HOC Heart  Welcome back! We missed you  HOC Heart
HOC Heart  Good customer service  HOC Heart
HOC Heart  Delivery in 2-3 workdays  HOC Heart
HOC Heart  Free Shipping when purchasing over 100 EUR  HOC Heart
HOC Heart  Easy return policy  HOC Heart
Search
Advanced Search
Toggle Nav
My Cart
Menu
Account

Cookie- and Privacy Policy

If you have any questions, complaints or other concerns, please do not hesitate to contact us. All contact details can be found here.

 

Contact details of the person responsible

ellen wille THE HAIR-COMPANY GmbH, Lauenburger Str. 3-5, 65824 Schwalbach a. Ts., e-mail: info@ellen-wille.de, phone: +49 6196 88152-0

Please contact the data protection officer listed below directly for all data protection issues.

 

Contact details of the data protection officer

The data protection officer of ellen wille THE HAIR-COMPANY GmbH can be contacted as follows:

UBG Unternehmens Beteiligungsgesellschaft mbH, Solmsstraße 71, 60486, Frankfurt am Main, e-mail: info@ubg-datenschutz.de, phone: +49 69 653000623.

 

Collection of data in the context of using the website

a) Server log files

ellen wille THE HAIR-COMPANY GmbH collects data about every access to this website (so-called server log files). The access data includes Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in improving the operation, security and optimisation of our website. The data is not passed on or used in any other way. However, we reserve the right to subsequently check the log data if there is a justified suspicion of unlawful use based on concrete evidence.

 

b) Cookies

Cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the body that sets the cookie (in this case us). They are used to make the website more user-friendly and effective overall. In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping basket for a later visit to the website). Our website uses transient and persistent cookies. Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser. Persistent cookies on our website are automatically deleted after a specified period, which may vary depending on the cookie, but is a maximum of two years for the cookies we set. You can delete the cookies in your browser's security settings at any time.

You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that in this case you may not be able to use all the functions of this website.

Usercentrics A/S collects and stores data on this website, from which user profiles are created using pseudonyms. These user profiles are used to analyse visitor behaviour and are evaluated in order to improve and tailor our offering. Cookies may be used for this purpose. The pseudonymised user profiles are not merged with personal data about the bearer of the pseudonym without the express consent of the person concerned, which must be given separately. You can object to the collection and storage of data for the purpose of web analysis at any time with effect for the future by installing the following plug-in in your browser: https://tools.google.com/dlpage/gaoptout?hl=de

If your personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b) GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of your visit to our website.

 

c) Contact form and e-mail contact

When you contact us (e.g. via contact form or e-mail), personal data may be collected from you. In the case of collection via the contact form provided on our website, the data concerned can be seen from the respective contact form. This data is collected and used by us exclusively for the purpose of responding to your enquiry or for contacting you. The data you enter in the contact form is converted into an email using the Magento software from the provider Magento, Inc. (USA) and sent to the person responsible for responding to your enquiry. In doing so, the data may be transmitted to Magento, Inc. The data you provide will be deleted by us as soon as your contact enquiry has been finally answered. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

The legal basis for the processing of your data is our legitimate interest in responding to your enquiry in accordance with Art. 6 (1) (f) GDPR. If your contact enquiry is made in connection with the conclusion of a contract, the legal basis for our processing is also Art. 6 para. 1 lit. b) GDPR. Insofar as processing is carried out by Magento, Inc. based in the USA, Magento's certification for the ‘EU-US Privacy Shield’ data protection agreement guarantees compliance with the data protection standards applicable in the EU.

 

d) Order process, customer account

We process personal data if you provide it to us as part of your order or when opening a customer account. Which data is collected can be seen from the respective input forms. You can delete your customer account at any time by sending a message to the contact option described above. The data stored in the customer account will then be deleted automatically. The data collected as part of an order will be deleted after the tenth calendar year following the order, subject to your consent to further processing or longer statutory retention obligations.

We use the data collected from you in this way in accordance with Art. 6 para. 1 lit. b) GDPR for the purpose of contract processing and fulfilment.

 

e) Data processing for order processing

In order to process your order, we work together with various service providers who support us in whole or in part in the fulfilment of concluded contracts. Personal data relating to you will be transmitted to these service providers in accordance with the following information.

The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods ordered by you. As part of the dispatch of the goods, we will only pass on your e-mail address to the transport service provider for the purpose of coordinating a delivery date or for delivery notification if you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the transport service provider for the purpose of delivery.

We pass on your payment data to the authorised payment service provider as part of payment processing, insofar as this is necessary for payment processing. For individual payment methods (in particular purchase on account), in addition to the transmission of your payment data, it is also necessary for us or the payment service provider to carry out an identity and credit check. However, this will only take place if you have given your express consent to this when selecting the payment method. You can find the privacy policy of our partner KLARNA for Germany at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy, for Austria at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy and for the Netherlands at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/nl_nl/privacy. Information on data protection from our partner PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

The forwarding of your e-mail address to the transport service provider is based on your consent in accordance with Art. 6 para. 1 lit a) GDPR. The transmission of the name of the recipient and the delivery address is carried out in accordance with Art. 6 para. 1 lit. b) GDPR for the fulfilment of our contract concluded with you. The information required to process the payment is passed on to the payment service provider in accordance with Art. 6 para. 1 lit a) GDPR, insofar as you have expressly consented to an identity and credit check as part of the ordering process, and otherwise Art. 6 para. 1 lit b) GDPR for the fulfilment of the contract.

 

f) Newsletter, direct marketing

If you register for our newsletter, we will use the data you provide for this purpose (first name, surname, e-mail address) to include it in our newsletter database in accordance with your consent and to send you our e-mail newsletter on a regular basis. Inclusion in our newsletter database takes place via the so-called double opt-out procedure in order to prevent misuse of your data; i.e. when you send your data, an activation confirmation is first sent to the e-mail address provided and you are only finally included in the newsletter database when the activation link contained in the activation confirmation is clicked. If the activation link is not clicked within one week of the activation confirmation being sent, the data will be deleted.

If you purchase goods or services on our website and enter your e-mail address, we may subsequently also use it to send you information as part of our direct marketing, provided that you have objected to receiving such information when your data was collected. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter.

You can unsubscribe from the newsletter or from receiving information on direct marketing at any time with effect for the future and can either be done by sending a message to the contact option described below or via a link provided for this purpose in the newsletter.

If you register to receive our newsletter, the legal basis for our processing is your consent to the use of your personal data in accordance with Art. 6 (1) (a) GDPR when you confirm the activation link. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising in accordance with Art. 6 para. 1 lit. f) GDPR.

We use Klaviyo to send newsletters. The provider is Klaviyo, 106 Fenchurch Street, 5th Floor, London, EC3M 5JD, United Kingdom. This service enables us to organise and analyse the sending of newsletters. The data you enter to receive the newsletter, such as your e-mail address, is stored on Klaviyo's servers. 

Sending newsletters with Klaviyo allows us to analyse the behaviour of newsletter recipients. The analysis shows, among other things, how many recipients have opened their newsletter and how often links in the newsletter were clicked. 

The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. To withdraw your consent, simply send us an informal email or unsubscribe via the ‘Unsubscribe’ link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

If you do not wish to be analysed by Klaviyo, you must unsubscribe from the newsletter. To unsubscribe, simply send us an informal email or unsubscribe via the ‘Unsubscribe’ link in the newsletter.

Data entered to set up the subscription will be deleted from our servers and Klaviyo's servers if you unsubscribe.

 

g) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc (‘Google’). Google Analytics uses so-called ‘cookies’, text files which are stored on the user's computer and which enable your use of the website to be analysed.

For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

On behalf of the operator of this website, Google will use this information to analyse the use of the website by users, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Users can prevent the storage of cookies by setting their browser software accordingly; in this case, however, you may not be able to use all the functions of this website to their full extent. Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Further information can be found at:

https://marketingplatform.google.com/about/analytics/terms/us/ 
https://marketingplatform.google.com/about/ 
https://policies.google.com/

Google Analytics is used on our websites in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for the purpose of optimisation and for marketing purposes. Insofar as cookies are used for this purpose, the corresponding processing is based on your consent in accordance with Art. 6 para. 1 lit a).

 

h) YouTube

Videos from the provider YouTube (YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, represented by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA) are integrated on some of our pages. When you call up a page with an embedded video, your browser establishes a connection to the YouTube servers (legal basis Art. 6 para. 1 lit. f) GDPR.

 

i)PayPal

Our website allows payment via PayPal. The provider of the payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you pay with PayPal, the payment data you enter will be transmitted to PayPal.

The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract). You can revoke your consent at any time. Data processing carried out in the past remains effective in the event of a revocation.

 

j) Klarna (available soon)

Our website enables payment via Klarna. The provider of the payment service is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.

When paying with Klarna (Klarna checkout solution), Klarna collects various personal data from you. Details can be found in Klarna's privacy policy at: https://www.klarna.com/de/datenschutz-und-sicherheit/.

Klarna uses cookies to optimise the Klarna checkout solution. This optimisation constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Cookies are small text files that your web browser stores on your end device. Klarna cookies remain on your device until you delete them. Details on the use of Klarna cookies can be found at: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

The transmission of your data to Klarna is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract). You can withdraw your consent at any time. Data processing operations carried out in the past remain effective in the event of a revocation.

 

k) Facebook Pixel

This website uses Facebook's visitor action pixel to measure conversions. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

This allows the behaviour of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy. This enables Facebook to place adverts on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of Facebook Pixel is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

You can find further information on protecting your privacy in Facebook's data protection information: https://www.facebook.com/privacy/policy/.

You can also deactivate the remarketing function ‘Custom Audiences’ in the settings for adverts at https://accountscenter.facebook.com/ad_preferences. You must be logged in to Facebook to do this.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/uk/.

 

l) cookiebot.com from Usercentrics A/S

A web service of the company Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter: cookiebot.com) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to cookiebot.com. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the error-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in cookiebot.com's privacy policy: https://www.cookiebot.com/de/privacy-policy/

You can prevent the collection and processing of your data by cookiebot.com by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

 

Recipients

In addition to the aforementioned recipients, the aforementioned personal data may in certain cases be viewed by our service providers involved in the maintenance and updating of the website. Your IP address may be transmitted to Google, LLC. In addition, your personal data may be transmitted by us to your health insurance company if you have indicated during an order process that we should bill your health insurance company. Finally, your data may also be transmitted to the tax consultants and auditors advising us and, e.g. as part of a tax audit, to the tax office responsible for us or made accessible in some other way.

 

Export and processing of data in countries outside the European Economic Area

Subject to the IP address, no personal data is exported to countries outside the EEA. Insofar as processing is carried out by Google LLC based in the USA, compliance with the data protection level applicable in the EU is guaranteed due to Google's certification for the ‘EU-US Privacy Shield’ data protection agreement.

 

Duration of data processing

Unless otherwise stated in section 3, we do not store and process any personal data of users of our website beyond the end of actual use. However, this does not apply if we are obliged to retain such data due to the applicable statutory retention periods (e.g. retention periods under commercial and tax law).

 

Rights of the data subject

Under the GDPR, you have the following rights and claims against the controller

the right of access (Art. 15 GDPR)

the right to rectification (Art. 16 GDPR)

the right to erasure (Art. 17 GDPR)

the right to restriction of processing (Art. 18 GDPR)

the right to data portability (Art. 20 GDPR)

 

Consents granted

You can revoke any consent you have given for data processing at any time, in whole or in part, with effect for the future. The revocation does not affect the lawfulness of the processing of personal data prior to the revocation.

 

Right of objection of the data subject pursuant to Art. 21 GDPR

Pursuant to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR, with effect for the future.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

 

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. Accordingly, without prejudice to any other administrative or judicial remedy, any data subject may lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

The following data protection supervisory authority is responsible for ellen wille THE HAIR-COMPANY GmbH:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Postfach 3163, 65021 Wiesbaden, Tel.: +49 611 1408-0

Online complaint form: https://datenschutz.hessen.de/service/beschwerde-uebermitteln