google (Universal) Analytics for web analytics
This website uses Google (Universal) Analytics for web analytics. The web analytics service is provided by Google Ireland Limited, a company incorporated and operating under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to safeguard our legitimate interests—which prevail in the context of a balancing of interests—in the optimized presentation of our services in accordance with Art. 6(1)(f) of the GDPR. Google (Universal) Analytics uses methods that enable the analysis of your use of the website, such as cookies. The information automatically collected about your use of this website is typically transmitted to a Google server in the United States and stored there. By enabling IP anonymization on this website, the IP address is truncated before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. The anonymized IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. Once we no longer use Google Analytics for its intended purpose, the data collected in this context will be deleted.
To the extent that information is transferred to Google servers in the United States and stored there, the U.S. company Google LLC is certified under the EU-U.S. Privacy Shield. A current certificate can be viewedhere. Based on this agreement between the United States and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.
You can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link:https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plug-in, you can click this link to prevent Google Analytics from collecting data on this website in the future. An opt-out cookie will be stored on your device. If you delete your cookies, you must click the link again.
6. Online Marketing
Google Ads Remarketing
We use Google Ads to advertise this website in Google search results and on third-party websites. For this purpose, Google sets a so-called remarketing cookie when you visit our website, which automatically enables interest-based advertising using a pseudonymous cookie ID and Base the pages you visit. This serves to safeguard our legitimate interests—which prevail in the context of a balancing of interests—in the optimal marketing of our website in accordance with Article 6(1), first sentence, lit. f of the GDPR. Once the purpose has been fulfilled and we have ceased using Google Ads Remarketing, the data collected in this context will be deleted.
Any further data processing will only take place if you have consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalize the ads you see on the web. In this case, if you are signed in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target audience lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data to create target groups.
Google Ads is a service provided by Google Ireland Limited, a company incorporated and operating under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).
To the extent that information is transferred to Google servers in the U.S. and stored there, the U.S. company Google LLC is certified under the EU-U.S. Privacy Shield.
A current certificate can be viewedhere. Base this agreement between the United States and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.
You can disable the remarketing cookie viathis link. You can also obtain information from theDigital Advertising Allianceaboutthe use of cookies and adjust your settings accordingly.
Clear attribution
We use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany) on our website. Klar collects, processes, and stores data on this website and its subpages for the purposes of measuring reach and conducting statistical analysis on our behalf. This data collection is based on the following legal Base:
If the user has given consent in accordance with Article 6(1), first sentence, of the GDPR and Section 25(1), first sentence, of the TTDSG, the data to be processed will be collected on a user-specific Base.
Different cookies are used for the various types of tracking mentioned above in order to ensure that each type of tracking is carried out properly.
Cookie - Objection
To object to the use of Klar in principle, please use thislink. This will set a cookie named "do_not_track" from the domain "pascal.sh". Please do not delete this cookie, as otherwise we cannot guarantee that you will not be tracked by Klar.
Information on data protection and data use by Klar can be found on the following website:https://www.getklar.com/data-protection
Google reCAPTCHA
On this website, we also use the reCAPTCHA service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This service is primarily used to distinguish between entries made by a human and those made abusively by machines or automated processes. The service involves sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in determining individual responsibility on the Internet and preventing abuse and spam. As part of the use of Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC in the United States.
In the event that personal data is transferred to Google LLC, based in the United States, Google LLC has certified itself under the U.S.-EU data protection agreement "Privacy Shield," which guarantees compliance with the data protection standards applicable in the EU. A current certificate can be viewed here:https://www.privacyshield.gov/list
Further information on Google reCAPTCHA and Google's privacy policy can be found at:https://www.google.com/intl/de/policies/privacy/
To the extent required by law, we have obtained your consent to the processing of your data as described above in accordance with Article 6(1)(a) of the GDPR. You may revoke your consent at any time with future effect. To exercise your right to revoke consent, please follow the procedure described above for filing an objection.
BingAds Remarketing
We use BingAds to advertise this website in Bing, Yahoo, and MSN search results and on third-party websites. For this purpose, a cookie is automatically set when you visit our website, which enables interest-based advertising automatically using a pseudonymous cookie ID and Base the pages you visit. This serves to safeguard our legitimate interests—which prevail in the context of a balancing of interests—in the optimal marketing of our website in accordance with Article 6(1), first sentence, lit. f of the GDPR. Once the purpose has been fulfilled and we have ceased using BingAds Remarketing, the data collected in this context will be deleted.
BingAds is a service provided by Microsoft Corporation (www.microsoft.com). Microsoft Corporation is headquartered in the United States and is certified under the EU-U.S. Privacy Shield. A current certificate can be viewedhere. Base this agreement between the United States and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.
You can deactivate the remarketing cookie viathis link. You can also obtain information from the Digital Advertising Alliance regarding the use of cookies and adjust your settings accordingly.
AdRoll Retargeting
We advertise this website in search results and on third-party websites through our advertising partner AdRoll Advertising Limited, Level 6, 1, Burlington Plaza, Burlington Road, Dublin 4, Ireland. For this purpose, when you visit our website, a cookie is automatically set by these providers or their partners, which enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. This serves to safeguard our legitimate interests—which prevail in the context of a balancing of interests—in the optimal marketing of our website in accordance with Art. 6(1), sentence 1, lit. f of the GDPR. Once the purpose has been fulfilled and we have ceased using AdRoll Retargeting, the data collected in this context will be deleted.
You can disable the retargeting cookie by clicking on one of the following links:https://app.adroll.com/optout/safari
Alternatively, you can disable the use of cookies by third-party providers by visiting theNetwork Advertising Initiative’s opt-out page.
Google Maps
This website uses Google Maps to visually display geographical information. Google Maps is a service provided by Google Ireland Limited, a company registered and operating under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to safeguard our legitimate interests—which prevail in the context of a balancing of interests—in the optimized presentation of our offerings and the easy accessibility of our locations in accordance with Art. 6 para. 1(f) of the GDPR.
When Google Maps is used, Google transmits or processes data regarding website visitors’ use of the Maps functions, which may include, in particular, the IP address and location data. We have no influence over this data processing.
To the extent that information is transferred to Google servers in the United States and stored there, the U.S. company Google LLC is certified under the EU-U.S. Privacy Shield. A current certificate can be viewedhere. Based on this agreement between the United States and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.
To disable the Google Maps service and thereby prevent the transfer of data to Google, you must disable the JavaScript function in your browser. In this case, Google Maps cannot be used or can only be used to a limited extent.
Further information about data processing by Google can be found inGoogle’s privacy policy. The terms of use forGoogle Mapscontaindetailed information about the map service.
Data processing is carried out on the Base an agreement between jointly responsible parties in accordance with Art. 26 GDPR, which you can viewhere.
Our online presence on Facebook, Google, Instagram, Pinterest,
. Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. We provide information there about our products and current special offers.
When you visit our online presence on social media, your data may be automatically collected and stored for market research and advertising purposes. This data is used to create so-called user profiles using pseudonyms. These can be used, for example, to display advertisements both within and outside the platforms that are presumed to correspond to your interests. Cookies are generally placed on your device for this purpose. These cookies store information about visitor behavior and user interests. This is done in accordance with Art. 6 para. 1 lit. f. GDPR to safeguard our legitimate interests in an optimized presentation of our offerings and effective communication with customers and interested parties, which prevail in the context of a balancing of interests. If you are asked by the respective social media platform operators for consent to data processing—for example, via a checkbox—the legal Base data processing is Article 6(1)(a) of the GDPR.
If the aforementioned social media platforms are headquartered in the United States, the following applies: There is an adequacy decision by the European Commission regarding the United States. This is based on the EU-U.S. Privacy Shield. A current certificate for the respective company can be viewedhere.
For detailed information on the processing and use of data by the providers on their pages, as well as contact information and your rights and settings options regarding the protection of your privacy—in particular opt-out options—please refer to the providers’ privacy policies linked below. If you still need assistance in this regard, you can contact us.
Facebook:https://www.facebook.com/about/privacy/
Data processing is carried out on the Base an agreement between jointly responsible parties in accordance with Article 26 of the GDPR, which you can view here:
https://www.facebook.com/legal/terms/page_controller_addendum
Google/YouTube:https://policies.google.com/privacy
Instagram:https://help.instagram.com/519522125107875
Pinterest:https://about.pinterest.com/de/privacy-policy
Option to object (opt-out):
Facebook:https://www.facebook.com/settings?tab=ads
Google/YouTube:https://adssettings.google.com/authenticated
Instagram:https://help.instagram.com/519522125107875
Pinterest:https://www.pinterest.de/?next=/settings/
7. Use of product availability reminder tools
Klaviyo Back in Stock Alert (product availability reminder).
Through these features, we collect user data to re-engage customers via personalized campaigns by leveraging their contextual and shopping history. Re-engagement only occurs when users explicitly opt in to these campaigns.
Please note that these opt-in permissions also include sharing user-specific behavior with our email service provider so that personalized campaigns can be created.
In Klaviyo's privacy policyhttps://www.klaviyo.com/privacy, youcan find out what data is collected from users and how this data is stored and used. You can also find more information here:http://www.klaviyo.com
In accordance with GDPR principles, personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures. All customer data is stored and processed through our cloud partner, Microsoft Azure, which uses best-in-class security and risk management protocols and is also fully GDPR-compliant. For more information on Microsoft Azure's GDPR compliance, please visit the Resource Center.
Klaviyo processes all Data in the United States, and the transfer of Customer Data to its systems complies with all laws, including but not limited to the GDPR. Please note that the Terms also incorporate the EU Standard Contractual Clauses set forth in Decision 2010/87/EU of February 5, 2010.
8. Use of the Pre-Order Manager (pre-orders)
SpurIT Pre-Order Manager 2 (pre-orders)
Through the Pre-Order Manager feature, we enable customers to pre-order or reserve products that are sold out.
The data you enter during your pre-order will be shared with the tool’s service provider. This transfer is carried out in accordance with Article 6(1)(f) of the GDPR and serves our legitimate interest in using an effective, secure, and user-friendly pre-order system.
The service provider uses this information to process it on our behalf and does not use the data to contact them directly or share it with third parties.
To protect your data, we have a data processing agreement with SpurIT, under which SpurIT agrees to protect our users' data, to process it on our behalf in accordance with its data protection provisions, and, in particular, not to disclose it to third parties.
SpurIT's privacy policy,https://spur-i-t.com/privacy-policy-pre-order-manager-2/,explainswhat data is collected from users and how this data is stored and used.
9. Contact Options and Your Rights
As a data subject, you have the following rights:
- In accordance with Article 15 of the GDPR, you have the right to request information about your personal data processed by us to the extent specified therein;
- In accordance with Article 16 of the GDPR, you have the right to request that we correct any inaccurate or incomplete personal data we have stored without delay;
- In accordance with Article 17 of the GDPR, you have the right to request the erasure of your personal data stored by us, unless further processing
—to exercise the right to freedom of expression and information;
—to comply with a legal obligation;
—for reasons of public interest or
—to assert, exercise, or defend legal claims
is required; - In accordance with Article 18 of the GDPR, you have the right to request the restriction of the processing of your personal data if
- you dispute the accuracy of the data;
- the processing is unlawful, but you do not wish to have the data deleted;
- we no longer need the data, but you need it to assert, exercise, or defend legal claims; or
- you have objected to the processing in accordance with Article 21 of the GDPR; - In accordance with Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transferred to another controller;
- In accordance with Article 77 of the GDPR, you have the right to file a complaint with a supervisory authority. As a general rule, you may contact the supervisory authority in your usual place of residence or workplace, or our company headquarters, for this purpose.
If you have any questions regarding the collection, processing, or use of your personal data, or if you wish to request information, correction, restriction, or deletion of your data, or to revoke your consent or object to a specific use of your data, please contact us directly using the contact information provided in our legal notice.
********************************************************************
Right to object
If we process personal data as explained above to safeguard our legitimate interests, which prevail in the context of a balancing of interests, you may object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you may exercise this right at any time as described above. If the processing is carried out for other purposes, you have the right to object only if there are grounds relating to your particular situation.
After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
This does not apply if the processing is carried out for direct marketing purposes. In this case, we will no longer process your personal data for this purpose. ********************************************************************