Privacy policy

PRIVACY POLICY

1. INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA

1.1 We are pleased that you are visiting our website. Below we inform you about the handling of your personal data when using our website. Personal data refers to all data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Noah & Lily. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data (e.g., orders or inquiries), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string https:// and the padlock symbol in your browser bar.

2. DATA COLLECTION WHEN VISITING OUR WEBSITE

When you use our website for informational purposes only, we collect the data that your browser transmits to our server (server log files), including:

  • Date and time of access

  • Amount of data sent (bytes)

  • Browser and Operating system used

  • IP address (in anonymized form) This processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website.

3. COOKIES

To make your visit attractive and enable certain functions, we use cookies. These are small text files stored on your device.

  • Session Cookies: Deleted after you close your browser.

  • Persistent Cookies: Remain on your device to recognize your browser on your next visit. You can configure your browser to refuse cookies, though this may limit the functionality of our website.

4. CONTACTING US

When you contact us (via contact form or email), personal data is collected. This data is stored and used solely for responding to your inquiry. The legal basis is our legitimate interest in responding to you (Art. 6 Para. 1 lit. f GDPR). If your contact aims at concluding a contract, Art. 6 Para. 1 lit. b GDPR also applies.

5. CUSTOMER ACCOUNTS AND CONTRACT PROCESSING

In accordance with Art. 6 Para. 1 lit. b GDPR, personal data is collected when you provide it to us to open a customer account or execute a contract. You can delete your customer account at any time by messaging the controller. We store this data for contract processing and for the duration of statutory tax and commercial retention periods.

6. DIRECT MARKETING & NEWSLETTERS

  • Newsletter: If you subscribe, we use the double opt-in procedure. Your email is used for advertising purposes until you unsubscribe.

  • Existing Customers: If you purchase goods, we may send you offers for similar products via email. You can object to this at any time at no cost other than basic transmission rates.

7. DATA PROCESSING FOR ORDER EXECUTION

7.1 We pass data to the transport company commissioned with delivery and the credit institution commissioned with payment, insofar as necessary for the fulfillment of the contract (Art. 6 Para. 1 lit. b GDPR).

7.2 Payment Providers:

  • PayPal: Payment data is passed to PayPal (Europe) S.a.r.l. et Cie. PayPal may conduct a credit check based on their legitimate interest (Art. 6 Para. 1 lit. f GDPR).

  • SOFORT: Payment is processed via SOFORT GmbH (part of the Klarna Group).

8. WEB ANALYSIS AND SOCIAL MEDIA

  • Google Analytics: This website uses Google Analytics to analyze visitor traffic. Your IP address is shortened (anonymized) before transmission to the USA.

  • Facebook Pixel: With your consent, we use the Facebook Pixel to track user behavior and optimize ads.

  • Social Plugins: We use "Shariff" solutions for Facebook, Instagram, and Google+, meaning a connection to social servers is only established if you actively click the button.

9. YOUR RIGHTS AS A DATA SUBJECT

Under the GDPR, you have the following rights:

  • Right to Information (Art. 15): To know what data we hold about you.

  • Right to Rectification (Art. 16): To correct inaccurate data.

  • Right to Erasure (Art. 17): To have your data deleted ("Right to be forgotten").

  • Right to Restriction (Art. 18): To limit how we process your data.

  • Right to Data Portability (Art. 20): To receive your data in a structured format.

  • Right to Object (Art. 21): To object to processing based on legitimate interests.

10. DURATION OF STORAGE

The duration of the storage of personal data is determined by the respective statutory retention period (e.g., commercial and tax law). After the expiry of this period, the corresponding data is routinely deleted.

11. CONTACT FOR DATA PROTECTION

If you have questions regarding the collection, processing, or use of your personal data, or if you wish to exercise your rights, please contact:

Noah & Lily Email: info@noah-lily.com