Data Privacy

Responsible for data processing is:

gitti GmbH

Schönhauser Allee 43a
10435 Berlin
Germany
datenschtutz@gitti.de

We are pleased about your interest in our online shop. Protecting your privacy is very important to us. Below, we inform you in detail about how your data is handled.

1. Access data and hosting

You can visit our websites without providing personal information. Each time a webpage is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, amount of data transferred, and the requesting provider (access data), and documents the access. These access data are evaluated exclusively for the purpose of ensuring the smooth operation of the site and improving our offering. This serves to safeguard our legitimate interests in a correct presentation of our offering pursuant to Art. 6 (1) sentence 1 lit. f GDPR. All access data are deleted no later than seven days after the end of your visit.

Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided on this website are processed on their servers. For questions about our service providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

Our service providers are located in countries for which the European Commission has determined an adequate level of data protection: Canada
Our service providers are located in the following countries: USA
For these countries, no adequacy decision by the European Commission exists. Our cooperation is based on these guarantees: Standard Contractual Clauses of the European Commission.

2. Data processing for contract processing, contacting and opening a customer account

We collect personal data when you voluntarily provide it to us as part of your order or when contacting us (e.g., via contact form or email). Mandatory fields are marked as such because in these cases we require the data for contract processing or handling your inquiry, and without providing them you cannot send the order or contact request. The data collected can be seen from the respective input forms. We use the data you provide to process contracts and handle your inquiries in accordance with Art. 6 (1) sentence 1 lit. b GDPR.

If you have given your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR by deciding to open a customer account, we use your data for this purpose. Further information on the processing of your data, particularly regarding the transfer to our service providers for order, payment, and shipping processing, can be found in the following sections of this privacy policy.

After full completion of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiration of tax and commercial retention periods pursuant to Art. 6 (1) sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6 (1) sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

You can delete your customer account at any time by sending a message to the contact option described in this privacy policy or via a function provided in the customer account.

3. Data processing for the purpose of shipment handling

To fulfill the contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with delivery, insofar as this is necessary for the delivery of ordered goods.

Transfer of data to shipping service providers for shipment notification: If you have given us your express consent during or after your order pursuant to Art. 6 (1) sentence 1 lit. a GDPR, we will pass on your email address and telephone number to the selected shipping service provider so that they can contact you before delivery for notification or coordination purposes.

You may revoke your consent at any time by contacting us or directly contacting the shipping provider. After revocation, we will delete your data unless you have consented to further use or we are legally permitted to use it.

Zenfulfillment GmbH
c/o gitti (PO to be requested from gitti)
Tor 19/20/21
Sülzenbrücker Str. 7
D-99192 Apfelstädt

United Parcel Service Deutschland S.à r.l. & Co. OHG
Görlitzer Straße 1
41460 Neuss
Germany

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

FedEx Express Deutschland GmbH
Langer Kornweg 34k
65451 Kelsterbach

post AT
Österreichische Post Aktiengesellschaft
Headquarters
1030 Vienna

Use of specialist service providers for order processing and fulfilment. Order fulfilment may also be carried out by a so-called fulfilment provider. Your name, address, all or part of the items you have ordered, and, where applicable, further personal data will be passed on to the fulfilment provider in accordance with Article 6(1)(b) of the GDPR exclusively for the purpose of processing the online order. Your data will only be passed on to the extent that this is actually necessary for the processing of the order, i.e. the performance of the contract; Consequently, the legal basis for data processing is Article 6(1)(b) of the GDPR (performance of a contract) and our legitimate interest in the fastest and most effective possible processing of the purchase within the meaning of Article 6(1)(f) of the GDPR.

4. Data processing for payment handling

We cooperate with technical service providers, financial institutions, and payment service providers for payment processing.

4.1 Data processing for transaction processing

Depending on the payment method selected, we pass on the data necessary for processing the payment transaction to our technical service providers, who act on our behalf under a data processing agreement, or to the designated banks or the selected payment service provider, insofar as this is necessary to process the payment. This serves the purpose of fulfilling the contract in accordance with Article 6(1)(b) of the GDPR. In some cases, the payment service providers collect the data required to process the payment themselves, e.g. on their own website or via a technical integration into the ordering process. In such cases, the privacy policy of the respective payment service provider applies.

If you have any questions regarding our payment processing partners and the basis of our cooperation with them, please use the contact details provided in this privacy policy.

4.2 Data processing for the purpose of fraud prevention and optimisation of our payment processes

Where necessary, we may provide our service providers with additional data, which they use, together with the data required to process the payment, in their capacity as our data processors for the purposes of fraud prevention and optimising our payment processes (e.g. invoicing, handling disputed payments, and supporting our accounting functions). This serves, in accordance with Article 6(1)(f) of the GDPR, to safeguard our legitimate interests, which prevail following a balancing of interests, in protecting ourselves against fraud and in ensuring efficient payment management.

4.3 Identity and credit check when selecting Klarna payment services

Klarna Pay now (direct debit), Klarna Pay later (purchase on account), Klarna Slice it (instalment plan). If you choose to use the payment services provided by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter ‘Klarna’), we ask for your consent in accordance with Article 6(1)(a) of the GDPR to allow us to transfer the data necessary for processing the payment and for identity and credit checks to Klarna. In Germany, the credit reference agencies listed in Klarna’s privacy policy [https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy] may be used for identity and credit checks. Klarna uses the information regarding the statistical probability of payment default to make a balanced decision on the establishment, performance or termination of the contractual relationship. You may withdraw your consent at any time by sending a message to the contact details provided in this privacy policy. This may result in us no longer being able to offer you certain payment options. You may also withdraw your consent to this use of personal data at any time by contacting Klarna directly.

5. Advertising by e-mail

5.1 Canvassing existing customers by e-mail

When you make a purchase from us, we also use your contact details to send you further information about our products that is relevant to you via email (“marketing to existing customers”). This may include, in particular, new products, promotions and offers, as well as feedback and other surveys.

The legal basis for this data processing is Article 6(1)(f) of the GDPR in conjunction with Section 7(3) of the German Unfair Competition Act (UWG), according to which data processing is permitted for the purposes of legitimate interests, insofar as this concerns the storage and further use of data for advertising purposes.

In order to be able to provide you exclusively with relevant offers as part of the existing customer newsletter, customer segmentation is also carried out using the data you provided when placing your order. The legal basis for this processing is our aforementioned legitimate interest pursuant to Article 6(1)(f) of the GDPR.

You may object to the use of your data for advertising purposes at any time by clicking on the relevant link in the emails or by contacting us using the contact details provided above (e.g. by email or letter), without incurring any costs other than the transmission costs in accordance with standard rates.

5.2 E-mail newsletter with registration

When you subscribe to our newsletter, we use the data required for this purpose or provided separately by you to send you our email newsletter on a regular basis, based on your consent in accordance with Article 6(1)(a) of the GDPR. You may unsubscribe from the newsletter at any time, either by contacting us via the details provided below or by clicking on the link provided for this purpose in the newsletter. Once you have unsubscribed, we will delete your email address from the recipient list, unless you have expressly consented to the further use of your data in accordance with Article 6(1)(a) of the GDPR, or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

5.3 Newsletter dispatch

The newsletter may also be sent by our service providers as part of processing carried out on our behalf. If you have any questions about our service providers or the basis of our cooperation with them, please use the contact details provided in this privacy policy.

Our service provider, Klaviyo Inc. (https://www.klaviyo.com/legal), can measure and analyse the reach of our newsletters. We can also see whether a newsletter message has been opened and which links, if any, have been clicked. This enables us, amongst other things, to determine which links were clicked particularly often and were of particular interest to you and others. Furthermore, we can identify whether, after opening or clicking, certain predefined actions, such as a purchase, were carried out (conversion rate). In addition, Klaviyo enables us to segment newsletter recipients into different categories and form so-called clusters. Newsletter recipients can be segmented according to various criteria. In this way, the distribution of a newsletter can be better tailored to the respective target groups. Klaviyo is based in the USA (125 Summer Street, Boston, MA 02110 / USA) and processes your data on our behalf. This may also take place in the USA.

When using Klaviyo, personal data may be transferred to the USA. Klaviyo is listed and certified under the EU-US Data Privacy Framework. This ensures an adequate level of data protection within the meaning of Article 45 of the GDPR. Further information can be found at: https://www.dataprivacyframework.gov/list. In addition, we have concluded a Data Processing Agreement (including EU Standard Contract Clauses) with Klaviyo in accordance with Article 28 of the GDPR, which can be found here.

You may withdraw your consent to receive the newsletter at any time with future effect, e.g. via the unsubscribe link in every email or by sending us a message to this effect: datenschutz@gitti.de.

If you contact us via advertisements (e.g. via Google Ads or Meta Ads services), the data collected in the process (e.g. email address) may be transferred to our e-mail marketing system (Klaviyo) and merged with existing data. This serves the purpose of optimising our marketing activities and better tailoring content to your interests. This may also involve the creation of user profiles. Processing takes place exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR, which you may withdraw at any time with future effect.

5.4 Canvassing existing customers by post

If you have entered into a contract with us, we will list you as an existing customer. In this case, we process your postal contact details in order to send you information about new products and services by post. The legal basis for this is Article 6(1)(f) of the GDPR in conjunction with Section 7(3) of the Unfair Competition Act. You may object to the use of your data for marketing purposes at any time by contacting us via the contact details provided above (e.g. by email or letter), without incurring any costs other than the transmission costs charged at standard rates.

6. Cookies and other technologies

6.1 General information

In order to make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser on your next visit (persistent cookies).
We use such technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping cart function). These technologies collect and process IP address, time of visit, device and browser information as well as information on your use of our website (e.g. information on the contents of the shopping basket). This serves in the context of a balancing of interests of overriding legitimate interests in an optimised presentation of our offer in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO.
In addition, we use technologies to fulfil the legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for the data processing, can be found in the following sections of this privacy policy.
You can find the cookie settings for your browser at the following links:Microsoft Edge™ [https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies] / Safari™ [https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14] / Chrome™ [https://support.google.com/chrome/answer/95647?hl=de&hlrm=en] / Firefox™ [https://support.mozilla.org/de/products/firefox/protect-your-privacy/cookies] / Opera™ [https://help.opera.com/de/latest/web-preferences/#cookies
Insofar as you have consented to the use of the technologies in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy Alternatively, you can also access the following link: https://www.gitticonsciousbeauty.de/policies/privacy-policy. If you do not accept cookies, the functionality of our website may be limited.

6.2 GDPR Legal Cookie Consent Management

On our website, we use the GDPR Legal Cookie App from Hyghstreet GmbH to inform you about the cookies and other technologies we use on our website, and to obtain, manage and document your consent – where required – to the processing of your personal data by these technologies. This is necessary in accordance with Article 6(1)(c) of the GDPR to fulfil our legal obligation under Article 7(1) of the GDPR to be able to demonstrate your consent to the processing of your personal data, to which we are subject. GDPR Legal Cookie is a service provided by Hyghstreet GmbH, Friedrich-Mohr-Str. 1, 56070 Koblenz, Germany, which processes your data on our behalf.

Once you have submitted your cookie consent on our website, the GDPR Legal Cookie web server stores your anonymised IP address, the date and time of your consent, browser information, the URL from which the consent was submitted, information regarding your consent behaviour, and an anonymous random key. In addition, a cookie is used that contains the information regarding your consent behaviour and the key. Your data will be deleted after twelve months, unless you have expressly consented to the further use of your data in accordance with Article 6(1)(a) of the GDPR, or we reserve the right to use your data beyond this period, which is permitted by law and about which we inform you in this declaration.

7. Use of cookies and other technologies for web analysis and advertising purposes

Insofar as you have given your consent to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, we use the following cookies and other third-party technologies on our website. After the end of the purpose and the end of the use of the respective technology, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your revocation options can be found in the section "Cookies and other technologies". Further information including the basis of our cooperation with the individual providers can be found in the individual technologies. If you have any questions about the providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

7.1 Use of Google services

We use the technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), as described below. The information automatically collected by Google technologies about your use of our website is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on the standard data protection clauses of the European Commission. If your IP address is collected via Google technologies, it will be shortened before being stored on Google's servers by activating IP anonymisation. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise stated for the individual technologies, data processing is carried out on the basis of an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 DSGVO. Further information on data processing by Google can be found in Google's privacy policy [https://policies.google.com/privacy?hl=de].

Google Analytics

We use Google Analytics 4 on our website, a web analytics service provided by Google Ireland
Limited, Gordon House, Barrow Street, Dublin 4, Irelandhereinafter: "Google")
In this context, pseudonymous usage profiles are created and cookies are used. The information generated by the cookie about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is usually transmitted to Google servers in the USA and processed there.

Google Analytics is used within the scope of your consent according to (Art. 6 para. 1 sentence
1 lit. a DSGVO in connection with § 25 para. 1 TDDSG) in the analysis and optimisation of our
online offer as well as the economic operation of this websiteTherefore, Google processes the
information on our behalf in order to evaluate the use of the website, tocompilereports on
website activities and toprovide usfurtherservices associateduse of the website and the
internet for the purposes of market research and
designing these internet pages to meet our needs

We have concluded an order processing contract with Google for the use of Google Analytics. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject. The IP address processed by Google Analytics is automatically shortened. In doing so, the last three digits of your IP address are replaced by a "0", which prevents attribution. If necessary, the collected data will be transferred to third parties if this is required by law or if third parties process this data on behalf. The user data collected via cookies is automatically deleted after 2 months. Note: The information generated by the cookies about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transmitted to Google servers in the USA and processed there. The USA are so-called unsafe third countries. This means that there is no adequacy decision by the European Commission for the USA. Your data is therefore not subject to a level of data protection in the USA comparable to that in the EU. Google relies on the transmission of standard contractual clauses approved by the EU Commission as a guarantee of a level of data protection comparable to that in the EU. You can obtain a copy of the standard contractual clauses here. You can revoke or adapt your consent at any time with effect for the future. Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help. Information on Google's use of data can be found in their privacy policy.

For web analysis, the Google Analytics Google Signals extension function enables so-called "cross-device tracking". Insofar as your internet-enabled devices are linked to your Google account and you have activated the "personalised advertising" setting in your Google account, Google can generate reports on your usage behaviour (in particular cross-device user figures), even if you change your terminal device. We do not process personal data in this respect; we only receive statistics generated on the basis of Google Signals.

For web analysis and advertising purposes, the extension function of Google Analytics enables the so-called DoubleClick cookie to recognise your browser when you visit other websites. Google will use this information to compile reports on website activity and to provide other services related to website usage.

Google Ads

For advertising purposes in Google search results as well as on third-party websites, the so-called Google Remarketing Cookie is set when you visit our website, which automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information as well as information on your use of our website) and by means of a pseudonymous cookie ID and on the basis of the pages you visit. Any further data processing will only take place if you have activated the "personalised advertising" setting in your Google account. In this case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.

For website analysis and event management, we measure your subsequent usage behaviour via Google Ads Conversion Tracking if you have reached our website via an advertisement from Google Ads. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information as well as information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter) may be collected, from which usage profiles are created using pseudonyms.

Google Recaptcha

For the purpose of protecting against misuse of our web forms and spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information and information on your use of our website) and analyses your use of our website by means of a so-called JavaScript and cookies. In addition, other cookies stored by Google services in your browser are evaluated. No personal data is read or stored from the input fields of the respective form.

Klar Attribution

We use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany) on our website. Klar, collects, processes and stores data on this website and its subpages for reach measurement, statistical analysis.
This collection takes place on the following legal basis:

The user has given his consent in accordance with Article 6 (1) sentence 1 a GDPR and Section 25 (1) sentence 1 TTDSG, the data to be processed will be collected on a user-specific basis.

For the aforementioned different types of collection, different cookies are used to ensure the respective type of collection.

Objection

To object to the use of Klar in principle, please use this Link. This will set a cookie with the name "do_not_track" from the domain "gitticonsciousbeauty.com". Please do not delete it, otherwise we cannot guarantee that you will not be tracked by Klar.
Information on data protection and data use can be found on the following website of Klar: https://www.getklar.com/data-protection.

7.2 Use of meta services

Use of Meta Pixel

We use the Meta Pixel as part of the technologies of Meta Platforms Ireland Ltd [https://about.meta.com/de/metaverse/], 4 Grand Canal Square, Dublin 2, Ireland ("Meta") described below. The Meta Pixel automatically collects and storesdata (IP address, time of visit,device and browser information as well as information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter, from which usage profiles are created using pseudonyms. In the context of so-called extended data matching, information that can be used to identify individuals (e.g. names, e-mail addresses and telephone numbers) is also collected and stored in hashed form for matching purposes. To this end, when you visit our website, the Meta Pixel automatically sets a cookie which, by means of a pseudonymous cookie ID, enables your browser to be recognised when you visit other websites. Meta will combine this information with other data from your Meta account and use it to compile reports on website activity and to provide other services related to website use, in particular personalised and group-based advertising.
The information automatically collected by Meta Technologies about your use of our website is usually transmitted to and stored by Meta Platforms, Inc. on a server at 1601 Willow Road, Menlo Park, California 94025, USA. There is no adequacy decision of the European Commission for the USA. If the transfer of data to the USA falls within our responsibility, our cooperation is based on standard data protection clauses of the European Commission. Further information on data processing by Facebook can be found in Facebook's privacy policy [https://www.facebook.com/privacy/policy/].

Meta Analytics

As part of Meta Analytics, statistics on visitor activity on our website are created from the data collected with the Meta Pixel about your use of our website. The data processing is carried out on the basis of an agreement on commissioned processing by Meta. Their analysis serves the optimal presentation and marketing of our website.

Meta Platform Ads

We advertise this website on Meta as well as on other platforms via Meta Ads. We determine the parameters of the respective advertising campaign. Meta is responsible for the exact implementation, in particular the decision on the placement of the ads with individual users. Unless otherwise stated for the individual technologies, data processing is carried out on the basis of an agreement between joint controllers pursuant to Art. 26 DSGVO. The joint responsibility is limited to the collection of the data and its transmission to Meta. The subsequent data processing by Meta is not covered by this.
On the basis of the statistics on visitor activity on our website compiled via Meta Pixel, we operate group-based advertising on Meta via Meta Custom Audience by determining the characteristics of the respective target group and in order to display the Meta Ads placed by us only to those Meta users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the web pages visited), which we transmit to Meta (so-called "Meta Custom Audiences"). This allows us to ensure that our Meta Ads match the potential interest of users and are not harassing. In addition, we can evaluate the effectiveness of the meta ads for statistical and market research purposes by tracking whether a user was redirected to our website after clicking on a meta ad (so-called "conversion").

The data collected is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the Meta Platform Data Usage Policy (https://www.facebook.com/about/privacy/). The data may enable Meta and its partners to place advertisements on and outside of Meta.

Based on the pseudonymous cookie ID set by the Meta Pixel and the data collected about your usage behaviour on our website, we operate personalised advertising via Meta Pixel remarketing.

The data processing associated with the use of the meta pixel is only carried out with your express consent in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future.

7.3 Other providers of web analytics and online marketing services

Use of Hotjar for web analysis

For the purpose of website analysis, technologies provided by Hotjar [https://www.hotjar.com]Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta ("Hotjar") automatically collect and store data (IP address, time of visit, device and browser information as well as information on your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. The pseudonymised usage profiles are not combined with personal data about the bearer of the pseudonym without your express consent, which must be given separately. Hotjar acts on our behalf.

Use of Pinterest tag for web analysis and advertising purposes

For web analytics and advertising purposes on Pinterest and third party websites, when you visit our website, Pinterest Europe Ltd [https://www.pinterest.de/]., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest") automatically collects and processes data (IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter) and enables interest-based advertising by means of a pseudonymous cookie ID and based on the pages you visit. The data collected is used to create pseudonymous usage profiles. Pinterest will combine this information with other data from your Pinterest account and use it to compile reports on website activity and to provide other services related to website use. We have no influence on the data processing by Pinterest and only receive statistics generated on the basis of Pinterest Tag. In this way, we measure your subsequent usage behaviour for website analysis and event tracking if you have arrived at our website via an advertisement from Pinterest. The information automatically collected by Pinterest is usually transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. The data processing takes place on the basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO.

Criteo Building Block

We use the retargeting technology of Criteo SA, 32 Rue Blanche, 75009 Paris. This enables us to show you advertisements on third-party sites (so-called publishers) for products that you have viewed on our website or in the shop. For this purpose, Criteo collects information about your usage behaviour through the use of tracking technologies (e.g. cookies that are placed in your browser), as well as through the use of advertising IDs in environments that do not support cookies - for example, apps. These technologies enable Criteo to identify and analyse trends and purchase interest, and to identify the interests of individual users in relation to websites and apps, thereby tagging visitors to its partners' websites and apps. The identification of users is done by assigning a technical, unique ID. Criteo, on the other hand, does not collect any personal data that makes identification possible, such as names or addresses. Criteo only analyses the products viewed or the search behaviour and the pages visited on the websites of partners for which Criteo delivers advertising. In order to deliver personalised interest-based advertising to you, Criteo may synchronise the IDs of the different browsers you use. ("ID synchronisation") and is thus able to always show you the most relevant ads - regardless of the browser or end device used - without Criteo having to collect and process personal data such as names or addresses for this purpose. For this purpose, Criteo uses linking methods based on the technical data collected by means of the Criteo technologies used; among other things, the user is recognised pseudonymously by means of an encrypted (non-recoverable) e-mail address. Further information: https://www.criteo.com/de/privacy/how-criteo-services-work-across-environments/

You can find more information about Criteo's data protection at https://www.criteo.com/de/privacy/.

The legal basis for this data processing is Article 6(1)(a) DSGVO.

We only use the cookies required for this service (so-called marketing cookies) with your consent. You can object to the processing of your data for the pseudonymous analysis of your surfing behaviour by Criteo at any time by using the following link to opt out: at https://www.criteo.com/de/privacy/ or by revoking your consent in the preferences and settings under "Cookie settings".

We use the retargeting technology of Criteo SA, 32 Rue Blanche, 75009 Paris. This enables us to show you advertisements on third-party sites (so-called publishers) for products that you have viewed on our website or in the shop. To do this, Criteo collects information about your usage behaviour through the use of tracking technologies (e.g. cookies placed in your browser), as well as through the use of advertising IDs in environments that do not support cookies - for example, apps. These technologies enable Criteo to identify and analyse trends and purchase interest, and to identify the interests of individual users with respect to websites and apps, thereby tagging visitors to its partners' websites and apps. Users are tagged by assigning them a technical, unique ID. Criteo, on the other hand, does not collect any personal data that makes identification possible, such as names or addresses. Criteo only analyses the products viewed or the search behaviour and the pages visited on the websites of partners for which Criteo delivers advertising. In order to deliver personalised interest-based advertising to you, Criteo may synchronise the IDs of the different browsers you use. ("ID synchronisation") and is thus able to always show you the most relevant ads - regardless of the browser or end device used - without Criteo collecting and processing personal data such as names or addresses for this purpose. For this purpose, Criteo uses linking methods based on the technical data collected by means of the Criteo technologies used, among other things, the user is recognised pseudonymously by means of an encrypted (non-recoverable) e-mail address. Further information:

https://www.criteo.com/de/privacy/how-criteo-services-work-across-environments/ Further information on data protection at Criteo can be found at https://www.criteo.com/de/privacy/. The legal basis for this data processing is Article 6(1)(a) DSGVO. We only use the cookies required for this service (so-called marketing cookies) with your consent. You can object to the processing of your data for the pseudonymous analysis of your surfing behaviour by Criteo at any time by using the following unsubscribe link: at https://www.criteo.com/de/privacy/ or revoke your consent in the preferences and settings under "Cookie settings".

Use of Mable for web analysis and advertising purposes

On our website we have integrated a tool from Mable GmbH, Kaiserstraße 88, 76133 Karlsruhe. (hereinafter referred to as "Mable"). Mable enables us, in the interest of the user and to improve the user experience, to better analyse and control our data flows, in particular which data is passed on to third parties. It also allows us to independently evaluate this data according to our criteria. When we work with certain partners, e.g. for the purpose of online marketing, this often requires the integration of code components that result in a direct server connection and the collection of personal data of our website users by the partner, which may not be controllable by us. In this case, we often have no control over the data collected by third parties or the data flows. Mable allows us to embed partners without integrating their code into our website. In this case, a direct server connection to the website users by the third party is not required, but instead of the direct server connection, the partner only receives aggregated data, if any, from us.

Gorgias Customer Support Platform

We use the “Gorgias” tool from Gorgias Inc., 180 Sansome St, Suite 1800, San Francisco, CA 94014, USA, on our website to process customer enquiries and organise our customer service. Gorgias enables us to centrally manage and efficiently process support enquiries via various channels (e.g. email, chat or social media). In doing so, personal data is processed, in particular your name, email address, order information and the content of the communication. The processing is carried out for the purpose of taking pre-contractual measures and for the performance of a contract in accordance with Article 6(1)(b) of the GDPR, and – in particular when using chat or tracking functions – on the basis of your consent in accordance with Article 6(1)(a) of the GDPR.
As part of its functionality, Gorgias accesses data from our Shopify shop (e.g. order and customer data) to enable the swift and effective processing of support enquiries. The data may be processed on servers outside the European Union, in particular in the USA. In such cases, data transfer takes place on the basis of appropriate safeguards in accordance with Article 44 et seq. of the GDPR (e.g. standard contractual clauses). We have entered into a data processing agreement with the provider in accordance with Article 28 of the GDPR. Data is stored only for as long as is necessary to process the relevant enquiry and to comply with statutory retention obligations.& You may withdraw your consent at any time with future effect by adjusting your cookie settings. Further information on data processing by Gorgias can be found in the provider’s privacy policy at https://www.gorgias.com/legal/privacy

Zenloop customer feedback

For the purposes of customer and product evaluations by our customers and for our own quality management, we use the personal data provided by you as part of the purchase, such as the e-mail address to request an evaluation of your order via the evaluation system used by us.
By agreeing to this privacy policy at the end of the ordering process, you consent to us sending you an e-mail to the e-mail address you have provided with a request to submit a rating after your order has been processed. You can revoke this consent at any time by sending an informal message by e-mail to datenschutz@gitti.de.

Zenloop as data processor

We work with zenloop GmbH, Erich-Weinert-Strasse 145, 10409 Berlin. zenloop is a business-to-business software-as-a-service platform that allows us to collect and analyse feedback from our customers through various channels. This allows us to align and improve our offering to the needs of our customers. In addition, zenloop collects your survey responses.
The legal basis for data processing by zenloop is Art. 6 para. 1 lit. f DSGVO.
We have concluded a commission processing agreement with zenloop in accordance with Art. 28 (3) DSGVO and are satisfied that zenloop implements appropriate technical and organisational measures in such a way that the processing is carried out in accordance with the requirements of the DSGVO and the protection of your rights is guaranteed
You can find more information on this in the privacy policy at www.zenloop.com.

Zenloop Forwarding of respondents (promoters) to rating portals/review platform

You can be redirected to a review platform after submitting your review, where you can post your review publicly

Trustpilot

gitti GmbH may contact you by email to invite you to rate services and/or products you have received from us [in order to collect your feedback and improve our services [and products]] (the "Purpose").
We use an external company, Trustpilot A/S ("Trustpilot"), to collect your feedback, which means that we share your name, email address and reference number with Trustpilot for this purpose. If you would like to read more about how Trustpilot processes your data, you can find their privacy policy here: https://uk.legal.trustpilot.com/for-reviewers/end-user-privacy-terms.
gitti GmbH may also use such reviews in other promotional materials and media for our advertising and promotional purposes.

Salesforce

To website analysis, technologies of Salesforce, Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States are used, among other things for the administration of our customer database (CRM) and for internal analyses of daily performance. The data processing associated with the use of Salesforce is only carried out with your express consent in accordance with Art. 6 para. 1 lit. a GDPR and only for as long as it is required for the purpose. You can revoke your consent at any time with effect for the future. Data processing is carried out based on an order processing agreement that we have concluded with Salesforce. Further information on the use of Salesforce can be found in Salesforce's privacy policy: https://www.salesforce.com/company/privacy/

Karla

We use the AI-based chat and advisory service Klara AI (gokarla.io) on our website to answer enquiries automatically, provide product recommendations, and improve our customer service. In doing so, the content of your inputs, usage data (e.g. time and duration), technical data (e.g. IP address, browser, device), and any personal data you voluntarily provide may be processed and transmitted to the provider. Processing is carried out on the basis of your consent in accordance with Art. 6(1)(a) GDPR. A data processing agreement has been concluded with the provider in accordance with Art. 28 GDPR, and any transfer to third countries is carried out on the basis of appropriate safeguards (e.g. standard contractual clauses). Data is stored only for as long as necessary for the stated purposes or as required by statutory retention obligations. You may object to the processing at any time or withdraw any consent given with effect for the future. Further information is available at https://www.gokarla.io/en/privacy. Please note: your inputs are processed by an AI system — please do not enter any sensitive personal data (e.g. health or banking information).

Shoplift

We use the “Shoplift” tool on our website to analyse user behaviour and to carry out A/B tests in order to optimise our online offering. The service provider is Plurality Digital Inc., 712 Fifth Ave., Floor 7, New York, NY 10019 (hereinafter “Shoplift”).

Shoplift enables us to test and evaluate different versions of our website in order to improve usability and conversion rates. In particular, information about user behaviour is collected and processed, such as page views, click behaviour, time spent on pages, and technical information about the device and browser used.

Processing is carried out solely on the basis of your consent in accordance with Article 6(1)(a) of the GDPR, provided you have given this via our consent banner. Without your consent, Shoplift will not be activated.

The data collected by Shoplift may be processed on servers outside the European Union, particularly in the United States. In such cases, data transfers take place on the basis of appropriate safeguards pursuant to Articles 44 et seq. of the GDPR, in particular through the use of standard contractual clauses. We have concluded a data processing agreement with the provider in accordance with Article 28 GDPR.

Data is stored and analysed only for as long as necessary to fulfil the purposes stated above.

You may withdraw your consent at any time with future effect by adjusting your cookie settings.

Further information on data processing by Shoplift can be found in the provider’s privacy policy: https://www.shoplift.ai/privacy-policy.

8. Social media

8.1 Social Plugins from Meta, Instagram, Pinterest, Whatsapp

Social buttons from social networks are used on our website. These are only integrated into the page as HTML links, so that no connection is established with the servers of the respective provider when our website is called up. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There you can click on the Like or Share button, for example.

8.2 Our online presence on Meta, Instagram, Youtube, Pinterest, Linkedin, TikTok

Insofar as you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, when you visit our online presences on the social media mentioned above, your data is automatically collected and stored for market research and advertising purposes, from which usage profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to the data protection notices of the providers linked below. Should you still require assistance in this regard, you can contact us.
Meta [https://www.facebook.com/about/privacy/]is an offer of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Meta") The information automatically collected by Meta about your use of our online presence on Meta is generally transmitted to a server of Meta Platforms, Inc, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation is based on standard data protection clauses of the European Commission. Data processing in the context of visiting a Meta Fanpage takes place on the basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. Further information (information on Insights data) can be found here [https://www.facebook.com/legal/terms/information_about_page_insights_data].
Instagram [https://help.instagram.com/519522125107875] is an offer of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Meta") The information automatically collected by Meta about your use of our online presence on Instagram is usually transmitted to a server of Meta Platforms, Inc, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation is based on standard data protection clauses of the European Commission. Data processing in the context of a visit to an Instagram fan page takes place on the basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. Further information (information on Insights data) can be found here [https://www.facebook.com/legal/terms/information_about_page_insights_data].
YouTube [https://policies.google.com/privacy?hl=de] is a service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our online presence on YouTube is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on the standard data protection clauses of the European Commission.
Pinterest [https://about.pinterest.com/de/privacy-policy]is an offer of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). The information automatically collected by Pinterest about your use of our online presence on Pinterest is generally transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on the standard data protection clauses of the European Commission.
LinkedIn [https://www.linkedin.com/legal/privacy-policy]is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is usually sent to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on the standard data protection clauses of the European Commission.
TikTok, Mailing Address: TikTok Inc, Attn: TikTok Legal Department 10100 Venice Blvd, Suite 401, Culver City, CA 90232, USA
Contact TikTok:https://www.tiktok.com/legal/report/privacy
Privacy Policy: https://www.tiktok.com/legal/privacy-policy

9 Contact options And your rights

As a data subject you have the following rights

* in accordance with Art. 15 of the GDPR, the right to request information about your personal data processed by us to the extent specified therein;
* in accordance with Art. 16 of the GDPR, the right to request without undue delay the rectification of inaccurate or incomplete personal data held by us;
* in accordance with Art17 DSGVO the right to request the erasure of your personal data stored by us, unless further processing * necessarythe exercise of the right to freedom of expression and information;
* for compliance with a legal obligation;
* for reasons of public interest or
* for the establishment, exercise or defence of legal claims;

pursuant to Art18 DSGVO the right to request the restriction of the processing of your personal data, insofar as * the accuracy of the data isdisputed
* the processing is unlawful, but you object to its erasure;
* we no longer need the data, but you require it for the assertion, exercise or defence of legal claims or
* youprocessingof your personal datapursuant to Art21 DSGVO to object to the processing;

* pursuant to Art. 20 DSGVO the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
* pursuant to Art. 77 DSGVO the right to lodge a complaint with a supervisory authorityAs a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of consent given or objection to a certain use of data, please contact us directly using the contact details in our imprint.

Data Protection Officer:

KOMADA Consult UG (haftungsbeschränkt)
c/o MTK3
Budapester Straße 5
10787 Berlin
koehler@komada.de

Right of objection

Where we process personal data as described above in order to safeguard our legitimate interests, which have been determined to override your interests following a balancing of interests, you may object to such processing with effect for the future. If the processing is carried out for direct marketing purposes, you may exercise this right at any time as described above. Where the processing is carried out for other purposes, you have a right to object only if there are grounds relating to your particular situation.
Once you have exercised your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves to establish, exercise or defend legal claims.
This does not apply if the processing is carried out for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

Popular

Bestseller Neuheiten Trendfarben

Bestseller