€5.50 shipping with DHL | FREE shipping within Germany for orders over €100

Privacy policy

Privacy policy

Introduction

The following privacy policy informs you about the types of personal data we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both as part of the provision of our services and in particular on our websites, mobile applications and within external online presences such as our social media profiles (collectively referred to as the "online offering").

The terms used are not gender-specific.

Status: 1 February 2021

Controller

Longship Commerce GmbH | Adam-Stegerwald-Strasse 34 | 42857 Remscheid

Mail: hallo[at]lillygo.de

VAT identification number pursuant to § 27 a UStG: DE349912329

Registration court: Wuppertal Local Court

Registration number: HRB 35859

Authorized representatives: Douglas McKerson

Email address: hallo@lillygo.de

Imprint: https://www.lillygo.de/policies/legal-notice

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Event data (Facebook): data sent by us to Facebook (e.g. via Facebook Pixel) about people or their actions, such as visits to websites, interactions with content/features, app installations, product purchases. Used for forming audiences (Custom Audiences). Does not include actual content (such as comments), login information, or contact details (no names, email addresses, phone numbers). Facebook deletes event data after a maximum of two years.
  • Master data (e.g. names, addresses).
  • Content data (e.g. entries in online forms).
  • Contact data (e.g. email, phone numbers).
  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Location data (information about the geographical location of a device or person).
  • Contract data (e.g. subject matter, term, customer category).
  • Payment data (e.g. bank details, invoices, payment history).

Categories of data subjects

  • Business and contractual partners.
  • Prospective customers.
  • Communication partners.
  • Customers.
  • Users (e.g. website visitors, users of online services).
  • Sweepstakes and competition participants.

Purposes of processing

  • Conversion measurement (measuring the effectiveness of marketing measures).
  • Office and organizational procedures.
  • Cross-device tracking (cross-device processing of user data for marketing purposes).
  • Direct marketing (e.g. by email or post).
  • Conducting sweepstakes and competitions.
  • Interest-based and behavior-based marketing.
  • Contact requests and communication.
  • Profiling (creating user profiles).
  • Remarketing.
  • Reach measurement (e.g. access statistics, recognition of returning visitors).
  • Security measures.
  • Tracking (e.g. interest- and behavior-based profiling, use of cookies).
  • Provision of contractual services and customer support.
  • Management and response to inquiries.
  • Audience formation (determining audiences relevant to marketing purposes or other content output).

Relevant legal bases

  • Consent (Art. 6 (1) p. 1 lit. a GDPR) - the data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6 (1) p. 1 lit. b GDPR) - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 (1) p. 1 lit. c GDPR) - processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 (1) p. 1 lit. f GDPR) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany, in particular the Federal Data Protection Act (BDSG).

Security measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity for the rights and freedoms of natural persons.

Measures include in particular safeguarding the confidentiality, integrity and availability of data through control of physical and electronic access to the data as well as access to, input to, transfer of, security of availability and separation of data. Furthermore, we have set up procedures that ensure data subjects' rights, deletion of data and reactions to data threats. Furthermore, we take protection of personal data into account already during development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default.

SSL encryption (https): To protect the data you transmit via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transfer and disclosure of personal data

As part of our processing of personal data, data may be transferred to other entities, companies, legally independent organizational units or persons, or disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, IT service providers commissioned, or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and in particular conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data processing in third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or processing takes place as part of using third-party services or disclosure or transfer of data to other persons, entities or companies, this is only done in accordance with legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses of the EU Commission, in the presence of certifications, or binding internal data protection rules (Art. 44 to 49 GDPR).

Use of cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie primarily serves to store information about a user during or after their visit within an online offering. Stored information may include, for example, language settings on a website, login status, a shopping cart, or the place where a video was watched.

Note on legal basis: The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for consent. Otherwise, the data processed by means of cookies will be processed on the basis of our legitimate interests (e.g. in a business operation of our online offering and its improvement) or, if the use of cookies is necessary, to fulfill our contractual obligations.

Storage period: Unless we provide you with explicit information about the storage period of permanent cookies (e.g. as part of a cookie opt-in), please assume that the storage period can be up to two years.

Shop and e-commerce: We process customer data to enable customers to select, purchase or order chosen products, goods and related services as well as their payment and delivery, or execution. The required data is identified as such in the order or comparable acquisition process and includes the data needed for delivery, provision and billing as well as contact information.

Payment service providers

  • PayPal: Payment services and solutions; service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
  • Shop Pay (Shopify): Payment services; service provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Provision of online offering and web hosting: To provide our online offering securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offering can be accessed.

Service provider: Shopify Inc., 151 O'Connor Street, Ottawa, Ontario K2P 2L8, Canada. Privacy notice: https://www.shopify.com/legal/privacy.

Online marketing: We process personal data for online marketing purposes, including marketing of advertising spaces or display of advertising and other content based on the potential interests of users and measurement of their effectiveness.

Service used: Google Analytics (Google Ireland Limited / Google LLC). Privacy notice: https://policies.google.com/privacy. Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de.

Service used: Facebook Pixel and Custom Audiences (Meta). Used to determine visitors as audiences for ads and to measure ad effectiveness.

Social media presences

We maintain online presences within social networks (Facebook, Instagram). Note that user data may be processed outside the European Union, which can mean risks for users.

Deletion of data

The data processed by us is deleted in accordance with legal requirements as soon as the consents permitted for processing are revoked or other authorizations no longer apply.

Changes and updates to the privacy policy

Please regularly review the contents of our privacy policy. We adjust the privacy policy as soon as changes to the data processing carried out by us make this necessary.

Data subject rights

You have the following rights under the GDPR: right to object, right to withdraw consent, right of access, right to rectification, right to erasure and to restriction of processing, right to data portability, right to lodge a complaint with a supervisory authority.

Created with the free privacy generator at Datenschutz-Generator.de by Dr. Thomas Schwenke

>