We take data protection seriously. The protection and security of your personal data, i.e. all data that can be related to you (hereinafter “personal data”), is our top priority.
That is why we treat all data that you entrust to us with the utmost care and in accordance with the applicable data protection regulations, namely the General Data Protection Regulation (hereinafter “GDPR”) and the Federal Data Protection Act (“BDSG”).
Below you will find out which of your data we collect, how and on what legal basis, for what purpose we use it, how we protect it and what rights you have with regard to its processing.
I. RESPONSIBLE BODY
The responsible body for the processing of your personal data when you visit our website at www.westwing.de or our app, including the sale of goods and the provision of the services we offer, as well as our Westwing accounts on the social media platforms “Facebook”, “Instagram”, “TikTok” and “Pinterest”, within the meaning of the GDPR, is:
Westwing GmbH,
Moosacher Straße 88,
80809 Munich, Germany,
Email address: service@westwing.de
(hereinafter “Westwing” or “we”).
Westwing and Westwing Group SE, Moosacher Straße 88, 80809 Munich, are also partly joint controllers. Against this background, Westwing and Westwing Group SE have determined in an agreement pursuant to Art. 26 GDPR which of them fulfills which data protection obligations.
II. DATA PROTECTION OFFICER
If you have any questions about data protection, you can contact our external data protection officer, Mr. Christian Volkmer, and his team at any time:
Mr. Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
Tel.: 0941 2986930
Fax: 0941 29869316
E-Mail: anfrage@projekt29.de
Website: www.projekt29.de
III. CATEGORIES OF PERSONAL DATA
The personal data collected when you visit our website, our app or our social media accounts may fall into the following categories:
Data collected when you browse our website or app, depending on which of our cookies you have consented to (e.g. login information, i.e. the date and time you logged into our website, language settings, products in your shopping cart, or data about your preferences, e.g. in relation to product categories),
• Data collected when you create your customer account (e.g. your name, your address, your email address, your desired form of address (if provided by you), your telephone number (if provided by you), your encrypted password for your customer account),
• Data processed in connection with your order (e.g. the products you have purchased or the services you have used and payment information sent to us),
• Data collected from you when you contact us (e.g. your name, your email address, your telephone number, your customer, order and item number, as well as any other information that you send to us),
• Data about you that we transmit in certain cases to our external service providers in order to communicate with you on our website and to personalize the communication (e.g. your name, your email address or products in which you are interested based on your surfing behavior),
• Data collected when you consent to receive newsletters, customer satisfaction surveys, product reminders and your behavior in relation to the content of our relevant advertising emails (e.g. opening the newsletter or clicking on a link in the newsletter),
• Data about you that we receive in certain cases from our cooperation partners (e.g. from credit agencies, technical service providers, debt collection service providers or payment service providers),
• Data that we process to participate in competitions (e.g. your name and email address),
• statistical or aggregated data on your usage behavior on our social media accounts,
• Information about you that we receive from a friend or other contact who wants to invite you to use our website or app (e.g. your email address).
IV. PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA
We use your personal data for various purposes, including:
• for the purpose of providing certain technical functions on our website (e.g. to store your goods in the shopping cart) and to protect our website,
• for the purpose of analyzing your behavior on our website in order to optimize our offering and our contributions and make them more interesting for you,
• for the purpose of creating a customer account,
• to execute and process orders for goods and services placed with us (e.g. for shipping goods),
• to contact you (e.g. to answer any questions you may have, to send you order confirmations and order notifications or to inform you about changes that are important to you, e.g. to the applicable General Terms and Conditions or this Privacy Policy),
• for advertising and marketing purposes (e.g. to send you our newsletter, to inform you about vouchers or special promotions, to remind you of your shopping cart history, to send you product evaluation and opinion surveys or for other similar promotional activities),
• for the processing of payments by us or our cooperation partners, for fraud checks by us or our cooperation partners and for debt collection by our cooperation partners,
• to participate in competitions,
• for statistical analysis of your behavior on our social media accounts in order to optimize our offer and our contributions for you,
• for the purpose of inviting a friend or other contact to use our website or app.
At no time do we process personal data of special categories pursuant to Art. 9 GDPR (such as health data or data about your religion), unless you provide us with information concerning you without being asked as part of your communication with our customer service.
If we wish to collect and process further personal data from you, we will inform you separately in advance and, if necessary, obtain your consent.
V. LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA
The processing of your personal data is always carried out on the basis of a statutory permission standard, namely either on the basis of your consent in accordance with Art. 6 Para. 1 a) GDPR, or our overriding legitimate interest in the processing in accordance with Art. 6 Para. 1 f) GDPR, or the fulfillment of the contract with you or the implementation of pre-contractual measures in accordance with Art. 6 Para. 1 b) GDPR or the fulfillment of a required legal obligation to which Westwing is subject in accordance with Art. 6 Para. 1 c) GDPR.
VI. RECIPIENTS OF YOUR PERSONAL DATA
Westwing remains at all times responsible for your personal data collected on our website, in our app or on our social media accounts.
Your data will only be passed on to third parties in the following cases, based on the legal regulations listed in each case:
• If a transmission of your personal data is necessary for the fulfilment or execution of your contract (Art. 6 para. 1 b) GDPR; this includes, for example, data transmissions to payment and logistics service providers or suppliers if they deliver to you directly), or
• if this is necessary to fulfil a legal obligation (Article 6 (1) (c) GDPR; this includes, for example, data transfers to government agencies and law enforcement authorities in order to comply with our statutory disclosure, information and statement obligations or to pursue recourse claims), or
• due to our predominantly legitimate interest or the predominantly legitimate interest of a third party (Art. 6 para. 1 f) GDPR; this includes, for example, data transfers within the framework of certain assignments of claims or for administrative purposes within the group of companies), or
• if we use external service providers, so-called processors, to process your personal data, who have been obliged to handle your data carefully and who act exclusively on our behalf and in accordance with our instructions (Art. 28 GDPR; this includes, for example, service providers who provide the technical infrastructure).
Apart from that, we will only transmit your personal data to third parties if you have given us your consent to the data transfer in question in accordance with Art. 6 Para. 1 a) GDPR, whereby you can revoke your consent at any time with effect for the future.
VII. DATA TRANSFER TO THIRD COUNTRIES
When transferring your personal data to third countries, i.e. external bodies outside the European Union (“EU”) and the European Economic Area (“EEA”), we ensure that the external bodies concerned treat your personal data with the same care as we do.
In addition, we only transfer your personal data to third countries for which the EU Commission has confirmed an adequate level of protection or if a comparable level of data protection as in the EU or EEA can be guaranteed through contractual agreements or other appropriate guarantees (Art. 45ff. GDPR).
VIII. DELETION OF YOUR PERSONAL DATA
Unless there are statutory retention periods (e.g. under commercial and tax law) to the contrary, we generally only store your personal data for as long as it is necessary for the respective purpose of processing or until you inform us that your personal data should be deleted.
Such tax or commercial retention periods apply, for example, to data related to your orders, such as invoices. The latter are kept for ten years, for example.
We will delete accounts of customers who have not actively used their account for more than six years.
We generally store so-called log files, which we collect when surfing our website for network security and abuse prevention, for 20 days and only in individual cases, if longer storage is necessary to investigate possible cyber attacks, fraud or abuse cases, for 180 days. Your data will then be deleted or anonymized in such a way that it can no longer be assigned to you as a person.
IX. DETAILS ON THE PROCESSING OF YOUR PERSONAL DATA ON OUR WEBSITE
1. DATA PROCESSING WHILE SURFING OUR WEBSITE
When you visit our website, the following technically required information is recorded and stored in so-called “server log files”. Your browser automatically transmits this information to us so that our website can be displayed in your browser and you can use our website:
• The IP address of your Internet service provider,
• the website from which you visit us and the websites you visit from our website,
• Date and time of access and crash data,
• Information about the browser and operating system used,
• Your email address that you use to register on our website,
• Identification numbers that are stored in so-called cookies or eTags on your device and which we can use to recognize your device on the website,
• Page and product views or clicks.
The processing or storage of your aforementioned access data or your IP address is necessary for technical reasons to provide and ensure system security on our website.
The processing or temporary storage of your technical access data is based on our overriding legitimate interest in accordance with Art. 6 Para. 1 f) GDPR, which consists in being able to provide you with a technically functioning and secure website.
The access data collected when you visit our website is only stored for the period of time for which this data is required to achieve the above purposes. The server log files are stored for a maximum of 180 days and then deleted.
2. DATA PROCESSING WHEN SETTING UP A CUSTOMER ACCOUNT
To create your customer account, we need your email address and a password of your choice. We also collect the following contact information: your name, your address, your desired form of address (if you have provided one), your telephone number (if provided).
Your email address serves as an access code for your customer account. After successful registration, you will automatically receive a confirmation email. You can update all information at any time in the personal area of the customer account (“My Account”).
The legal basis for this is Art. 6 (1) (b) GDPR, according to which the processing of personal data is permitted to fulfill a contract or to carry out pre-contractual measures.
We want to make your visit to our website as pleasant as possible by using the “stay logged in” function. This function allows you to use our services without having to log in again each time. Technically speaking, a cookie is stored on your device, which is used to ensure that you do not have to log in again on subsequent visits to our website. This function is not available to you if you have deactivated this cookie via the cookie settings or if you have deleted the cookie in your browser settings after logging out of our website.
3. DATA PROCESSING TO PROCESS YOUR ORDER
If you order something from us, the processing of your data serves to conclude and execute the contract and to process your order, including payment and delivery.
The legal basis for the associated data processing is Art. 6 (1) (b) GDPR, according to which the processing of personal data is permitted to fulfill a contract or to carry out pre-contractual measures.
We delete your personal data processed in the context of orders at the latest after expiry of the statutory retention periods or if you have not actively used your customer account for more than six years.
3.1. CHOOSING YOUR PREFERRED PAYMENT METHOD
Depending on your preferred payment method, the data required for this will be forwarded directly to the respective payment service provider. The respective payment service provider is responsible for your payment data.
If you do not agree with the payment methods offered to you, you can inform us of this in writing by email to service@westwing.de. We will then reconsider our decision, taking your point of view into account.
3.1.1. CREDIT CARD PAYMENT
When you pay by credit card, we receive the so-called payment ID and the last four digits of your credit card number from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland. These are used to authenticate and assign your order and to transmit it for your security. The personal data required to process the payment is collected directly by the above payment service provider.
The legal basis for the above data processing is Art. 6 Para. 1 b) GDPR, according to which processing is permitted for the purpose of fulfilling the contract, or Art. 6 Para. 1 f) GDPR, since our legitimate interest in offering you a secure credit card payment option outweighs our interests.
3.1.2. APPLE PAY
If you choose the Apple Pay payment method to pay for purchases directly via your bank account, we will receive the corresponding account details from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland. The personal data required to process and handle the payment will be collected directly by the aforementioned payment service provider.
The legal basis for the aforementioned data processing is Art. 6 Para. 1 b) GDPR, according to which the processing of the data is permissible for the performance of the contract or Art. 6 Para. 1 f) GDPR, since our legitimate interest in offering you a secure payment option via Apple Pay outweighs the other interests. You can find more information about data protection at Apple Pay on the Apple Pay website: https://support.apple.com/de-de/101554.
3.1.3. GOOGLE PAY
If you choose the Google Pay payment method to pay for purchases directly via your bank account, we will receive the corresponding account details from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland. The personal data required to process and handle the payment will be collected directly by the aforementioned payment service provider.
The legal basis for the aforementioned data processing is Art. 6 Para. 1 b) GDPR, according to which the processing of the data is permissible for the performance of the contract, or Art. 6 Para. 1 f) GDPR, since our legitimate interest in offering you a secure payment option with Google Pay outweighs our interests in the context of a balancing of interests.
You can find further information on data protection at Google Pay on the Google Pay website: https://support.google.com/googlepay/answer/9039712?hl=de.
3.1.4. PAYPAL
If you choose the PayPal payment method, the personal data required for this purpose (i.e. your first and last name, your delivery address, your email address, your telephone number, the amount to be paid and your IP address) will be transmitted to PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, 2449 Luxembourg so that you can authorize the payment to us via PayPal. You need a PayPal account for this.
The legal basis for the aforementioned data processing is Art. 6 Para. 1 b) GDPR, according to which the processing of personal data is permitted to fulfill a contract or to carry out pre-contractual measures.
You can find more information about data protection at PayPal on the PayPal website at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
3.1.5. KLARNA
If you choose the Klarna payment method with payment immediately or within 30 days, payment in three interest-free installments or financing with interest via Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, your personal data required for this purpose (i.e. your contact and identification data as well as your payment information) will be transmitted to Klarna.
Klarna may carry out a credit check and transmit your data to one of the following credit agencies for this purpose: SCHUFA, Boniversum and Arvato.
The legal basis for the credit check described above is Art. 6 para. 1 f) GDPR (balancing of interests, based on the interest in not suffering payment defaults).
Further details can be found under the following link: https://www.klarna.com/de/datenschutz/.
3.1.6. PREPAYMENT
If you choose the advance payment method, you will be asked to transfer the purchase price to our bank account. The goods will be dispatched to you immediately after the transfer has been received.
The legal basis for the aforementioned data processing is Art. 6 Para. 1 b) GDPR, according to which the processing of personal data is permitted to fulfill a contract or to carry out pre-contractual measures.
3.1.7. PURCHASE ON ACCOUNT (ONLY FOR COMMERCIAL CUSTOMERS)
If you choose to pay by invoice, we may transmit your data to credit agencies such as SCHUFA Holding, Kormoranweg 5, 65201 Wiesbaden (“SCHUFA”) in order to obtain information about your identity or to assess your credit risk based on mathematical and statistical methods (“scoring”), whereby your address data is included in the calculation. We use scoring solely to protect ourselves against possible payment defaults.
If the credit check is positive, an order can be placed by purchase on account. Other reasons why purchase on account cannot be offered include that the delivery and billing addresses are different or that a packing station or parcel depot is specified as the billing and/or delivery address.
The processing is carried out to avoid a payment default and therefore on the basis of Art. 6 Para. 1 b) GDPR and Art. 6 Para. 1 f) GDPR.
You can object to the transmission of your data to a credit agency at any time, but in this case it will no longer be possible to order via purchase on account.
4. FRAUD PREVENTION
In order to avoid fraud and payment defaults, we manually check for common fraud patterns and anomalies with partial assistance from a fraud prevention service from our cooperation partner Shopify International Limited, Victoria Buildings 1-2, Haddington Road, Dublin 4, D04. For this purpose, order and payment data (e.g. address, article, payment method) and device information (e.g. device, browser) are processed. The legal basis is Art. 6 Para. 1 f) GDPR based on our legitimate interest in protection against misuse.
If an automated check reveals that there is a suspicion of fraud, you will be informed of this and of the specific possibility of filing a complaint against it by a Westwing employee.
In addition, we may transmit information about non-claim-related behavior to individual credit agencies, such as SCHUFA, to prevent fraud (for example in the case of credit card fraud). This is done in accordance with legal requirements, insofar as it is necessary to protect our legitimate interests and the legitimate interests of third parties and there is no reason to assume that your interests or fundamental rights and freedoms that require the protection of personal data outweigh them. The processing is therefore carried out for the purpose of fraud prevention on the basis of Art. 6 Para. 1 f) GDPR.
5. DATA PROCESSING WHEN CONTACTING US
5.1. CHANNELS TO CONTACT US
There are several ways to contact us. You can reach our customer service via the following communication channels:
• by telephone,
• by fax,
• by letter,
• by email,
• via contact form, or
• via WhatsApp message via our external service provider: Whappodo.com! GmbH.
In order to process your request, we collect your name, email address, telephone number, customer number, order number and item number, as well as any other information you send to us, depending on the communication channel you use to contact us.
The legal basis for this is Art. 6 (1) (b) GDPR, according to which data processing is necessary for the performance of the contract, or Art. 6 (1) (f) GDPR, based on our legitimate interest in processing enquiries from visitors to our website.
5.2. OUR CUSTOMER SERVICE SYSTEM ZENDESK
We use the Zendesk customer service system to process your contact requests. The service provider is Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103 USA.
We use Zendesk to process your customer inquiries quickly and efficiently. We would like to point out that you can also send your inquiries by only providing your email address and without providing your name.
Since we have concluded a data processing agreement with Zendesk, your personal data may only be processed by Zendesk in accordance with our instructions and in compliance with the GDPR.
Your data may be transferred to Zendesk servers in the USA and stored there. The legal basis for this is the so-called “Binding Corporate Rules (BCR)”, which have been approved by the Irish Data Protection Authority. These are binding internal company regulations that legitimize the internal transfer of data to third countries outside the EU and the EEA. You can find details here: https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/.
The legal basis for data processing by Zendesk is our legitimate interest in accordance with Art. 6 (1) f GDPR. If you do not agree to your request being processed via Zendesk, you can alternatively contact us by email or telephone.
For further information, please see Zendesk’s privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.
6. DATA PROCESSING FOR ADVERTISING PURPOSES
6.1. SENDING ADVERTISING EMAILS
If you have consented to this, Westwing will regularly send you the Westwing newsletter by email to inform you about the latest trends in the Home & Living area, must-have Home & Living styles, highlights from the Westwing online and retail shops as well as special offers or “Sales of the Day” and “Sales Highlights of the Week” (“Newsletter”). You can find details about this in section 6.1.1.
In addition, subject to your consent, you will receive notifications from us by email about personal benefits – such as vouchers or special promotions -, reminders about the products in your shopping cart, reviews of the Westwing products you have purchased and opinion polls regarding Westwing or Westwing’s services (“Notifications”). You can also find details about this in section 6.1.1.
If you have already purchased a product or service from us and have not objected to receiving it, you will also receive promotional emails from us about similar products and/or services by email. You can find out more about this under section 6.1.2.
6.1.1. SENDING ADVERTISING EMAILS BASED ON YOUR CONSENT
If you have given your consent on our website by checking a checkbox, we will send you newsletters and/or notifications by email.
Please note, however, that we will only send you newsletters and/or notifications by email if you have previously expressly confirmed to us by clicking on a button that you would like to receive the relevant emails. We will send you the relevant button in a notification email to the email address you provided after receiving your consent (so-called “double opt-in procedure”). This is to prevent misuse by third parties who could provide your email address to register you for the Westwing newsletter or Westwing notifications without your consent. The legal basis for the double opt-in procedure is Art. 6 Para. 1 f) GDPR, as we have a predominantly legitimate interest in preventing such misuse and documenting your consent.
The relevant legal basis under data protection law for the processing of your personal data in connection with the sending of the aforementioned advertising emails is your consent in accordance with Art. 6 Para. 1 a) GDPR.
You can revoke your consent at any time with effect for the future, as follows :
1. Click on the unsubscribe link at the end of our promotional emails, which will take you (depending on whether you want to unsubscribe from the newsletter or an email notification) to the newsletter management or notification management area in your customer account (together “promotional email management”). There you can simply remove the check marks from the boxes with the newsletters or notifications that you no longer wish to receive.
2. Optionally, you can also log into your customer account and then click on the “My Newsletters” or “My Notifications” tab (depending on which type of emails you want to unsubscribe from) and then unsubscribe from the newsletters or notifications you no longer want to receive in the aforementioned newsletter management or notification management by removing the corresponding check marks.
3. You can also revoke your consent to receive newsletters and/or notifications and unsubscribe from receiving the relevant promotional emails by sending an email to service@westwing.de.
With the help of our advertising email management mentioned above, we enable you to declare and revoke your consent to receive our newsletters and/or notifications in a differentiated manner. By setting or removing a check mark, you can decide individually whether and when or how often you would like to receive a newsletter or notification by email, depending on which newsletter you are interested in or which notification you consider useful and how often you would like to receive the newsletter or notification(s) in question.
Please note that we use standard technologies in our advertising emails that can measure the opening of emails and/or the links you click on. We use this data for general statistical evaluations and to optimize and further develop our content and customer communication. This is done with the help of small graphics that are embedded in the newsletter (so-called pixels). The legal basis for this is our legitimate interest in optimizing and further developing our content and customer communication (Art. 6 Para. 1 f) GDPR). If you do not want this analysis of your usage behavior, you can unsubscribe from receiving advertising emails at any time or deactivate graphics in your email program by default.
Our newsletters and notifications are sent via the shipping service provider Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 Munich, Germany (“Mapp”). A data processing agreement in accordance with Art. 28 GDPR has been concluded with Mapp for the processing of personal data. You can find further information in Mapp’s privacy policy. https://mapp.com/de/privacy/.
6.1.2. SENDING E-MAILS WITH ADVERTISING PRODUCTS AND SERVICES THAT MAY BE OF INTEREST TO YOU BASED ON YOUR PREVIOUS PURCHASING BEHAVIOR
If you have provided your email address when purchasing a product or service in our online shop, we will send you offers and information about products and services from our range that may be of interest to you because you have already purchased similar products and services from Westwing. In addition, we will send you product evaluation and feedback surveys to find out about your satisfaction with products you have purchased or services you have used (e.g. our customer service). However, we will only send you advertising emails if you have not objected to receiving them – despite our corresponding notice below the purchase button.
The relevant legal basis under data protection law for the processing of your personal data is our legitimate interest in accordance with Art. 6 Para. 1 f) GDPR in conjunction with Section 7 Para. 3 UWG.
You can also subsequently object to receiving the relevant advertising emails at any time by simply clicking on the unsubscribe link at the end of our advertising emails. Optionally, you can log into your customer account and unsubscribe via the advertising email management (see section 6.1.1.). You can also subsequently object to receiving the relevant advertising emails by sending an email to service@westwing.de.
6.2. NEWSLETTER SENDING VIA WHATSAPP
We also enable you to receive our newsletter via a “WhatsApp” message. To send the newsletter via WhatsApp, we use the WhatsApp Business app.
For this purpose, we cooperate with our processors charles GmbH, Gartenstraße 86-87, 10115 Berlin, Germany and Braze, Inc., 318 West 39th Street, 5th Floor, New York, New York 10018, USA, (“Braze”).
With regard to the use of WhatsApp, the data protection regulations of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland apply. These stipulate, among other things, that every WhatsApp message is end-to-end encrypted and is therefore protected from access by third parties.
The legal basis for the processing of your data by Westwing is Art. 6 Para. 1 a) GDPR, because you have consented on our website and confirmed through your WhatsApp message that you would like to receive newsletters, i.e. news about new products and interior trends, via this channel. You can revoke your consent at any time with effect for the future by sending the message “Stop”.
Westwing is committed to complying with WhatsApp Business’ privacy policy, which you can find here: https://business.whatsapp.com/privacy-protections.
7. DATA PROCESSING FOR COMMUNICATION WITH YOU ON OUR WEBSITE AND VIA OUR APP
We use the service provider “Braze” to communicate with you on our website and in our app. For this purpose, we show you so-called “overlays” with an interaction option, for example.
Braze is also used to send you push notifications in our app.
For this purpose, Braze processes, among other things, the following personal data: your IP address, device-related data such as device type, model, operating system, browser type and version, usage-related information such as usage time, first name, email hash, Braze SDK and message interaction data, installation ID, device ID.
The legal basis for the processing of your personal data is Art. 6 Paragraph 1 a) GDPR in conjunction with Section 25 Paragraph 1 TTDSG. You can revoke your consent at any time with effect for the future. The easiest way to revoke your consent is via our Cookie Consent Manager.
For more information about Braze’s compliance with data protection, please visit: https://www.braze.com/privacy/.
8. DATA PROCESSING FOR PARTICIPATION IN COMPETITIONS
If you take part in competitions, we only process the data that is necessary for conducting the competitions (Art. 6 Para. 1 b) GDPR). Please note the respective data protection information in the terms and conditions for the respective competition.
9. DATA PROCESSING WHEN USING SOCIAL MEDIA FANPAGES
Westwing is active and present within social networks and platforms in order to communicate with interested parties and users and to inform them about other Westwing offers. Below we give you an overview of the processing and use of your personal data when you visit our social media accounts:
9.1. FACEBOOK AND INSTAGRAM
We operate “fan pages” on the social networks “Facebook” and “Instagram” in joint responsibility with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, in order to communicate with followers (such as our customers and interested parties) and to inform them about our products, competitions and other promotions.
With the help of meta statistics on the use of our “fan pages” (e.g. information on number, names, interactions such as likes and comments as well as summarized demographic and other information or statistics; “insights data”) we receive information about how our “fan page” is used, what interests the visitors to our “fan pages” have and which topics and content are particularly popular so that we can optimize our “fan page content” and adapt it to our user interests. The insights data only contains statistical, depersonalized information about visitors to the fan page, which cannot therefore be assigned to a specific person. You can find more information about the type and scope of these statistics in the meta page statistics information. You can find more information about the respective responsibilities and the processing of your data by Meta at: https://www.facebook.com/legal/terms/information_about_page_insights_data
Please note that we have no influence on the data processing that Meta carries out under its own responsibility in accordance with the terms of use of Facebook and Instagram. However, we would like to point out that when you visit the “fan pages”, data on your usage behavior is transferred from Facebook and the “fan pages” to Facebook. Meta itself processes your personal data to create the aforementioned statistics and for its own market research and advertising purposes. We have no access to this data.
If we receive your personal data when operating the fan pages, you are entitled to the rights set out in this privacy policy. If you wish to assert your rights against Facebook in addition, you can also contact Facebook directly. We will be happy to support you in asserting your rights as far as we can and will forward your enquiries to Meta.
The legal basis for this data processing is Art. 6 Para. 1 f) GDPR based on our aforementioned legitimate interest in being able to provide you with our Facebook “fan pages” for marketing and advertising purposes.
You can find more information about this in Facebook’s data policy at: https://de-de.facebook.com/policy.php/.
9.2. YOUTUBE
We use so-called “plugins” from the “YouTube” platform to embed our own videos and make them publicly available. YouTube is a service provided by a third party not affiliated with us, namely YouTube LLC, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; (“Google”).
As soon as you access our YouTube channel, your browser establishes a connection to YouTube and transmits information. YouTube content is only integrated in the so-called “extended data protection mode”. YouTube provides this itself and thus ensures that YouTube user information (e.g. cookies) is only stored on the device when the video(s) is played. When you access the videos in question, your IP address, unique identifiers, the type and settings of your browser, the type and settings of your device, the operating system, information about the mobile network such as the name of the mobile operator and the telephone number as well as the version number of the app are transmitted to YouTube. YouTube also collects data about the interaction of your apps, browsers and devices with its own services. The extended data protection mode does not necessarily exclude the transfer of data to YouTube partners. YouTube therefore establishes a connection to the Google DoubleClick network – regardless of whether you watch a video or not. The data transmitted includes the IP address, crash reports, system activities as well as the date, time and referral URL of your request. In addition, YouTube collects data about your activities (e.g. terms you search for, videos you watch, etc.). All data collected about you via our YouTube channel is processed by YouTube. According to information from YouTube, this information is used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behavior. YouTube also uses cookies to collect information about user behavior. The storage of these cookies can be prevented by appropriate browser settings and extensions. If you are logged into your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.
In addition, we occasionally embed videos stored on YouTube directly on our website using so-called “plugins”. With this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only accessed when you click on them separately. This technology is also called “framing”. When you access a (sub)page of our website on which YouTube videos are embedded in this form, a connection is established to the YouTube servers and the content is displayed on the website by sending a message to your browser. We have no influence on the scope and content of the data that is transmitted to YouTube and possibly other YouTube partners by activating the “plugin”. Among other things, the YouTube server is informed which of our pages you have visited.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 Clause 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager .
For more information about the information YouTube receives and how it is used, please see YouTube’s privacy policy at: https://policies.google.com/privacy.
9.3. TIKTOK
We publish short video clips (so-called “Reals”) on the “TikTok” platform and in the TikTok app to promote our products and our online shop. If you visit the TikTok website or app, TikTok Inc., 10100 Venice Blvd., Culver City, CA 90232, USA (“TikTok”) collects and processes your personal data.
TikTok makes a certain part of this data available to the owners of TikTok profiles in an anonymized and aggregated form. This includes the number of new followers, demographic data such as gender and country, without reference to identifiable individuals. Westwing cannot therefore identify any visitor to the TikTok profile. As the owner of this profile, Westwing also receives anonymized statistical data (so-called “insights data”) from TikTok. No conclusions can be drawn about the respective visitor from this data. We use the data contained in the statistics exclusively to analyze user behavior so that we can better tailor our TikTok profile and our offering to the needs and interests of visitors.
The use of your data transmitted to us by TikTok is based on our legitimate interest in accordance with Art. 6 Para. 1 f) GDPR in carrying out data analyses and in statistical recording of the use of our TikTok profile, in optimizing our offer for you, in marketing our posts and videos on our website and in continuously improving and managing our offer and our products.
Further information on data processing by TikTok can be found in TikTok’s privacy policy at: https://www.tiktok.com/legal/privacy-policy?lang=de.
9.4. PINTEREST
We operate a Westwing account on the “Pinterest” platform and in the Pinterest app on which we publish inspiration on home & living topics and advertise our products. Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA (“Pinterest”) is responsible for the Pinterest services.
When you register for an account, Pinterest processes the data you provide, such as your name, email address, phone number, photos, pins and comments. In addition, Pinterest collects and processes your IP address, which is used to approximate your location if you choose to share your exact location, as well as other Internet and electronic network activities (including which “pins” you click, which “boards” you create and which text you add in a comment or description).
The legal basis for this data processing is Art. 6 Para. 1 f) GDPR based on our legitimate interest in being able to provide you with our Pinterest platform for marketing and advertising purposes.
You can find more information at https://policy.pinterest.com/en/privacy-policy.
10. DATA PROCESSING WHEN BOOKING OUR DESIGN SERVICES
You can book the Westwing Design Service via our website using the “Design Service”/”Start your project” tab and have us individually furnish your apartment for you. You can choose between our Basic, Premium and Deluxe service packages.
As part of the booking, the following personal data will be processed in order to contact you with your designer during the concept creation process: first name, last name, email address, telephone number, and any other project-related information that you send to us.
You can also book a customized interior design concept for your company (e.g. office, café, hotel) via the “Design Service” / “Business Customer Service” tab. The following personal data may be processed via your pre-registration for our business customer service: first name, last name, email, telephone number.
The legal basis for this is Art. 6 (1) (b) GDPR (performance of the contract) or Art. 6 (1) (f) GDPR (balancing of interests, based on our interest in processing enquiries from users of our website).
11. DATA PROCESSING BY SHOPIFY
To provide our online shop and process your payments, we work with the service provider Shopify International Limited, Victoria Buildings 1-2, Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”). Shopify enables us to operate our online shop via Shopify’s cloud computing infrastructure and also processes payments for us.
Your data may be transferred to Shopify servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR in conjunction with so-called EU standard contractual clauses.
Shopify is used to provide our online shop and to process your payments. The legal basis is therefore our legitimate interest within the meaning of Art. 6 Para. 1 f) GDPR or the execution of your contract within the meaning of Art. 6 Para. 1 b) GDPR.
Depending on the processing activity, Shopify will act as our processor or as controller.
Further information on data processing and data protection information by Vimeo can be found at https://www.shopify.com/legal/privacy.
X. COOKIES AND SIMILAR TECHNOLOGIES
We use so-called “cookies” and similar technologies (such as so-called “web beacons”, “pixels”, “tags”) on our website.
Web beacons are small GIF files that can be hidden in other graphics, emails, or similar. Web beacons can identify your computer and evaluate your user behavior, such as responses to promotions. The information collected by web beacons cannot be used to identify you.
Cookies are small text files that are transferred from an internet server to your browser and stored on your hard disk. There are so-called “session cookies”, which are deleted as soon as you close your browser, and so-called “persistent cookies”, which are stored on your device for a longer period of time or indefinitely. A cookie contains a characteristic string of characters that enables your browser to be uniquely identified when you visit the website again. This helps us to personalize our offering, make it more user-friendly, effective and secure, and to enable the provision of certain functions.
You can determine at any time which cookies you wish to accept by clicking on the “Cookie Settings” button on our Cookie Consent Manager. This does not include absolutely necessary cookies, which ensure essential functions of the website.
Basically, a distinction is made between four different cookie categories:
1. STRICTLY NECESSARY COOKIES
Strictly necessary cookies enable basic functions and are required for the website to work properly. They are used, for example, to process orders or enable you as a registered user to remain logged in when accessing various subpages of our website. In addition, thanks to these cookies, you do not have to re-enter your login details every time you visit a new page.
The legal basis for the use of absolutely necessary cookies on our website is our legitimate interest in a technically flawless and user-friendly provision of our website (Art. 6 Para. 1 f) GDPR). The use of absolutely necessary cookies is possible and legally permissible without your prior consent.
If you do not want your device to be recognized the next time you visit, you can also refuse the use of such cookies by changing the settings in your browser to “Reject cookies”. You can find the respective procedure in the operating instructions for your respective browser. With a corresponding browser setting, you will be informed about the setting of cookies and can only allow cookies in individual cases or exclude the acceptance of cookies for certain cases or in general. It is also possible to activate the automatic deletion of cookies when closing the browser.
If you refuse the use of certain cookies, your use of some areas of our website may be restricted.
2. FUNCTIONAL COOKIES
Functional cookies allow us to save information you have already provided (such as your registered name) and to offer you improved and tailored features. If you do not allow these cookies, some of these services may not work properly.
The data processing in question is carried out on the basis of your consent in accordance with Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. You can revoke your consent at any time with effect for the future, most easily via the Cookie Consent Manager .
3. PERFORMANCE COOKIES
Performance cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. The data the cookies collect helps us understand, among other things, which areas are most popular, which are least used and how visitors move around our website. All information collected by these cookies is aggregated and cannot be easily associated with you.
The data processing is carried out on the basis of your consent in accordance with Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. You can revoke your consent at any time with effect for the future, most easily via the Cookie Consent Manager .
4. MARKETING COOKIES AND SIMILAR TECHNOLOGIES
Marketing cookies and similar technologies (e.g. “pixels”) enable us to show you personalized and therefore relevant advertising content and to measure the effectiveness of our advertising measures.
Marketing cookies and similar technologies are not only set on our website, but also on other (advertising) partner sites (“third party cookies”). This so-called “retargeting” is used to display relevant advertising on other websites and to analyze the relevant target groups of the products and services.
The data processing is carried out on the basis of your consent in accordance with Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. You can revoke your consent at any time with effect for the future, most easily via the Cookie Consent Manager . If you do not allow these cookies, you will see less relevant advertising.
5. DETAILS OF THE COOKIES WE USE
5.1. REQUIRED COOKIES
5.1.1. GOOGLE RECAPTCHA
We use the “Google reCAPTCHA” service, which is offered for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
With the help of this service, we can distinguish whether an input was made by a natural person or abusively by machine and automated processing.
When you use the service, your IP address and any other data required by Google for the reCAPTCHA service will be transmitted to Google.
The processing of this data is based on our legitimate interest in exercising personal responsibility on the Internet and avoiding misuse and spam (Art. 6 Para. 1 f) GDPR). The storage of information and access to information on your device is absolutely necessary and is therefore carried out in accordance with Section 25 Para. 2 TTDSG.
The data in question may be transferred to Google servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
Further information about Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.
5.1.2. ONE TRUST
We work with the service provider OneTrust, LLC, 1350 Spring St NW, Atlanta, GA 30309 (“OneTrust”) to obtain and manage your consent. This is done via our cookie consent manager or cookie banner, which appears when you first visit our website or app and through which you are informed about data processing or, specifically, cookies and other technologies on our website and can reject or accept the setting of individual cookies and other technologies.
You can also call up the cookie banner again and change your selection. The cookie banner will also appear when you visit our website if you have deactivated the storage of cookies or if the cookies from OneTrust have been deleted or have expired.
Specifically, your consents or revocations, your IP address, information about your browser and your device at the time of your visit are transmitted to OneTrust and information is stored on your device.
The relevant legal basis is Art. 6 Para. 1 f) GDPR, as we have a legitimate interest in complying with the legally required documentation of your cookie consent and cookie management. Another legal basis is Section 25 Para. 2 TTDSG.
The data in question may be transferred to OneTrust servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR.
5.2. FUNCTIONAL COOKIES
5.2.1. VIMEO PLUGINS
To embed videos, we use, among others, the “Vimeo” service of Vimeo LLC, 555 West 18th Street, New York 10011, USA (“Vimeo”).
Vimeo uses so-called “plugins” for this purpose. When you access the websites provided with such a plugin, a connection is established to the Vimeo servers and the information about which of our websites you have visited is transmitted. If you are logged in to Vimeo, Vimeo assigns this information to your personal user account. When you use the plugin, for example by clicking the start button of a video, this information is also assigned to your user account.
The data in question may be transferred to Vimeo servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 Clause 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager.
Further information on data processing and data protection information by Vimeo can be found at https://vimeo.com/privacy.
5.2.2. ALGOLIA
We use the “Algolia” service from Algolia SAS, 55 Rue d’Amsterdam, 75008 Paris, France (“Algolia”) to search and index content on our website and app. For this purpose, your IP address and your search queries are forwarded to the Algolia server.
Algolia also creates reports for us with corresponding evaluations and search analyses.
In this respect, Algolia helps us improve the discoverability of our offers, the search experience and the satisfaction of our customers.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 a) GDPR. You can revoke your consent at any time with effect for the future. The easiest way to do this is via our Cookie Consent Manager .
For more information, see Algolia’s privacy policy: https://www.algolia.com/policies/privacy.
5.3. PERFORMANCE COOKIES
5.3.1. GOOGLE ANALYTICS WITH CONERSION TRACKING
We use the service “Google Analytics”, a web analysis service from Google, which, among other things, sets pixels and performance cookies to store information on your device.
This enables us to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze your usage behavior across devices and improve our website and make it more interesting for you. For this purpose, we also receive statistics from Google about your use of our website.
Google Analytics 4 also uses artificial intelligence to automate the analysis and enrichment of data. This is primarily done to create forecasts about the future behavior of website visitors based on structured event data (e.g. forecast sales, purchase probability and churn probability). These forecast values can also be used for forecast target groups. You can find out more about this at: https://support.google.com/analytics/answer/9846734?hl=de
Furthermore, Google Analytics 4 models conversions if there is not enough data available to optimize the data evaluation. You can find further details at: https://support.google.com/analytics/answer/10710245?hl=de.
Google Analytics 4 does not log or store individual IP addresses. However, Google Analytics 4 does provide coarse geographic location data by deriving the following metadata from IP addresses: City (and the derived latitude and longitude of the city), Continent, Country, Region, Subcontinent (and ID-based counterparts). For EU traffic, IP address data is used solely for the purpose of deriving geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for any other purposes.
The data in question may be transferred to Google servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent. Due to the activation of IP anonymization on this website, your IP address will be shortened before being transmitted to the USA or to EU member states or EEA contracting states. Only in exceptional cases will your entire IP address be transferred to a Google server in the USA and only shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we do not use these services unless you have consented to the use of Google Analytics with Conversion Tracking. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager.
You can also prevent Google from collecting your data (including your IP address) and processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie will be set that prevents your data from being collected in the future when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookie in this browser, you must set the opt-out cookie again.
Further details on data processing by Google Analytics with Conversion Tracking can be found at: http://www.google.com/analytics/terms/de.html, http://www.google.com/intl/de/analytics/learn/privacy.html, and http://www.google.de/intl/de/policies/privacy.
5.4. MARKETING COOKIES AND SIMILAR TECHNOLOGIES
5.4.1. CUSTOM AUDIENCE / META PIXELS
We use “Custom Audiences” on our website with the so-called “pixel function” (“Meta Pixel”) and the “server-side Conversion API”, which is operated for visitors outside the USA and Canada by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).
This allows us to show you interest-based advertising when you visit the social networks Facebook and Instagram, or other meta apps and websites, and to understand the effectiveness of our advertising. Through the meta pixels integrated into our website, your browser automatically establishes a connection to Meta’s servers for extended comparison of the integrated meta pixel. This gives Meta information, for example, that you have clicked on a specific ad or product on our website, which in turn enables us to show you ads based on your interests on our or other websites.
If you are registered with a Meta service, Meta can assign the website visit to your account, as your personal data in the form of your email and IP address are transmitted to Meta in hashed form via the pixel and are partially enriched with existing tracking data. The country in which you are located is also transmitted. Even if you are not registered with Facebook or Instagram or have not logged in, it is possible that Meta will find out about your aforementioned personal data and use it to create a profile.
The data in question may be transferred to Meta’s servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we do not use these services unless you have consented to the use of Facebook Custom Audiences or Pixel. You can revoke your consent at any time with effect for the future, most easily via our Consent Manager. Furthermore, if you are logged into your Facebook account, you can also object to data processing using the following link: https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu
Further information, in particular on the joint responsibility of us and Meta and on the purpose and scope of data processing by Meta as well as the setting options for protecting your privacy can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
5.4.2. PINTEREST TAG
In order to further optimize our Pinterest campaigns and measure their success, we use the “Pinterest Tag” service of the social network “Pinterest”, which is offered to visitors from the European Economic Area by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”).
We use the Pinterest tag along with the “server-side conversion API” to only show our Pinterest ads to Pinterest users who have shown an interest in our offering. At the same time, it is ensured that the content of our ads is highly likely to match the interests of the respective user. We can also track the user behavior of Pinterest users who have clicked on one of our ads. For this purpose, Pinterest processes data that the service collects via cookies, web beacons and similar storage technologies on our websites.
When using the service, the following information is processed: device information (e.g. type, brand), operating system used (e.g. iOS 11), IP address of the device used, time of access to our offer, type and content of the campaign and the reaction to the respective campaign (e.g. clicking a button) as well as the device identifiers, which consist of individual characteristics of your device. Using these device identifiers, we can also recognize your device on the website. The data collected in this way is anonymous to us and does not allow any conclusions to be drawn about your identity. If you log into your Pinterest account after visiting our website or visit our website while logged in, it is possible that this data will be stored and processed by Pinterest, about which we would like to inform you. Pinterest may be able to link this data to your Pinterest account and also use it for its own advertising purposes.
The data in question may be transferred to Pinterest servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we do not use this service unless you have consented to the use of Pinterest Tag. You can revoke your consent at any time with effect for the future, most easily via our Consent Manager .
You can find further information about the purpose and scope of data processing as well as the setting options for protecting your privacy in the Pinterest privacy policy, which you can access via the following link: https://policy.pinterest.com/de/privacy-policy.
5.4.3. MICROSOFT BING ADS
On our website we use the conversion tracking service “Microsoft Bing Ads” of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft Bing Ads will place a cookie on your computer if you have accessed our website via a Microsoft Bing ad. This allows us to recognize that you have clicked on an ad and been redirected to our website. This helps us understand how effective a particular ad is. However, we only receive information about the total number of users who have clicked on a Bing ad and were then redirected to our website. No information about the identity of the user is disclosed.
The data in question may be transferred to Microsoft servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we do not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager .
Further information on data processing and the cookies used by Bing Ads can be found at: https://privacy.microsoft.com/de-de/privacystatement.
5.4.4. GOOGLE ADS (FORMERLY ADWORDS) AND CONVERSION TRACKING
We use the “Google Ads” and “Google Conversion Tracking” services, which are offered to persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
This allows us to display Google Ads ads, taking your interests and location into account.
When you click on a Google ad, a cookie is temporarily placed on your computer, allowing us to recognize that you clicked on the ad and were redirected to this page.
Using the conversion statistics created on this basis, we learn the total number of users who clicked on the ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.
If you use a Google account, Google can link your web and app browsing history to your Google account and use information from your Google account to personalize ads, depending on the settings stored in your Google account. If you do not want this association with your Google account, you must log out of Google before visiting our website. You can also prevent the setting of the relevant cookies by setting your browser software or on the Google website.
The data in question may be transferred to Google servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we do not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager .
Further information about Google Ads and Conversion Tracking as well as Google’s privacy policy can be found at: https://www.google.com/privacy/ads and https://policies.google.com/privacy.
5.4.6. GOOGLE DYNAMIC REMARKETING
We also use the remarketing function “Google Dynamic Remarketing”. This service is designed to show you interest-based advertisements on other websites after you have visited our website. The advertisements are based on the products and services you clicked on when you last visited our website. For this purpose, Google uses cookies that are temporarily stored in your browser. Google only stores information such as your web request, IP address, browser type, browser language, date and time of your request.
If you use a Google account, Google can link your web and app browsing history to your Google account and use information from your Google account to personalize ads, depending on the settings stored in your Google account. If you do not want this association with your Google account, you must log out of Google before visiting our website. You can also prevent the setting of the relevant cookies by setting your browser software or on the Google website.
The data in question may be transferred to Microsoft servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager.
Further information about Google Dynamic Retargeting and Google’s privacy policy can be found at: https://www.google.com/privacy/ads and https://policies.google.com/privacy.
5.4.7. GOOGLE AD MANAGER (FORMERLY DOUBLECLICK)
We also use “Google Ad Manager” (formerly “Doubleclick”). This service uses cookies, pixels and other technologies to show you interest-based advertisements based on previous visits to our or other websites. It also enables us to track how successful our advertising campaigns have been. Google says it also processes the data in question to optimize its own products and services.
If you use a Google account, Google can link your web and app browsing history to your Google account and use information from your Google account to personalize ads, depending on the settings stored in your Google account. If you do not want this association with your Google account, you must log out of Google before visiting our website. You can also prevent the setting of the relevant cookies by setting your browser software or on the Google website.
The data in question may be transferred to Microsoft servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager.
Further information about Google Ad Manager and Google’s privacy policy can be found at: https://www.google.com/privacy/ads and https://policies.google.com/privacy.
5.4.8. YOUTUBE IN EXTENDED PRIVACY MODE
To embed videos on our website, we use the provider YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, (“YouTube”), among others. When you visit our website with videos embedded by YouTube, your browser establishes a direct connection to the YouTube servers in order to be able to display the content to you. The content accessed can be recorded by your browser. If you are logged into your YouTube account, YouTube can assign your usage behavior to your personal profile. You can prevent this by logging out of your YouTube account before accessing our website.
The data in question may be transferred to YouTube servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 Clause 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager.
Further information on data processing by YouTube can be found in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de&gl=de.
5.4.9. SEGMENT
We also use the “Segment” service provided by Segment Inc., 101 15th St San Francisco, CA 94103, USA (“Segment”).
Segment collects and stores data from you from which user profiles can be created using pseudonyms. These user profiles are used to analyze your user behavior and are evaluated to improve our service for you. Cookies can be used for this purpose, which enable recognition when you visit our website again. The pseudonymized user profiles are not merged with personal data about the bearer of the pseudonym.
The data in question may be transferred to Segment servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 Clause 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager.
For further information, please see Segment’s privacy policy: https://segment.com/docs/legal/privacy/.
5.4.10. HOTJAR
We use the web analysis service “Hotjar” provided by Hotjar Limited, Dragonara Road, Paceville St. Julian’s STJ 3141, Malta (“Hotjar”).
Hotjar uses cookies and other technologies to analyze and evaluate your usage behavior and your interactions with our website. This helps us to optimize your user experience on our website by gaining a better understanding of the experiences of our users on our website (e.g. clicks, scrolls, mouse movements).
Your IP address will be shortened before the usage statistics are evaluated so that no direct conclusions can be drawn about your identity.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 Clause 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager.
For more information, see the “about Hotjar” section at https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotja.
5.4.11. BRAZE
We use the web analysis service “Braze” from Braze, Inc, 318 West 39th Street, 5th Floor, New York, New York 10018, USA, (“Braze”) to communicate with you on our website and to understand the function and use of our mobile content on your device. For example, we display pop-up windows with an interaction option.
Braze is also used to send push notifications in our app and on our website.
We also use Braze to send you personalized promotions and tailored information about our products.
We will also inform you via Braze about items that you have forgotten in your shopping cart.
The data in question may be transferred to Braze servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 Clause 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager.
For more information about Braze’s compliance with data protection, please visit: https://www.braze.com/privacy/.
5.4.12. CRITEO
We also use the remarketing tool “Criteo” from Criteo, SA, 32 Rue Blanche, 75009 Paris, France, on our website and in our app to show you personalized advertisements on partner websites and in apps for products that might interest you based on the products you clicked on on our website or in our app. For this purpose, the above-mentioned data on your previous browsing behavior is linked by Criteo to a unique identifier, such as an identification cookie or other similar technology (e.g. mobile advertising IDs and non-cookie-based technologies).
Criteo and Westwing will act as joint controllers within the meaning of Art. 26 GDPR.
The legal basis for data protection is your consent in accordance with Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. You can revoke this at any time with effect for the future – most easily via our Cookie Consent Manager or at the following link: https://www.criteo.com/de/privacy/disable-criteo-services-on-internet-browsers/.
If Criteo transfers personal data to non-EU or EEA countries, this will be done according to Criteo on the basis of an adequacy decision of the European Commission pursuant to Art. 45 of the GDPR or on the basis of suitable data protection guarantees pursuant to Art. 46 of the GDPR, for example the conclusion of the EU standard contractual clauses.
You can find more information about how Criteo processes your data here: http://www.criteo.com/de/privacy
5.4.13. KLEAR
We use the influencer marketing service “Klear” from Meltwater Deutschland GmbH, Jannowitz Centre, Brückenstrasse 6, 10179 Berlin. This enables us to set up influencer marketing programs and measure and analyze influencer campaigns. Klear uses cookies to track the success of campaigns on our website.
The analyses created in this way help us, among other things, to search for influencers in social networks by region, language, industry, hashtag and previous collaborations and to make data-driven decisions about our influencer marketing strategy.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager.
You can find more information here: https://klear.com/legal/cookies; https://klear.com/legal/privacy-notice-for-influencers.
5.4.14. GOOGLE CUSTOMER MATCH
We also use Google’s “Google Customer Match” service, which enables us to show visitors to our website interest-based advertising based on their previous browsing behavior on our website and third-party websites, as well as in apps and emails.
The data in question may be transferred to Google servers in the USA and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we do not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager. If you would like to prevent receiving interest-based advertising through Google Customer Match, you can also unsubscribe via the following websites: http://www.networkadvertising.org/choices/; http://www.youronlinechoices.com/
You can find more information about Google’s compliance with data protection here: https://support.google.com/google-ads/answer/6334160?sjid=2821624592503930728-EU
5.4.15. LEAD FORENSICS
We also use a B2B sales and marketing tool from Lead Forensics, UK Headquarters, Communication House, 26 York Street, London, W1U 6PZ, UK (“Lead Forensics”).
Lead Forensics uses a tracking code to identify companies that visit our website based on their business IP addresses. The Lead Forensics tracking code only collects information that is easily available to the public. The information in question is not used to personally identify an individual visitor. The IP addresses that are collected are anonymized immediately after storage.
Lead Forensics does not provide us with IP addresses. It only provides us with information about which companies have visited our website, as well as the date and duration of their visit. This information enables us to analyze the use of our website and possibly contact these companies.
The information generated by the Lead Forensics tracking code is transmitted to Lead Forensics servers in the United Kingdom and processed and stored there. The legal basis for this is the European Commission’s adequacy decision of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 Para. 1 a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, Art. 6 Para. 1 a) GDPR in conjunction with Section 25 Para. 1 TTDSG. This means that we do not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager. To unsubscribe from tracking, you can also use the following link: https://optout.leadforensics.com/?clientID=786109 .
5.1.16. TIKTOK ADS
We use the “TikTok Ads” service provided by TikTok Inc, 10100 Venice Blvd, Culver City, CA 90232, USA (“TikTok”), which enables us to show visitors to our website interest-based advertising based on their previous surfing behavior on our website and on third-party websites as well as in apps and emails.
When you visit our website, a connection is established to TikTok’s servers by setting a pixel, and personal data such as your IP address, pages visited and interactions may be logged.
The corresponding data can also be transferred to TikTok servers in the USA and stored there. The legal basis is the European Commission’s adequacy decision of July 10, 2023 (the so-called data protection framework) pursuant to Article 45 GDPR or Article 49 paragraph 1 letter a) GDPR in conjunction with your consent.
The legal basis for the processing of your data is your consent, in accordance with Art. 6 Paragraph 1 a) GDPR. This means that we only use this service if you have given us your consent. You can revoke your consent at any time with effect for the future, most easily via our Cookie Consent Manager .
You can find further information here: https://ads.tiktok.com/help/article/app-retargeting?lang=en; https://www.tiktok.com/legal/page/eea/privacy-policy/en.
XI. TECHNICAL AND ORGANIZATIONAL MEASURES FOR DATA SECURITY
We have taken technical and organizational security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access by third parties, as well as to ensure an appropriate level of protection and to protect your personal rights.
For example, we encrypt your personal data, including confidential content, such as your contact requests, before they are transmitted, and all of our employees as well as service providers and processors working for us are committed to complying with applicable data protection regulations and data protection laws.
We regularly check that our numerous security precautions correspond to the state of the art.
XII. YOUR RIGHTS AS A DATA SUBJECT
In accordance with the statutory provisions on data protection, you have the following rights with regard to your personal data at any time:
1. RIGHT TO INFORMATION
You have the right to request information about the personal data we process about you and a copy of this data.
2. RIGHT TO RECTIFICATION
You have the right to request the rectification of inaccurate data and, taking into account the purposes of the processing, the completion of incomplete data.
3. RIGHT TO ERASURE
You have the right to request the deletion of your data if the following reasons apply:
• The storage of the data is no longer necessary for the purposes for which it was collected or otherwise processed,
• You withdraw your consent on which the processing is based and there is no other legal basis for the processing,
• You object to the processing and there are no overriding legitimate interests for the processing,
• the personal data in question were processed unlawfully,
• or the erasure of your personal data is necessary to fulfill a legal obligation under Union or Member State law.
Please note that there may be reasons that prevent immediate deletion, e.g. in the case of statutory retention periods. Regardless of whether you exercise your right to deletion, we will delete your data immediately and completely if storage is no longer required for the respective purpose of processing and there are no legal or statutory retention periods that prevent this.
4. RIGHT TO RESTRICTION OF PROCESSING
You also have the right to request the restriction of the processing of your data if:
• the accuracy of your personal data is contested by you, for a period enabling us to verify the accuracy of your personal data,
• the processing is unlawful and you oppose the erasure of your personal data and request the restriction of the use of your personal data instead;
• we no longer need the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
• You have objected to the processing pursuant to Art. 21 Para. 1 GDPR, as long as it has not yet been determined whether our legitimate interests outweigh yours.
5. RIGHT TO DATA PORTABILITY
If the legal requirements are met, you have the right to receive the data provided in a structured, common and machine-readable format and to transmit this data to another responsible party or, if technically feasible, to have it transmitted by Westwing.
6. RIGHT TO COMPLAIN TO THE COMPETENT DATA PROTECTION AUTHORITY
You also have the right to lodge a complaint with the responsible data protection supervisory authority. To assert this right, please send an email to: serice@westwing.de.
7. RIGHT OF OBJECTION
Insofar as the processing of your personal data is based on our legitimate interest in accordance with Art. 6 Para. 1 S. f) GDPR, you also have the right to object to the processing of your personal data for reasons arising from your particular situation, e.g. by email to: service@westwing.de. We will then no longer process your personal data for these purposes unless our legitimate interest outweighs it in the individual case.
8. RIGHT OF WITHDRAWAL
To the extent that the processing of your personal data is based on your consent in accordance with Art. 6 Para. 1 a) GDPR, you have the right to revoke your consent at any time with effect for the future, e.g. by e-mail to service@westwing.de.
If you would like to assert one of the aforementioned rights, you can also contact our external data protection officer at any time by email at: anfrage@projekt29.de.
XIII. CHANGES TO THIS PRIVACY POLICY
We reserve the right to change this privacy policy if this should become necessary, for example due to the use of new services or technologies. If fundamental changes are made, we will announce them on our website or by email.
Status: November 2024