Politique de confidentialité
The data controller is:
Hey Marly GmbH
Vogelsanger Str. 80a,
50823 Cologne
service@heymarly.com
We appreciate your interest in our online store. Protecting your privacy is very important to us. Below, we provide detailed information about how we process your data.
1. Access and Hosting Information
You can visit our website without providing any personal information. Each time you visit a webpage, the web server automatically records what is known as a server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the visit, the amount of data transferred, and the requesting provider (access data), and which documents the visit.
When you simply use our website for informational purposes—that is, when you do not register or otherwise provide us with information—we collect only the data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary to enable us to display the website to you:
- The site we visited
- Date and time of access
- amount of data sent in bytes
- Source/reference from which you accessed the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data is not disclosed or used in any other way. However, we reserve the right to review the server log files at a later date if there are concrete indications of illegal use.
Hosting Services Provided by a Third-Party Provider
As part of processing carried out on our behalf, a third-party provider provides us with website hosting and presentation services. This serves to safeguard our legitimate interests—which, following a balancing of interests, are deemed to prevail—in ensuring the proper presentation of our offerings. All data collected in connection with the use of this website or through the forms provided for this purpose in the online store, as described below, is processed on its servers. Processing on other servers takes place only within the scope explained here.
Hosting by Shopify
We use the online store system provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), to host and display the online store on our behalf. All data collected on our website is processed on Shopify’s servers. As part of the Shopify services mentioned above, data may also be transferred for further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada; Shopify Data Processing (USA) Inc.; Shopify Payments (USA) Inc., or Shopify (USA) Inc. In the event of a data transfer to Shopify Inc. in Canada, the European Commission’s Adequacy Decision ensures an appropriate level of data protection. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., and Shopify (USA) Inc. in the United States are certified under the “Privacy Shield” data protection agreement, which ensures compliance with the data protection standards in effect in the EU.
For more information on Shopify’s data protection practices, please visit the following website: https://www.shopify.de/legal/datenschutz
Any other processing on servers other than those mentioned above by Shopify takes place only within the scope described below.
2. Collection and use of data for the performance of the contract, establishing contact
We collect personal data when you voluntarily provide it to us as part of your order or when you contact us (e.g., via a contact form or email). Required fields are marked as such because, in these cases, we absolutely need the data to fulfill the contract or process your inquiry, and you cannot submit the order or inquiry without providing this information. The data collected is specified in the corresponding input forms. We use the data you have provided in accordance with Article 6(1)(b) of the GDPR to fulfill the contract and process your requests. To the extent that you have given your consent in accordance with Article 6(1), first sentence, point (a) of the GDPR by deciding to open a customer account, we use your data for the purpose of opening a customer account. After the contract has been fully performed or your customer account has been deleted, your data will be restricted from further processing and deleted after the expiration of the retention periods prescribed by tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond what is permitted by law, in which case we will inform you of this in this statement. You may delete your customer account at any time, either by sending a message via the contact option described below or by using the function provided for this purpose in your customer account.
3) Data Transfer
To fulfill the contract in accordance with Article 6(1)(b) of the GDPR, we transfer your data to the shipping company responsible for delivery, to the extent necessary for the delivery of the ordered goods. Depending on the payment service provider you select during the ordering process, we transmit the payment data collected for this purpose to the credit institution responsible for processing the payment and, if applicable, to the payment service providers we have commissioned or to the selected payment service. The selected payment service providers may sometimes collect this data themselves, provided that you create an account with them. In this case, you must register with the payment service provider using your login credentials during the ordering process. The privacy policy of the relevant payment service provider applies in this case.
Data transmission to shipping service providers
Provided that you have given us your express consent to do so during or after placing your order, we will, on the basis of that consent and in accordance with Art. 6, para. 1, subpara. 1, letter a of the GDPR, to the selected shipping service provider so that they can contact you prior to delivery for the purpose of notifying you or coordinating the delivery.
Consent may be revoked at any time by sending a message to the contact option described below or directly to the shipping service provider at the contact address listed below. After revocation, we will delete the data you provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond what is permitted by law, as described in this privacy policy.
FIEGE E-COM WEST SP. Z O.O.,
UL. MAGAZYNOWA 8
72-100 LOZIENIC
DHL Paket GmbH
Sträßchensweg 10
53113
Bonn
UPS
Görlitzer Str. 1
41460
Neuss
4. e-newsletter
Email advertising with newsletter subscription
If you subscribe to our newsletter, we use the data necessary for this purpose—or that you have provided to us separately—to send you our newsletter regularly by email based on your consent in accordance with Art. 6, para. 1, subpara. 1, letter a of the GDPR.
You can unsubscribe from the newsletter at any time by either sending a message using the contact option described below or by clicking the link provided for this purpose in the newsletter. After you unsubscribe, we will delete your email address, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond what is permitted by law, in which case we will inform you of this in this privacy policy.
The newsletter is sent by a service provider acting on our behalf, to whom we provide your email address for this purpose.
Our newsletter is sent via email by the technical service provider "Klaviyo," 225 Franklin St, Boston, MA 02110, USA(http://www.klaviyo.com), to whom we transmit the data you provided when you subscribed to the newsletter. This transfer is carried out in accordance with Article 6(1)(f) of the GDPR and serves our legitimate interest in using a newsletter system that is effective for advertising purposes, secure, and user-friendly. Please note that your data is generally transmitted to a Klaviyo server in the United States and stored there.
Klaviyo uses this information to send the newsletter on our behalf. Klaviyo does not use the data of our newsletter subscribers to contact them directly or to share it with third parties.
To protect your data in the United States, we have entered into a data processing agreement ("Data-Processing-Agreement") with Klaviyo, in which Klaviyo commits to protecting our users' data, processing it on our behalf in accordance with its privacy policy, and, in particular, not sharing it with third parties.
Klaviyo is also certified under the European "Privacy Shield" data protection agreement and is therefore committed to complying with European data protection guidelines.
You can view Klaviyo's privacy policy here: https://www.klaviyo.com/privacy
5. Cookies and Web Analytics
In order to make your visit to our website more engaging and to enable the use of certain features, display relevant products, or conduct market research, we use what are known as cookies on various pages. This serves to protect our legitimate interests, which prevail following a balancing of interests, in the optimized presentation of our offerings in accordance with Article 6(1)(f) of the GDPR. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted at the end of the browsing session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser during your next visit (persistent cookies). You can view the storage duration in the cookie settings overview of your web browser. You can configure your browser to notify you when cookies are set and to decide on a case-by-case basis whether to accept them, or to block cookies in certain cases or generally. Each browser has its own way of managing cookie settings. This is described in each browser’s help menu, which explains how to change your cookie settings. You can find these settings for each browser by clicking on the following links:
InternetExplorer™: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Safari™: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Chrome™:https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Firefox™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™: https://help.opera.com/de/latest/web-preferences/#cookies
If you do not accept cookies, the functionality of our site may be limited.
Use of Google (Universal) Analytics for Web Analytics
This website uses Google (Universal) Analytics to analyze web pages. The web analytics service is provided by Google Ireland Limited, a company registered and operating under Irish law, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to protect our legitimate interests, which prevail following a balancing of interests, in the optimized presentation of our offerings in accordance with Article 6(1)(f) of the GDPR. Google (Universal) Analytics uses methods that enable the analysis of your use of the website, such as cookies. The information collected automatically about your use of this website is generally transmitted to a Google server in the United States and stored there. By enabling IP anonymization on this website, the IP address is truncated before being transmitted within the member states of the European Union or in other states that are signatories to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there. The anonymized IP address transmitted by your browser as part of Google Analytics is generally not combined with other Google data. Once the purpose has been fulfilled and we have ceased using Google Analytics, the data collected in this context is deleted.
To the extent that information is transmitted to Google servers in the United States and stored there, the U.S. company Google LLC is certified under the EU-U.S. Privacy Shield. A current certificate can be viewedhere. Based on this agreement between the United States and the European Commission, the latter has determined that Privacy Shield-certified companies provide an adequate level of data protection.
You can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address), as well as from processing this data, by downloading and installing the browser plug-in available at the following link:https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plug-in, you can click this link to prevent Google Analytics from collecting data on this website in the future. An opt-out cookie will then be stored on your device. If you delete your cookies, you must click the link again.
6. Online Marketing
Google Ads Remarketing
Through Google Ads, we advertise this website in Google search results as well as on third-party websites. To do this, Google’s so-called remarketing cookie is set when you visit our website, which automatically enables interest-based advertising using a pseudonymous CookieID and based on the pages you have visited. This serves to safeguard our overriding legitimate interests in the context of a balancing of interests, namely the optimal marketing of our website in accordance with Article 6(1)(f) of the GDPR. Once the purpose has been fulfilled and we have ceased using Google Ads Remarketing, the data collected in this context is deleted.
Further processing of the data takes place only if you have given Google your consent to link your web and app browsing history to your Google Account and to use the information in your Google Account to personalize the ads you see on the web. In this case, if you are signed in to Google while visiting our website, Google uses your data in conjunction with Google Analytics data to create and define target audience lists for cross-device remarketing. To do this, Google temporarily links your personal data to Google Analytics data in order to create target audiences.
Google Ads is a service provided by Google Ireland Limited, a company registered and operating under Irish law, with its headquarters at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).
To the extent that information is transmitted to and stored on Google servers in the United States, the U.S. company Google LLC is certified under the EU-U.S. Privacy Shield.
A current certificate can be viewedhere. Based on this agreement between the United States and the European Commission, the Commission has determined that companies certified under the Privacy Shield provide an adequate level of data protection.
You can disable the remarketing cookie viathis link. You can also obtain information from theDigital Advertising Allianceaboutthe placement of cookies and adjust your settings accordingly.
Clear Attribution
On our website, we use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany). Klar collects, processes, and stores data on this website and its subpages for the purposes of measuring reach and conducting statistical analysis on our behalf. This data collection is carried out on the following legal basis:
If the user has given consent in accordance with Article 6(1), first sentence, point (a) of the GDPR and Article 25(1), first sentence of the TTDSG, the data to be processed is collected on a user-by-user basis.
Different cookies are used for the various types of data collection mentioned above in order to ensure that the specific type of data collection takes place.
Cookie - Opposition
If you wish to object to the use of Klar on principle, please use thislink. A cookie named "do_not_track" will then be set by the domain "pascal.sh." Please do not delete it; otherwise, we cannot guarantee that you will not be tracked by Klar.
You can find information about Klar's data protection and data use policies on the following website: https://www.getklar.com/data-protection
Google reCAPTCHA
On this website, we also use the reCAPTCHA feature provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This feature is primarily used to determine whether an entry is made by a human user or is the result of abusive, automated processing. The service involves sending the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google, and is carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in determining individual responsibility on the Internet and preventing abuse and spam. When using Google reCAPTCHA, personal data may also be transmitted to Google LLC’s servers in the United States.
In the event that personal data is transferred to Google LLC, which is headquartered in the United States, Google LLC has obtained certification under the "Privacy Shield" data protection framework, which ensures compliance with the level of data protection in effect in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
You can find more information about Google reCAPTCHA and Google's Privacy Policy at thefollowing link: https://www.google.com/intl/de/policies/privacy/
To the extent required by law, we have obtained your consent to the processing of your data as described above, in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect. To exercise your right to withdraw consent, please follow the opt-out procedure described above.
BingAds Remarketing
Through BingAds, we advertise this website in Bing, Yahoo, and MSN search results, as well as on third-party websites. To do this, a cookie is automatically placed when you visit our website, which automatically enables interest-based advertising using a pseudonymous CookieID and based on the pages you have visited. This serves to safeguard our overriding legitimate interests, following a balancing of interests, in the optimal marketing of our website in accordance with Article 6(1)(f) of the GDPR. Once the purpose has been fulfilled and we have ceased using Bing Ads remarketing, the data collected in this context is deleted.
BingAds is a service provided by Microsoft Corporation (www.microsoft.com). Microsoft Corporation is headquartered in the United States and is certified under the EU-U.S. Privacy Shield. A current certificate can be viewedhere. Based on this agreement between the United States and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.
You can disable the remarketing cookie by clickingon this link. You can also obtain information from the Digital Advertising Alliance about the placement of cookies and adjust your settings accordingly.
AdRoll Retargeting
Through our advertising partner, AdRoll Advertising Limited, Level 6, 1 Burlington Plaza, Burlington Road, Dublin 4, Ireland, we advertise this website in search results and on third-party websites. To do this, a cookie from these providers or their partners is automatically set when you visit our website, which enables interest-based advertising using a pseudonymous CookieID and based on the pages you have visited. This serves to safeguard our overriding legitimate interests in the context of a balancing of interests, namely the optimal marketing of our website in accordance with Article 6(1)(f) of the GDPR. Once the purpose has been fulfilled and we have ceased using AdRoll Retargeting, the data collected in this context will be deleted.
You can disable the retargeting cookie by clicking on one of the following links:https://app.adroll.com/optout/safari
You can also disable the use of cookies by third-party providers by visiting theNetwork Advertising Initiative’s opt-out page.
Google Maps
This site uses Google Maps to visually display geographic information. Google Maps is a service provided by Google Ireland Limited, a company registered and operating under Irish law, with its headquarters at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to safeguard our overriding legitimate interests in the context of a balancing of interests, namely the optimized presentation of our services and easy access to our websites, in accordance with Article 6(1)(f) of the GDPR.
When using Google Maps, Google transmits or processes data regarding website visitors’ use of Maps features, which may include, among other things, the IP address and location data. We have no influence over this data processing.
To the extent that information is transmitted to and stored on Google’s servers in the United States, the U.S. company Google LLC is certified under the EU-U.S. Privacy Shield. A current certificate can be viewedhere. Based on this agreement between the United States and the European Commission, the Commission has determined that companies certified under the Privacy Shield provide an adequate level of data protection.
To disable the Google Maps service and thereby prevent the transmission of data to Google, you must disable JavaScript in your browser. In this case, Google Maps cannot be used or can only be used to a limited extent.
You can find more information about Google’s data processing inGoogle’s privacy policy. TheGoogle Maps Termsof Servicecontaindetailed information about the mapping service.
Data processing is carried out on the basis of a joint controller agreement in accordance with Article 26 of the GDPR, which you can viewhere.
Our online presence on Facebook, Google, Instagram, Pinterest
Our presence on social media and other platforms is intended to improve active communication with our customers and interested parties. There, we provide information about our products and current special offers.
When you visit our social media profiles, your data may be automatically collected and stored for market research and advertising purposes. User profiles are created from this data using pseudonyms. These profiles may be used, for example, to display advertisements both on and off the platforms that are intended to match your interests. To this end, cookies are generally installed on your device. Visitor behavior and user interests are recorded in these cookies. This serves, in accordance with Art. 6(1)(f) of the GDPR, to safeguard our legitimate interests—which prevail following a balancing of interests—in the optimized presentation of our offerings and effective communication with customers and interested parties. If the operators of the respective social media platforms request your consent (agreement) to the processing of data—for example, via a checkbox—the legal basis for data processing is Article 6(1)(a) of the GDPR.
If the aforementioned social media platforms have their headquarters in the United States, the following provisions apply: For the United States, there is an adequacy decision by the European Commission. This is based on the EU-US Privacy Shield. A current certificate for the relevant company can be viewedhere.
You will find detailed information on the processing and use of data by the providers on their websites, as well as contact information and details regarding your rights and settings to protect your privacy—in particular, opt-out options—in the providers’ privacy policies, which are linked below. However, if you need assistance with this, you can contact us.
Facebook: https://www.facebook.com/about/privacy/
Data processing is carried out on the basis of an agreement between joint controllers in accordance with Article 26 of the GDPR, which you can view here:
https://www.facebook.com/legal/terms/page_controller_addendum
Google/YouTube:https://policies.google.com/privacy
Instagram:https://help.instagram.com/519522125107875
Pinterest:https://about.pinterest.com/de/privacy-policy
Opt-out option:
Facebook:https://www.facebook.com/settings?tab=ads
Google/YouTube:https://adssettings.google.com/authenticated
Instagram:https://help.instagram.com/519522125107875
Pinterest: https://www.pinterest.de/?next=/settings/
7. Use of tools to track product availability
Klaviyo Back in Stock Alert (Product Availability Alert).
Through these features, we collect user data to re-engage customers via personalized campaigns based on their context and purchase history. Re-engagement occurs only if users explicitly choose to participate in these campaigns.
Please note that these consent authorizations also include sharing specific user behavior with our email service provider in order to create personalized campaigns.
Klaviyo'sprivacy policyhttps://www.klaviyo.com/privacyexplains what data is collected from users and how that data is stored and used. You can also find more information here: http://www.klaviyo.com
In accordance with the principles of the GDPR, personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures. All Klaviyo customer data is stored and processed by our cloud partner, Microsoft Azure, which uses industry-leading security and risk management protocols and is also fully GDPR-compliant. You can find more information about Microsoft Azure’s GDPR compliance in the resource center.
Klaviyo processes all customer data in the United States, and the transfer of customer data to its systems complies with all applicable laws, including, but not limited to, the GDPR. Please note that the provisions also include the EU Standard Contractual Clauses set forth in Decision 2010/87/EU of February 5, 2010, regarding the EU Standard Contractual Clauses.
8. Using Pre-Order Manager (pre-order management)
SpurIT Pre-Order Manager 2 (Pre-orders)
With the Pre-Order Manager feature, we allow customers to place and save pre-orders for out-of-stock products.
The data you enter when placing your pre-order is transmitted to the tool’s service provider. This transmission is carried out in accordance with Article 6(1)(f) of the GDPR and serves our legitimate interest in using an efficient, secure, and user-friendly pre-order system.
The service provider uses this information to process it on our behalf and does not use the data to contact them directly or to share it with third parties.
To protect your data, we have entered into a data processing agreement ("Data-Processing-Agreement") with SpurIT, in which SpurIT undertakes to protect our users' data, to process it on our behalf in accordance with its data protection policies, and, in particular, not to disclose it to third parties.
SpurIT'sprivacy policy(https://spur-i-t.com/privacy-policy-pre-order-manager-2/) explains what data is collected from users and how that data is stored and used.
9. How to Contact Us and Your Rights
As a data subject, you have the following rights:
- In accordance with Article 15 of the GDPR, you have the right to request information about the personal data we process about you, to the extent specified in that article;
- In accordance with Article 16 of the GDPR, you have the right to request the immediate rectification of any personal data concerning you that is inaccurate or incomplete;
- In accordance with Article 17 of the GDPR, you have the right to request the erasure of your personal data stored by us, unless further processing
—to exercise the right to freedom of expression and information;
—to comply with a legal obligation;
—for reasons of public interest; or
—to assert, exercise, or defend legal claims
—is necessary; - In accordance with Article 18 of the GDPR, you have the right to request the restriction of the processing of your personal data, provided that
- you contest the accuracy of the data;
- the processing is unlawful, but you do not wish to have the data erased;
- we no longer need the data, but you need it to assert, exercise, or defend legal claims or
- you have objected to the processing in accordance with Article 21 of the GDPR; - In accordance with Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another controller;
- In accordance with Article 77 of the GDPR, you have the right to file a complaint with a supervisory authority. As a general rule, you may contact the supervisory authority in your country of habitual residence, your place of work, or the location of our company’s headquarters.
If you have any questions regarding the collection, processing, or use of your personal data, or if you wish to request information, correction, restriction, or deletion of your data, or to revoke any consent you have given or object to a specific use of your data, please contact us directly using the contact information provided in our legal notice.
********************************************************************
Right to Object
To the extent that we process personal data to safeguard our overriding legitimate interests as part of a balancing of interests, as explained above, you may object to such processing with effect for the future. If the processing is carried out for direct marketing purposes, you may exercise this right at any time as indicated above. To the extent that the processing is carried out for other purposes, you have a right to object only on grounds relating to your particular situation.
After you have exercised your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate that there are legitimate and compelling grounds for the processing that override your interests, rights, and freedoms, or that the processing is necessary to assert, exercise, or defend legal claims.
This does not apply if the processing is carried out for direct marketing purposes. In that case, we will no longer process your personal data for that purpose. ********************************************************************