Privacy policy

Privacy Policy

Translation of the German version of the privacy policy. This English version is for informational purposes only. In case of legal doubt, the German version prevails.

---

1. GENERAL INFORMATION

We’re pleased about your interest in our company. Data protection is particularly important to us. In this privacy policy, we inform you about data processing within our company – especially through our website and during the order process – insofar as it concerns your personal data.

If you would like an introduction to data protection and general information about the terms used in the General Data Protection Regulation (GDPR), you can find it on the website of the Federal Commissioner for Data Protection and Freedom of Information: https://www.bfdi.bund.de/EN

2. CONTROLLER INFORMATION

The controller responsible for processing your personal data is L/DB STUDIO GmbH, WITHIN MOOD, Lindenthalgürtel 85, 50935 Cologne, Germany. You can contact us for general inquiries at mood@withinmood.com.

3. ACTIVITIES WHERE WE PROCESS PERSONAL DATA

3.1 Visiting our website without registration

3.1.1 Website delivery We process data such as page name, accessed file, date and time of access, data volume, success message, browser type/version, user operating system, referrer URL, and IP address for technical provision of the website (Art. 6 para. 1 b GDPR). Data is deleted after your visit unless otherwise required.

3.1.2 Website security To detect and prevent attacks (e.g., hacking, DoS), we process IP addresses and other related data based on our legal obligation to implement protective measures (Art. 6 para. 1 c GDPR). Data is deleted after 7 days unless an attack is detected.

3.1.3 Web fonts Fonts are embedded from MyFonts Inc., requiring the transfer of IP addresses (Art. 6 para. 1 b GDPR). See MyFonts' privacy policy: https://www.monotype.com/legal/privacy-policy

3.2 Visiting our website with registration

3.2.1 Account creation To create a customer account, we process your name, email address, and password (Art. 6 para. 1 b GDPR). Data remains until account deletion, unless legal retention applies.

3.2.2 Same processing as in 3.1

3.3 Ordering through our online shop

3.3.1 Order data We collect name, address, birth date, phone number, gender, and email for order fulfillment, shipping, invoicing, and returns. SMS marketing may be sent without double opt-in. Consent is given by providing a phone number. (Art. 6 para. 1 b GDPR).

3.3.2 Payment information Depending on your payment method, payment data is processed by:

• PayPal: PayPal (Europe) S.a.r.l. et Cie, S.C.A., Luxembourg. Includes optional credit checks based on legitimate interest (Art. 6 para. 1 f GDPR).
• Shopify Payments (incl. Apple Pay, Google Pay, credit card): Shopify International Ltd., Ireland. See: https://www.shopify.com/legal/privacy

3.3.3 Third-party logistics Logistics services are provided by Hive FC BER3 GmbH. We transmit necessary data for shipping. Hive is contractually bound to use the data only for this purpose.

3.4 Back-in-stock notifications We process your email to notify you when a product is available again. Your email is deleted after the notification is sent (Art. 6 para. 1 b GDPR).

3.5 Cookies

3.5.1 Types of cookies We use necessary, non-essential, and third-party cookies:

• Necessary cookies: required for website functionality.
• Non-essential cookies: improve user experience and analyze behavior.
• Third-party cookies: personalize ads and measure effectiveness.

3.5.2 Google Analytics Used to analyze website usage. Data (IP anonymized) is processed by Google Inc., USA. For opt-out, see: http://tools.google.com/dlpage/gaoptout?hl=en

3.5.3 Bing Ads, Criteo, Google Ads (Conversion), Outbrain, AWIN These services use cookies for remarketing and performance tracking. You can object via respective opt-out pages:

• Microsoft: https://privacy.microsoft.com/en-us/privacystatement
• Criteo: http://www.criteo.com/privacy/
• Outbrain: http://www.outbrain.com/legal/privacy
• AWIN: https://www.awin.com/us/legal

4. WEB ANALYTICS & TRACKING

4.1 Facebook Custom Audiences We use Facebook pixels for personalized ads. More info: https://www.facebook.com/about/privacy/

4.2 Facebook Conversion Pixel Helps us track ad performance. Data remains statistical and non-identifiable.

4.3 Pinterest Tag Pinterest Inc. collects data via a pixel for personalized ads. Based on our legitimate interest.

5. SOCIAL PLUGINS

We integrate Pinterest plugins ("Save" button). Pinterest may associate visits with your account. See: https://policy.pinterest.com/en/privacy-policy

6. CONTACTING US

6.1 Contact form We collect name, email, and message content to respond to inquiries (Art. 6 para. 1 b GDPR). IP address is processed for security reasons.

6.2 Phone contact We process contact data and inquiry details for support purposes (Art. 6 para. 1 b GDPR).

6.3 Social media contact If you contact us via Facebook or Instagram, we process your profile data to respond (Art. 6 para. 1 b GDPR).

7. NEWSLETTER

You can subscribe via double opt-in. You can unsubscribe at any time. We use Klaviyo to manage our newsletter. Privacy policy: https://www.klaviyo.com/privacy

8. JOB APPLICATIONS

Application data is processed for recruitment purposes only (§26 BDSG). After conclusion of the process, data is deleted unless consent for future consideration is given.

9. YOUR RIGHTS

You may exercise the following rights:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Deletion (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Withdrawal of consent at any time

10. DATA SECURITY

We implement up-to-date technical and organizational measures to protect your data. However, internet data transfers carry inherent risk.

11. CHANGES TO THIS PRIVACY POLICY

We may update this policy in case of legal or technical changes. Last updated: September 1, 2021.