Privacy Policy
PRIVACY POLICY
1) Information on the Collection of Personal Data and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how your personal data is handled when using our website. Personal data means any data that can be used to personally identify you.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Mitchell & Rose. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL/TLS encryption. You can recognize an encrypted connection by the “https://” prefix and the lock symbol in your browser’s address bar.
2) Data Collection When Visiting Our Website
When you use our website for informational purposes only (i.e., you do not register or otherwise submit information to us), we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary to display the website to you:
-
The website visited
-
Date and time of access
-
Amount of data sent in bytes
-
Source/referrer from which you reached the page
-
Browser used
-
Operating system used
-
IP address used (if applicable, in anonymized form)
Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used for any other purpose. However, we reserve the right to review the server log files subsequently if there are specific indications of unlawful use.
3) Cookies
To make visiting our website attractive and to enable certain functions, we use cookies on various pages. Cookies are small text files stored on your device. Some cookies we use are deleted after your browser session ends (so-called “session cookies”). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (“persistent cookies”).
If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified duration, which may vary depending on the cookie.
Some cookies serve to simplify the ordering process by saving settings (e.g., remembering the contents of a virtual shopping cart for a later visit). If personal data is processed through cookies implemented by us, processing takes place in accordance with Art. 6(1)(b) GDPR either for the performance of the contract or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the website visit.
We may work with advertising partners who help us make our online offering more interesting. For this purpose, cookies from partner companies (third-party cookies) may also be stored on your hard drive when you visit our website. If we work with such advertising partners, you will be informed individually and separately in the following sections about the use of such cookies and the scope of information collected.
You can set your browser to inform you about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in how cookie settings are managed. This is described in each browser’s help menu, which explains how you can change your cookie settings. You can find information for the respective browsers at the following links:
-
Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
-
Firefox: https://support.mozilla.org/kb/enable-and-disable-cookies-website-preferences
-
Chrome: https://support.google.com/chrome/answer/95647
-
Safari: https://support.apple.com/kb/PH21411
-
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that if you do not accept cookies, the functionality of our website may be limited.
4) Contact
When you contact us (e.g., via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or contacting you and the related technical administration.
The legal basis for processing is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, an additional legal basis is Art. 6(1)(b) GDPR. Your data will be deleted after your request has been fully processed, provided that the circumstances indicate that the matter has been conclusively clarified and there are no statutory retention obligations to the contrary.
5) Data Processing When Opening a Customer Account and for Contract Fulfillment
In accordance with Art. 6(1)(b) GDPR, personal data is collected and processed when you provide it to us for the performance of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms.
You can delete your customer account at any time by sending a message to the controller’s address stated above. We store and use the data you provide for contract processing. After complete fulfillment of the contract or deletion of your customer account, your data will be blocked in consideration of tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we reserve the right to further use data as permitted by law, about which we will inform you below.
6) Use of Your Data for Direct Advertising
6.1 Subscription to our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only required information for receiving the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally.
We use the double opt-in procedure for sending the newsletter. This means that we will only send you a newsletter after you have expressly confirmed that you consent to receiving it. We then send you a confirmation email asking you to confirm your subscription by clicking a corresponding link.
By activating the confirmation link, you provide your consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR. When registering for the newsletter, we store the IP address entered by your Internet Service Provider (ISP) and the date and time of registration in order to be able to trace any possible misuse of your email address at a later point.
The data collected during newsletter registration is used exclusively for advertising purposes via the newsletter. You can unsubscribe at any time via the link provided in the newsletter or by sending a message to the controller named above. After you unsubscribe, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to further use data as permitted by law, about which we inform you in this policy.
6.2 Newsletter to Existing Customers
If you provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers by email for similar goods or services to those you have already purchased from our range. We do not require separate consent for this.
Processing is based solely on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send you emails.
You may object to the use of your email address for advertising purposes at any time with effect for the future by notifying the controller named above. You will only incur transmission costs according to the basic tariffs. After receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.
7) Data Processing for Order Fulfillment
7.1 The personal data we collect is forwarded to the shipping company commissioned with delivery as part of contract fulfillment, insofar as this is necessary for the delivery of the goods. We forward your payment data to the commissioned financial institution as part of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we explicitly inform you about this below. The legal basis for transferring the data is Art. 6(1)(b) GDPR.
7.2 Use of Payment Service Providers (Payment Services)
PayPal
If you pay via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” or “installment payment” via PayPal, we transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) for payment processing. The transfer takes place in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for payment processing.
PayPal reserves the right, for the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” or “installment payment” via PayPal, to carry out a creditworthiness check. For this purpose, your payment data may be transmitted to credit agencies in accordance with Art. 6(1)(f) GDPR based on PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of the credit check regarding the statistical probability of payment default to decide on the provision of the respective payment method. The credit check may contain probability values (so-called score values). Where score values influence the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values may include address data, among other things.
Further information, including the credit agencies used, can be found in PayPal’s privacy policy:
https://www.paypal.com/webapps/mpp/ua/privacy-full
You may object to this processing of your data at any time by contacting PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
SOFORT
If you select the payment method “SOFORT”, payment is processed via SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (“SOFORT”). We transfer the information you provided during the ordering process, together with information about your order, to SOFORT in accordance with Art. 6(1)(b) GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of your data takes place solely for the purpose of payment processing and only to the extent required.
More information about SOFORT’s data protection provisions can be found at:
https://www.klarna.com/sofort/privacy-policy/
8) Contact for Review Reminders
Own review reminder (no dispatch via a review system)
We use your email address for a one-time reminder to submit a review of your order for the review system used by us, provided you have given us your explicit consent during or after your order in accordance with Art. 6(1)(a) GDPR.
You may revoke your consent at any time by sending a message to the controller responsible for data processing.
9) Use of Social Media: Social Plugins
9.1 Facebook Plugins (Shariff solution)
On our website, we use social plugins (“plugins”) from the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”).
To increase the protection of your data when visiting our website, these buttons are not integrated as full plugins, but only as HTML links. This type of integration ensures that when you access a page on our website that contains such buttons, no connection to Facebook’s servers is established yet. When you click the button, a new browser window opens and loads Facebook’s page, where you can (if necessary after entering your login details) interact with the plugins.
Facebook Inc., based in the USA, is certified under the EU–US “Privacy Shield” framework, which ensured compliance with the EU data protection level. (Note: legal frameworks may change; this text reflects the original wording.)
For the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and settings to protect your privacy, please see Facebook’s privacy policy:
https://www.facebook.com/policy.php
Important note: Special additional customs clearance costs and/or import duties are not included in the price and are borne by the customer.
9.2 Google+ Plugins (Shariff solution)
On our website, we use social plugins (“plugins”) from the social network Google+, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
To increase the protection of your data when visiting our website, these buttons are not integrated as full plugins, but only as HTML links. This ensures that no connection to Google+ servers is established when you access pages containing such buttons. When you click the button, a new browser window opens and loads Google+, where you can (if necessary after entering your login details) interact with the plugins.
Google LLC, based in the USA, was certified under the EU–US “Privacy Shield” framework. (Note: legal frameworks may change; this text reflects the original wording.)
More information can be found in Google’s privacy policy:
https://policies.google.com/privacy
9.3 Instagram Plugin (Shariff solution)
On our website, we use social plugins (“plugins”) from Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”).
To increase data protection when visiting our website, these buttons are integrated only as HTML links. This ensures that no connection to Instagram’s servers is established when loading pages containing such buttons. When you click the button, a new browser window opens and loads Instagram, where you can (if necessary after entering your login details) interact with the plugins.
Instagram LLC, based in the USA, was certified under the EU–US “Privacy Shield” framework. (Note: legal frameworks may change; this text reflects the original wording.)
More information can be found in Instagram’s privacy policy:
https://help.instagram.com/519522125107875
10) Online Marketing
10.1 DoubleClick by Google
This website uses the online marketing tool DoubleClick by Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “DoubleClick”).
DoubleClick uses cookies to display ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent ads from being shown repeatedly. Processing is carried out based on our legitimate interest in optimal marketing of our website in accordance with Art. 6(1)(f) GDPR.
DoubleClick can also use cookie IDs to record conversions related to ad requests (e.g., when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and makes a purchase). According to Google, DoubleClick cookies do not contain personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection to Google’s server. We have no influence over the scope and further use of the data collected by Google through this tool. To the best of our knowledge, Google receives information that you have accessed the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered with Google or not logged in, it is possible that Google may obtain and store your IP address.
If you wish to object to this tracking, you can disable conversion tracking cookies by setting your browser to block cookies from the domain www.googleadservices.com:
https://www.google.com/settings/ads
You can also control cookies via: www.aboutads.info
Please note that disabling cookies may limit the functionality of our website.
Further information about DoubleClick by Google can be found here:
https://policies.google.com/privacy
10.2 Google Ads Conversion Tracking
This website uses the online advertising program “Google Ads” and, within Google Ads, conversion tracking by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
We use Google Ads to draw attention to our offers via advertising materials (Google Ads) on external websites. We can determine how successful individual advertising measures are in relation to the campaign data. We pursue the interest of showing you advertising that is relevant to you, making our website more interesting, and achieving a fair calculation of advertising costs.
The conversion tracking cookie is set when a user clicks on a Google Ads ad. These cookies generally expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads customers.
The information collected using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users.
If you do not wish to participate in tracking, you can block this use by disabling the Google conversion tracking cookie in your browser’s user settings. You will then not be included in conversion tracking statistics. We use Google Ads based on our legitimate interest in targeted advertising pursuant to Art. 6(1)(f) GDPR.
More information about Google’s privacy policy can be found here:
https://policies.google.com/privacy
You can permanently disable cookies for ad preferences by adjusting your browser settings or installing the browser plugin available at:
https://www.google.com/settings/ads/plugin
Please note that certain functions of this website may not be available or may be limited if you disable cookies.
11) Web Analytics Services
Google (Universal) Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server in the USA and stored there.
This website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which ensures anonymization of the IP address by shortening and excludes direct personal identification. With this extension, your IP address is truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
In these exceptional cases, processing takes place in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in statistical analysis of user behavior for optimization and marketing purposes.
Google will use this information on our behalf to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; however, please note that you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plugin available at:
https://tools.google.com/dlpage/gaoptout
As an alternative to the browser plugin, or within browsers on mobile devices, you can click the following link to set an opt-out cookie that prevents Google Analytics from collecting data on this website in the future (this opt-out cookie only works in this browser and only for this domain; if you delete your cookies, you must click this link again): Disable Google Analytics
Google LLC, based in the USA, was certified under the EU–US “Privacy Shield” framework. (Note: legal frameworks may change; this text reflects the original wording.)
This website also uses Google Analytics for cross-device analysis of visitor flows, carried out using a user ID. When a page is accessed for the first time, the user is assigned a unique, permanent, and anonymized ID that is set across devices. This makes it possible to assign interaction data from different devices and sessions to a single user. The user ID contains no personal data and does not transmit personal data to Google.
You can object to data collection and storage via the user ID at any time with effect for the future by disabling Google Analytics on all systems you use (e.g., in another browser or on your mobile device).
Further information on Universal Analytics can be found here:
https://support.google.com/analytics/answer/2838718
12) Retargeting / Remarketing / Referral Advertising
Facebook Custom Audiences (Pixel)
This website uses the “Facebook Pixel” from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). If you have given explicit consent, this allows user behavior to be tracked after they have viewed or clicked a Facebook advertisement. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising measures.
The data collected is anonymous for us and does not allow us to identify users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook may use the data for its own advertising purposes in accordance with Facebook’s data policy:
https://www.facebook.com/about/privacy/
Facebook may enable ads to be placed on and outside Facebook. A cookie may also be stored on your device for these purposes. These processing operations are carried out only if you have given explicit consent in accordance with Art. 6(1)(a) GDPR.
Consent to the use of the Facebook pixel may only be given by users older than 13 years. If you are younger, please ask your parent or guardian for permission.
Facebook Inc., based in the USA, was certified under the EU–US “Privacy Shield” framework. (Note: legal frameworks may change; this text reflects the original wording.)
You can disable cookies in your browser settings. Disabling all cookies may result in some functions of our website no longer working. You can also opt out of third-party cookies (e.g., Facebook) at:
https://www.aboutads.info/choices/
Google Ads Remarketing
Our website uses Google Ads Remarketing. We use it to advertise this website in Google search results and on third-party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google sets a cookie in your device’s browser, which automatically enables interest-based advertising via a pseudonymous cookie ID based on the pages you visit. Processing is based on our legitimate interest in optimal marketing of our website in accordance with Art. 6(1)(f) GDPR.
Further data processing only takes place if you have agreed with Google that your internet and app browsing history is linked to your Google account and that information from your Google account is used to personalize ads. If you are logged into Google while visiting our website, Google uses your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to form target groups.
You can permanently disable cookies for ad preferences by installing the browser plugin available at:
https://www.google.com/settings/ads/onweb/
Alternatively, you can manage cookies and opt-out via: www.aboutads.info
Please note that rejecting cookies may limit the functionality of our website.
Further information on Google advertising and data protection can be found here:
https://policies.google.com/technologies/ads
13) Rights of the Data Subject
13.1 Applicable data protection law grants you comprehensive rights regarding the processing of your personal data, including:
-
Right of access (Art. 15 GDPR): You have the right to obtain information about your personal data processed by us, purposes of processing, categories of personal data, recipients, planned storage duration, rights to rectification, erasure, restriction, objection, complaint, data origin, automated decision-making (including profiling) and meaningful information about the logic involved, and safeguards under Art. 46 GDPR for transfers to third countries.
-
Right to rectification (Art. 16 GDPR): You have the right to have inaccurate personal data corrected without undue delay and incomplete data completed.
-
Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data if the requirements of Art. 17(1) GDPR are met, unless processing is necessary for freedom of expression and information, compliance with a legal obligation, public interest, or the establishment/exercise/defense of legal claims.
-
Right to restriction of processing (Art. 18 GDPR): You have the right to request restriction of processing if you contest the accuracy of your data, if processing is unlawful and you oppose deletion, if you need your data for legal claims, or if you object due to your particular situation pending verification of our overriding legitimate grounds.
-
Right to be informed (Art. 19 GDPR): If you have exercised rights to rectification, erasure, or restriction, we must inform recipients of these changes unless this is impossible or involves disproportionate effort. You have the right to be informed about these recipients.
-
Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, machine-readable format or to request transmission to another controller where technically feasible.
-
Right to withdraw consent (Art. 7(3) GDPR): You may withdraw your consent at any time with effect for the future. Upon withdrawal, we will delete the data unless another legal basis permits continued processing. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
-
Right to lodge a complaint (Art. 77 GDPR): If you believe processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work, or place of the alleged infringement.
13.2 Right to object
If we process your personal data on the basis of our overriding legitimate interest as part of a balancing of interests, you have the right at any time to object to this processing for reasons arising from your particular situation, with effect for the future.
If you exercise your right to object, we will stop processing the data concerned. However, further processing remains reserved if we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if processing serves the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing. You can exercise your objection as described above.
If you object, we will stop processing your personal data for direct marketing purposes.
14) Duration of Storage of Personal Data
The duration of storage of personal data is determined by the respective statutory retention period (e.g., commercial and tax retention periods). After the retention period expires, the relevant data is routinely deleted, provided it is no longer necessary for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in continued storage.