DATA PROTECTION
1) Introduction and Contact Details of the Controller
1.1
In the following, we inform you about the handling of your personal data when using our website. Personal data means all data by which you can be personally identified.
1.2
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Marin & Milou GmbH – Mittelweg 121 – 20148 Hamburg – Germany
Email: service@marin-milou.com – Tel.: +49 (0) 40 / 5247282-10
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
1.3
For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” and the lock symbol in your browser.
2) Hosting & Content Delivery Network
2.1 Shopify
For hosting our website and displaying page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).
Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorised disclosure to third parties.
In the case of data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
3) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files stored on your device. Some cookies are deleted automatically after closing the browser (session cookies), others remain stored longer (persistent cookies). The storage duration can be found in your browser’s cookie settings.
Where personal data is processed via cookies, this is done in accordance with Art. 6 (1) (b) GDPR for contract performance, Art. 6 (1) (a) GDPR based on consent, or Art. 6 (1) (f) GDPR to safeguard our legitimate interests in providing an optimal website experience.
You can configure your browser to be informed about cookie settings and decide individually on their acceptance or exclude cookies entirely.
Please note that disabling cookies may limit website functionality.
4) Contacting Us
When contacting us (e.g. via contact form or email), personal data is processed solely for the purpose of handling and responding to your request and only to the extent necessary.
The legal basis is our legitimate interest in responding to your inquiry pursuant to Art. 6 (1) (f) GDPR. If your request relates to a contract, Art. 6 (1) (b) GDPR also applies. Data will be deleted once the matter has been fully resolved and no legal retention obligations apply.
5) Customer Account
Personal data is collected and processed to the extent necessary when you open a customer account, pursuant to Art. 6 (1) (b) GDPR.
You may delete your account at any time by contacting the controller. Data will be deleted provided all contracts are completed, statutory retention periods have expired, and no legitimate interest in further storage exists.
6) Use of Data for Direct Marketing
6.1 Newsletter Registration
When subscribing to our newsletter, we send regular updates about our offers. Mandatory information is your email address. We use a double opt-in process.
By activating the confirmation link, you consent to data processing pursuant to Art. 6 (1) (a) GDPR. IP address and registration time are stored to prevent misuse.
You may unsubscribe at any time via the link in the newsletter or by contacting us. Your email address will then be deleted unless further legal use is permitted.
6.2 Existing Customers
If you have provided your email address when purchasing goods or services, we may send offers for similar products based on Art. 6 (1) (f) GDPR (§ 7 (3) UWG).
You may object at any time.
7) Order Processing
7.1
Data is shared with shipping and payment providers as necessary under Art. 6 (1) (b) GDPR.
7.2 DHL
We use: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.
Email and/or phone may be shared for delivery coordination based on consent (Art. 6 (1) (a) GDPR). Otherwise, only name and address are transmitted.
Consent may be withdrawn at any time.
8) Web Analytics
8.1 Google Analytics 4
We use Google Analytics 4 by Google Ireland Limited, Dublin, Ireland. Data may be transferred to the USA.
Processing occurs only with consent under Art. 6 (1) (a) GDPR. IP addresses are anonymised. Data is stored for 2 months.
8.2 Google Tag Manager
Used for managing tracking tools. No data storage, but IP transmission may occur.
8.3 Shopify Analytics
We use Shopify analytics for statistical analysis and heatmaps. Data is pseudonymised and processed only with consent.
9) Storage Duration
Personal data is stored only as long as necessary for the respective purpose or legal retention periods.
Where consent is the legal basis, data is stored until consent is withdrawn. Where legitimate interests apply, storage continues until objection under Art. 21 GDPR.
After purpose fulfilment or expiry of legal obligations, data is deleted.