Privacy policy

Unbinding AI generated Convenience Translation to English

We take data protection seriously. The protection and security of your personal data, i.e. all data that can be related to you (hereinafter referred to as "personal data"), is our top priority.

That is why we treat all data that you entrust to us with the greatest care and in accordance with the applicable data protection regulations, namely the General Data Protection Regulation (hereinafter referred to as "GDPR") and the German Federal Data Protection Act ("BDSG").

Below you can find out which of your data we collect, in what way and on what legal basis, for what purpose we use it, how we protect it and what rights you have in relation to its processing.

I. RESPONSIBLE BODY

The controller for the processing of your personal data in the context of your visit to our website on www.westwing.de or our app, including the sale of goods and the provision of the services we offer, as well as our Westwing accounts on the social media platforms "Facebook", "Instagram", "TikTok" and "Pinterest", among others, within the meaning of the GDPR, is:

Westwing GmbH, Moosacher Straße 88, 80809 Munich, Germany, e-mail address: service@westwing.de (hereinafter referred to as "Westwing" or "we").

Westwing and Westwing Group SE, Moosacher Straße 88, 80809 Munich, are also partly jointly controllers. Against this background, Westwing and Westwing Group SE have defined in an agreement pursuant to Art. 26 GDPR which of them fulfils which data protection obligations.

II. DATA PROTECTION OFFICER

For all questions on the subject of data protection, you can also contact our external data protection officer, Mr. Christian Volkmer, and his team at any time:

Mr. Christian Volkmer, Projekt 29 GmbH & Co. KG, Ostengasse 14, 93047 Regensburg, Phone: 0941 2986930, Fax: 0941 29869316, E-mail: anfrage@projekt29.de, Website: www.projekt29.de

III. CATEGORIES OF PERSONAL DATA

The personal data collected when you visit our website, app or social media accounts may fall into the following categories:

Data collected when you browse our website or app, depending on which of our cookies you have consented to (e.g. login information, i.e. the date and time you logged in to our website, language preferences, products in your shopping cart, or data about your preferences, e.g. in relation to product categories),
Data collected when you create your customer account (e.g. your name, address, e-mail address, desired form of address (if provided by you), telephone number (if provided by you), encrypted password to the customer account),
Data processed in connection with your order (e.g. about the products you have purchased or the services you have used and payment information provided to us),
Data from you that is collected when you contact us (e.g. your name, email address, telephone number, customer, order and article number, as well as any other information you provide to us),
Data about you, which we transfer to our third-party service providers in certain cases in order to communicate with you on our website or app and to personalise the communication (e.g. your name, email address or products you are interested in based on your browsing behaviour),
Data collected when you consent to receive newsletters, customer satisfaction surveys, product reminders and your behaviour in relation to the content of our relevant promotional emails (e.g. opening the newsletter or clicking on a link in the newsletter),
Data about you, which we receive in certain cases from our cooperation partners (e.g. credit agencies, technical service providers, debt collection service providers or payment service providers),
Data that we process to participate in competitions (e.g. your name and email address),
statistical or aggregated data on your usage behaviour on our social media accounts,
Information about you that we receive from a friend or other contact who wants to invite you to use our website or app (e.g. your email address).

IV. PURPOSES ON THE BASIS OF WHICH WE PROCESS YOUR PERSONAL DATA

We use your personal data for various purposes, namely, for example:

for the purpose of providing certain technical functions on our website and in our app (e.g. to store your goods in the shopping cart) and to protect our website and our app,
for the purpose of analysing your behaviour on our website in order to optimise our offer and our contributions and make them more interesting for you,
for the purpose of creating a customer account,
for the execution and processing of orders for goods and services placed with us (e.g. for the dispatch of goods),
to contact you (e.g. to answer any questions you may have, to send you order confirmations and order notices or to inform you about changes that are significant to you, e.g. the applicable Terms and Conditions or this Privacy Policy),
for advertising and marketing purposes (e.g. to send you our newsletter, to inform you about vouchers or special promotions, to remember your shopping cart history, to send you product reviews and opinion surveys or for other similar promotional activities),
to process payments by us or our cooperation partners, to check fraud by us or our cooperation partners and to carry out debt collection by our cooperation partners,
to participate in competitions,
to statistically analyze your behavior on our social media accounts in order to optimize our offer and our posts for you,
for the purpose of inviting a friend or other contact to use our website or app.

At no time do we process personal data of special categories in accordance with Art. 9 GDPR (such as health data or data on your religion), unless you provide us with information concerning us without being asked in the context of communication with our customer service.

If we want to collect and process further personal data from you, we will inform you separately in advance and, if necessary, obtain your consent.

V. LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

The processing of your personal data is carried out on the basis of a legal permission standard, namely either on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR, or our overriding legitimate interest in processing in accordance with Art. 6 para. 1 f) GDPR, or the performance of the contract with you or the implementation of pre-contractual measures in accordance with Art. 6 para. 1 b) GDPR or the fulfilment of a necessary legal obligation of Westwing pursuant to Art. 6 para. 1 c) GDPR.

VI. RECIPIENTS OF YOUR PERSONAL DATA

Westwing remains the controller of your personal data collected on our website, in our app or on our social media accounts at all times.

Your data will only be passed on to third parties in the following cases, on the basis of the legal provisions listed in each case:

If a transfer of your personal data is necessary for the performance or performance of your contract (Art. 6 para. 1 b) GDPR; this includes, for example, data transfers to payment and logistics service providers or suppliers if they supply you directly), or

if this is necessary to comply with a legal obligation (Art. 6 para. 1 c) GDPR; this includes, for example, data transfers to government agencies and law enforcement authorities in order to comply with our statutory obligations to disclose, provide information and testify or to pursue recourse claims), or

on the basis of our predominantly legitimate interest or the predominant legitimate interest of a third party (Art. 6 para. 1 f) GDPR; this includes, for example, data transfers in the context of certain assignments of receivables or for administrative purposes within the group of companies), or

if we use external service providers, so-called processors, to process your personal data, who have been obliged to handle your data carefully and act exclusively on our behalf and in accordance with our instructions (Art. 28 GDPR; this includes, for example, service providers who provide technical infrastructure).

Apart from that, we will only transmit your personal data to third parties if you have given us consent to the data transfer in question in accordance with Art. 6 (1) (a) GDPR, whereby you can revoke your consent at any time with effect for the future.

VII. TRANSFER OF DATA TO THIRD COUNTRIES

When transferring your personal data to third countries, i.e. external bodies outside the European Union ("EU") and the European Economic Area ("EEA"), we ensure that the relevant external bodies treat your personal data with the same care as we do.

In addition, we only transfer your personal data to third countries for which the EU Commission has confirmed an adequate level of protection or if a comparable level of data protection can be guaranteed by contractual agreements or other suitable guarantees as in the EU or EEA (Art. 45 et seq. GDPR).

VIII. DELETION OF YOUR PERSONAL DATA

Unless there are statutory retention periods (e.g. under commercial and tax law) to the contrary, we will only store your personal data for as long as is necessary for the respective purpose of processing or until you inform us that your personal data in question should be deleted.

Such retention periods under tax or commercial law apply, for example, to data in connection with your orders, such as invoices. The latter, for example, are kept for ten years.

Accounts of customers who have not actively used their account for more than six years will be deleted by us.

So-called log file files, which we collect when surfing on our website or when using our app for network security and abuse prevention, are usually stored for 20 days and only in individual cases, if the longer retention is necessary to check for possible cyberattacks, fraud or abuse cases, 180 days. Your data in question will then be deleted or anonymized in such a way that it can no longer be assigned to you as a person.

IX. DETAILS OF THE PROCESSING OF YOUR PERSONAL DATA

1. DATA PROCESSING WHEN BROWSING OUR WEBSITE

When you visit our website, the following technically required information is collected and stored in so-called "server log files". Your browser automatically transmits this information to us so that our website can be displayed in your browser and you can use our website:

The IP address of your Internet Service Provider,
the website from which you visit us and the websites you visit from our website,
Date and time of access and crash dates,
information about the browser used and the operating system,
Your email address, which you use to register on our website,
Identification numbers, which are stored in so-called cookies or eTags on your device and by which we can recognize your device on the website,
Page and product views or clicks.

The processing or storage of your aforementioned access data or your IP address is necessary for technical reasons to provide and ensure system security on our website.

The processing or temporary storage of your technical access data is carried out on the basis of our overriding legitimate interest in accordance with Art. 6 para. 1 f) GDPR, which consists of being able to provide you with a technically functioning and secure website.

The access data collected during the visit to our website will only be stored for the period for which this data is required to achieve the above purposes. The server log files are stored for a maximum of 180 days and then deleted.

2. DATA PROCESSING WHEN CREATING A CUSTOMER ACCOUNT

To create your customer account, we need your email address and a password of your choice. In addition, we collect the following contact details: your name, address, your desired form of address (if provided by you), your telephone number (if provided).

Your e-mail address serves as the access code for your customer account. After successful registration, you will automatically receive a confirmation by e-mail. In the personal area of the customer account ("My Account") you can update all information at any time.

The legal basis for this is Art. 6 para. 1 b) GDPR, according to which the processing of personal data is permitted for the performance of a contract or for the implementation of pre-contractual measures.

By means of the "stay logged in" function, we would like to make your visit to our website as pleasant as possible. This feature allows you to use our services without having to log in every time. Technically, a cookie is stored on your device, which serves to ensure that you do not have to log in again on subsequent visits to our website. This function is not available to you if you deactivate this cookie via the cookie settings or if you have deleted the cookie in your browser settings after logging out on our website.

3. DATA PROCESSING TO PROCESS YOUR ORDER

If you order something from us, the processing of your data serves the conclusion and execution of the contract as well as the processing of your order, including payment and delivery.

The legal basis for the associated data processing is Art. 6 para. 1 b) GDPR, according to which the processing of personal data is permitted for the performance of a contract or for the implementation of pre-contractual measures.

We will delete your personal data processed in the context of orders at the latest after the expiry of the statutory retention obligations or if you have not actively used your customer account for more than six years.

3.1. CHOOSING YOUR PREFERRED PAYMENT METHOD

Depending on the choice of your preferred payment method, the data required for this will be forwarded directly to the respective payment service provider. The responsible person for your payment data is the respective payment service provider.

If you do not agree with the payment methods offered to you, you can inform us in writing by e-mail to service@westwing.de. We will then reconsider our decision taking into account your point of view.

3.1.1. CREDIT CARD PAYMENT

When making a credit card payment, we receive the so-called payment ID and the last four digits of your credit card number from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland. These are used by us to authenticate and assign your order and thus transmit it for your security. The personal data necessary to make the payment will be collected directly by the payment service provider.

The legal basis for the above data processing is Art. 6 para. 1 b) GDPR, according to which processing is permitted for the performance of a contract, or Art. 6 para. 1 f) GDPR, as our legitimate interest in offering you a secure credit card payment option prevails in the context of a balancing of interests.

3.1.2. APPLE PAY

If you choose the Apple Pay payment method to pay for purchases directly from your bank account, we will receive the relevant account details from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland. The personal data required for the processing and processing of the payment will be collected directly by the aforementioned payment service provider.

The legal basis for the aforementioned data processing is Art. 6 para. 1 b) GDPR. according to which the processing of the data is permissible for the performance of the contract or Art. 6 para. 1 f) GDPR, since our legitimate interest in offering you a secure payment option via Apple Pay outweighs the interests in the context of a balancing of interests. For more information about Apple Pay privacy, visit the Apple Pay website: https://support.apple.com/de-de/101554.

3.1.3. GOOGLE PAY

If you choose the Google Pay payment method to pay for purchases directly from your bank account, we will receive the relevant account details from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland. The personal data required for the processing and processing of the payment will be collected directly by the aforementioned payment service provider.

The legal basis for the aforementioned data processing is Art. 6 para. 1 b) GDPR, according to which the processing of the data is permissible for the performance of the contract, or Art. 6 para. 1 f) GDPR, as our legitimate interest in offering you a secure payment option with Google Pay outweighs the interests in the context of a balancing of interests.

You can find more information about data protection at Google Pay on the Google Pay website: https://support.google.com/googlepay/answer/9039712?hl=de.

3.1.4. PayPal

If you choose the PayPal payment method, your personal data required for this purpose (i.e. your first and last name, your delivery address, your email address, your telephone number, the amount to be paid and your IP address) will be transmitted to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg so that you can authorize the payment to us to PayPal. You need a PayPal account for this.

The legal basis for the aforementioned data processing is Art. 6 para. 1 b) GDPR, according to which the processing of personal data is permitted for the performance of a contract or for the implementation of pre-contractual measures.

You can find more information about data protection at PayPal on the PayPal website at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

3.1.5. KLARNA

If you choose the Klarna payment method with payment immediately or within 30 days, payment in three interest-free instalments or financing with interest via Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, your personal data (i.e. your contact and identification data as well as your payment information) required for this purpose will be transferred to Klarna.

Klarna may carry out a credit check and transmit your data to one of the following credit agencies for this purpose: SCHUFA, Boniversum and Arvato.

The legal basis for the credit check described above is Art. 6 para. 1 f) GDPR (balancing of interests, based on the interest in not suffering payment defaults).

You can find more details under the following link: https://www.klarna.com/de/datenschutz/.

3.1.6. ADVANCE PAYMENT

If you choose the payment method in advance, you will be asked to transfer the relevant purchase price amount to our bank account. Immediately after receipt of the transfer on the latter, the goods will be shipped to you.

3.1.7. PURCHASE ON ACCOUNT (ONLY FOR COMMERCIAL CUSTOMERS)

If you choose the payment method Purchase on account, we may transmit your relevant data to credit agencies, such as SCHUFA Holding, Kormoranweg 5, 65201 Wiesbaden ("SCHUFA"), in order to obtain information about your identity or to assess the credit risk on the basis of mathematical-statistical methods ("scoring"), whereby your address data, among other things, is included in the calculation. We use scoring solely to protect ourselves from possible payment defaults.

If the credit check is positive, it is possible to order by purchase on account. Other reasons for not being able to offer purchase on account may include that the delivery and billing addresses are different from each other or that a Packstation or a parcel depot is specified as the billing and/or delivery address.

The processing is carried out to avoid non-payment and therefore on the basis of Art. 6 para. 1 b) GDPR and Art. 6 para. 1 f) GDPR.

You can object to the transmission of your data to a credit bureau at any time, but in this case it is no longer possible to order by purchase on account.

4. FRAUD PREVENTION

In order to avoid fraud and payment defaults, we manually check common fraud patterns and anomalies with the partial help of a fraud prevention service from our cooperation partner Shopify International Limited, Victoria Buildings 1-2, Haddington Road, Dublin 4, D04. For this purpose, order and payment data (e.g. address, article, payment method) and device information (e.g. device, browser) are processed. The legal basis is Art. 6 para. 1 f) GDPR based on our legitimate interest in protection against misuse.

If an automated check should reveal that there is a suspicion of fraud, you will be informed about this and about the specific possibility of complaining about it by an employee of Westwing.

In addition, we may transmit information about non-claim-related behaviour to individual credit reference agencies, such as SCHUFA, in order to prevent fraud (for example, in the case of credit card fraud). This is done in accordance with legal requirements, to the extent necessary to safeguard our legitimate interests and the legitimate interests of third parties and there is no reason to believe that your interests or fundamental rights and freedoms that require the protection of personal data outweigh them. The processing is therefore carried out for the purpose of fraud prevention on the basis of Art. 6 para. 1 f) GDPR.

5. DATA PROCESSING WHEN CONTACTING US

5.1. CHANNELS TO CONTACT US

There are several ways to contact us. You can reach our customer service through the following communication channels:

by phone,

by letter,

by e-mail,

via contact form, or

via WhatsApp message

In order to be able to process your request, we collect your name, email address, telephone number, customer, order and article number, as well as any other information you provide to us, depending on the communication channel through which you contact us.

The legal basis for this is 6 Art. 1 b) GDPR, according to which the data processing is necessary for the performance of the contract, or Art. 6 para. 1 f) GDPR, based on our legitimate interest in processing inquiries from visitors to our website.

5.2. OUR CUSTOMER SERVICE SYSTEM ZENDESK

To process your contact requests, we use the Zendesk customer service system. The service provider is Zendesk, Inc., 1019 Market Street in San Francisco, CA 94103 USA.

We use Zendesk to process your customer inquiries quickly and efficiently. We would like to point out that you can also send your inquiries only by entering your e-mail address and without giving your name.

Since we have a data processing agreement with Zendesk, your personal data may only be processed by Zendesk in accordance with our instructions and in compliance with the GDPR.

Your data may be transferred to and stored on Zendesk's servers in the United States. The legal basis for this is the adequacy decision of the European Commission of 10 July 2023 (so-called Data Privacy Framework) pursuant to Art. 45 GDPR as well as so-called "Binding Corporate Rules (BCR)", which have been approved by the Irish Data Protection Authority. These are binding internal company regulations that legitimize intra-company data transfers to third countries outside the EU and the EEA. Details can be found here: https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/.

The legal basis for data processing by Zendesk is our legitimate interest in accordance with Art. 6 para. 1) f GDPR. Alternatively, if you do not agree to receive your request through Zendesk, you can contact us by email or phone.

For more information, please see Zendesk's Privacy Policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.

6. DATA PROCESSING FOR ADVERTISING PURPOSES

6.1. SENDING PROMOTIONAL EMAILS

If you have consented to this, Westwing will regularly send you the Westwing newsletter by e-mail to inform you about the latest trends in the field of Home & Living, must-have Home & Living styles, highlights of the Westwing online and retail shops as well as special offers or "Sales of the Day" and "Sales Highlights of the Week" ("Newsletter"). For details, see Section 6.1.1.

In addition, subject to your consent, you will receive notifications from us by email about personal benefits – such as vouchers or special promotions – reminders about the products in your shopping cart, reviews of the Westwing products you have purchased, and opinion polls regarding Westwing or Westwing's services ("Notifications"). You can also find details on this under section 6.1.1.

If you have already purchased a product or service from us and have not opted out of receiving it, you will also receive promotional emails from us about similar products and/or services by email. You can find out more about this in section 6.1.2.

6.1.1. SENDING PROMOTIONAL EMAILS BASED ON YOUR CONSENT

If you have given your consent on our website by ticking a checkbox, we will send you newsletters and/or notifications by e-mail.

Please note, however, that we will only send you newsletters and/or notifications by e-mail if you have previously expressly confirmed to us by clicking on a button that you would like to receive the e-mails in question. We will send you the button in question in a notification e-mail following receipt of your consent to the e-mail address you have provided (so-called "double opt-in procedure"). This is to prevent misuse by third parties who may provide your email address to sign you up for the Westwing newsletter or Westwing notifications without your consent. The legal basis for the double opt-in procedure is Art. 6 para. 1 f) GDPR, as we have a predominantly legitimate interest in preventing such abuse and documenting your consent.

The relevant legal basis under data protection law for the processing of your personal data in connection with the sending of the aforementioned advertising e-mails is your consent in accordance with Art. 6 para. 1 a) GDPR.

You can revoke your consent at any time with effect for the future, as follows:

Click on the unsubscribe link at the bottom of our promotional emails so that (depending on whether you wish to unsubscribe from the newsletter or an email notification) you will be redirected to the Newsletter Management or Notification Management section of your customer account (collectively, "Promotional Email Management"). There you can simply uncheck the boxes with the newsletters or notifications that you no longer want to receive.

Optionally, you can also log in to your customer account and then click on the "My Newsletters" or "My Notifications" tab (depending on the type of emails you wish to unsubscribe from) and then unsubscribe from the relevant newsletters or notifications that you no longer wish to receive by unchecking the corresponding ticks in the aforementioned newsletter management or notification management.

You may also withdraw your consent to receive newsletters and/or notifications and unsubscribe from receiving the relevant promotional emails by sending an email to service@westwing.de.

With the help of our promotional email management mentioned above, we allow you to differentiate and withdraw your consent to receive our newsletters and/or notifications. By ticking or unchecking a box, you can individually decide whether and when or how often you would like to receive a newsletter or notification by e-mail, depending on which newsletter you are interested in or which notification you consider useful and how often you would like to receive the newsletter or notification(s) in question.

Please note that we use commercially available technologies in our promotional emails that can be used to measure the opening of the emails and/or the links you click. We use this data for general statistical evaluations as well as for the optimization and further development of our content and customer communication. This is done with the help of small graphics that are embedded in the newsletter (so-called pixels). The legal basis for this is our legitimate interest in the optimisation and further development of our content as well as customer communication (Art. 6 para. 1 f) GDPR). If you do not wish to receive this analysis of your usage behavior, you can unsubscribe from receiving advertising emails at any time or deactivate graphics in your email program by default.

Our newsletters and notifications are sent via the shipping service provider Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 Munich, Germany ("Mapp"). For the processing of personal data, a data processing agreement has been concluded with Mapp in accordance with Art. 28 GDPR. For more information, please see Mapp's privacy policy. https://mapp.com/de/privacy/.

6.1.2. SENDING EMAILS ADVERTISING PRODUCTS AND SERVICES THAT MAY INTEREST YOU BASED ON YOUR PREVIOUS PURCHASING BEHAVIOR

If you have provided your e-mail address as part of the purchase of a product or service in our online shop, we will send you offers and information about products and services from our range that may be of interest to you, as you have already purchased similar products and services from Westwing. In addition, we will send you product review and feedback surveys to inquire about your satisfaction with purchased products or services used (e.g. our customer service). However, the sending of relevant advertising e-mails will only take place if you have not objected to the receipt – despite our corresponding notice below the purchase button.

The relevant legal basis under data protection law for the processing of your personal data is our legitimate interest in accordance with Art. 6 para. 1 f) GDPR in conjunction with § 7 para. 3 UWG.

You can also opt-out of receiving promotional emails at any time by simply clicking on the unsubscribe link at the bottom of our promotional emails. Optionally, you can log in to your customer account and unsubscribe via the advertising e-mail management (see section 6.1.1.). You can also opt-out of receiving the relevant promotional emails by sending an email to service@westwing.de.

6.2. NEWSLETTER SENT VIA WHATSAPP

We also allow you to receive our newsletters via a "WhatsApp" message. To send the newsletter via WhatsApp, we use the WhatsApp Business app.

To this end, we cooperate with our processors charles GmbH, Gartenstraße 86-87, 10115 Berlin, Germany and Braze, Inc., 318 West 39th Street, 5th Floor, New York, New York 10018, USA, ("Braze").

With regard to the use of WhatsApp, the privacy policy of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland applies. Among other things, these stipulate that every WhatsApp message is end-to-end encrypted and is therefore protected from access by third parties.

The legal basis for the processing of your data by Westwing is Art. 6 para. 1 a) GDPR, because you have consented on our site and confirmed through your WhatsApp message that you would like to receive newsletters, i.e. news about new products and interior trends, via this channel. You can revoke your consent at any time with effect for the future by clicking "Stop".

Westwing is committed to complying with WhatsApp Business' privacy policy, which can be found here: https://business.whatsapp.com/privacy-protections.

7. DATA PROCESSING TO COMMUNICATE WITH YOU ON OUR WEBSITE AND VIA OUR APP

We use the service provider "Braze" to communicate with you on our website as well as in our app. For this purpose, we show you, for example, so-called "overlays" with an interaction option.

Braze is also used to send you push notifications in our app.

Braze processes the following personal data, among others: your IP address, device-related data such as device type, model, operating system, browser type and version, usage-related information such as time of use, first name, email hash, Braze SDK and message interaction data, installation ID, device ID.

The legal basis for the processing of your personal data is Art. 6 paragraph 1 a) GDPR in conjunction with § 25 para. 1 TTDSG. The revocation of your consent is possible at any time with effect for the future. The easiest way to revoke this is via our Cookie Consent Manager.

You can find more information about Braze's compliance with data protection here: https://www.braze.com/privacy/.

8. DATA PROCESSING FOR PARTICIPATION IN COMPETITIONS

If you participate in competitions, we only process the data that is necessary for the implementation of the competitions (Art. 6 para. 1 b) GDPR). Please note the respective data protection information in the terms and conditions of participation for the respective competition.

9. DATA PROCESSING WHEN USING THE SOCIAL MEDIA FAN PAGES

Westwing is active and present within social networks and platforms in order to communicate with interested parties and users and to be able to inform them about other offers from Westwing. Below we give you an overview of the processing and use of your personal data when you visit our social media accounts:

9.1. FACEBOOK AND INSTAGRAM

We operate "fan pages" on the social networks of "Facebook" and "Instagram" under joint responsibility with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, in order to communicate with followers (such as our customers and interested parties) and to provide information about our products, competitions and other promotions.

With the help of meta statistics on the use of our "fan pages" (e.g. information about number, names, interactions such as likes and comments, as well as aggregated demographic and other information or statistics; "Insights Data"), we receive information about how our "Fan Page" is used, what interests visitors to our "Fan Pages" have, and which topics and content are particularly popular, so that we can optimize our "Fan Page Content" and tailor it to our user interests. The insights data only contains statistical, depersonalized information on visitors to the fan page, which can therefore not be assigned to a specific person. You can find more information about the type and scope of these statistics in the Meta Page Statistics Notes. For more information on Meta's respective responsibilities and how Meta processes your data, please visit: https://www.facebook.com/legal/terms/information_about_page_insights_data, https://help.instagram.com/1533933820244654.

Please note that we have no influence on the data processing carried out by Meta under its own responsibility in accordance with the terms of use of Facebook and Instagram. However, we would like to point out that when you visit the "fan pages", data on your usage behaviour is transmitted from Facebook/Instagram and the "fan pages" to Meta. Meta itself processes your personal data in order to compile the aforementioned statistics and for its own market research and advertising purposes. We do not have access to this data.

Insofar as we receive your personal data in the operation of the fan pages, you are entitled to the rights mentioned in this data protection declaration. If you want to assert your rights against Facebook, you can also contact Facebook directly. We are happy to support you in asserting your rights as far as we are able to do so and forward your inquiries to Meta.

The legal basis for this data processing is Art. 6 para. 1 f) GDPR based on our aforementioned legitimate interest in being able to provide you with our Facebook "fan pages" for marketing and advertising purposes.

For more information, please see Meta's privacy policy at: https://de-de.facebook.com/policy.php/.

9.2. YOUTUBE

We use so-called "plugins" of the platform "YouTube" to integrate our own videos and make them publicly accessible. YouTube is the service of a third party not affiliated with us, namely YouTube LLC operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; ("Google").

Once you get to our YouTube channel, your browser connects to YouTube and transmits information. The integration of YouTube content only takes place in the so-called "extended data protection mode". YouTube provides this itself and, according to its own statements, thus ensures that YouTube user information (e.g. cookies) is only stored on the device when the video(s) is played. When you access the videos in question, your IP address, unique identifiers, the type and settings of your browser, the type and settings of your device, the operating system, information about the mobile network such as the name of the mobile phone provider and the phone number as well as the version number of the app are transmitted to YouTube. YouTube also collects data about how your apps, browsers, and devices interact with its services. This is because the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. This is how YouTube connects to the Google DoubleClick network, whether you're watching a video or not. The data transmitted includes, but is not limited to, the IP address, crash reports, system activity, and the date, time, and referral URL of your request. In addition, YouTube collects data about your activities (e.g., terms you search for, videos you watch, etc.). All data collected about you via our YouTube channel is processed by YouTube. According to information from YouTube, this information is used, among other things, to collect video statistics, improve the user experience and prevent abusive practices. YouTube also uses cookies to collect information about user behavior. The storage of these cookies can be prevented by appropriate browser settings and extensions. If you are logged in to your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.

In addition, we occasionally integrate videos stored on YouTube directly on our website by means of so-called "plugins". With this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only accessed by clicking on them separately. This technique is also called "framing". If you call up a (sub-)page of our website on which YouTube videos are integrated in this form, a connection to the YouTube servers is established and the content is displayed on the website by means of a message to your browser. We have no influence on the scope and content of the data that is transmitted to YouTube and, if applicable, other partners of YouTube by activating the "plugin". Among other things, the YouTube server is informed which of our pages you have visited.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 sentence 1 a) GDPR in conjunction with § 25 para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. The revocation of your consent is possible at any time with effect for the future, the easiest way is via our cookie consent manager.

For more information about the information YouTube receives and how it is used, please refer to YouTube's privacy policy at: https://policies.google.com/privacy.

9.3. TIKTOK

We publish short video clips (so-called "reals") on the TikTok platform and in the TikTok app to promote our products and our online shop. If you visit the TikTok website or app, TikTok Inc., 10100 Venice Blvd., Culver City, CA 90232, USA ("TikTok") collects and processes your personal data.

TikTok makes a certain part of this data available to the owners of TikTok profiles in an anonymized and aggregated form. This is the number of new followers, demographic data such as gender and country, unrelated to identifiable people. Westwing is therefore unable to identify a visitor to the TikTok profile. As the owner of this profile, Westwing also receives anonymized statistical data (so-called "insights data") from TikTok. No conclusions can be drawn about the respective visitor via this data. The data contained in the statistics is used by us exclusively for the analysis of user behaviour so that we can better tailor our TikTok profile and our offer to the needs and interests of visitors.

The use of your data transmitted to us by TikTok is based on our legitimate interest in accordance with Art. 6 para. 1 f) GDPR to carry out data analyses and to statistically record the use of our TikTok profile, to optimize our offer for you, to market our posts and videos on our website and to continuously improve and manage our offer and our products.

For more information on data processing by TikTok, please refer to TikTok's privacy policy at: https://www.tiktok.com/legal/privacy-policy?lang=de.

9.4. PINTEREST

We operate a Westwing account on the "Pinterest" platform and in the Pinterest app, where we publish inspiration on home & living topics and advertise our products. Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA ("Pinterest") is responsible for the Pinterest Services.

When you register for an account, Pinterest processes the data you provide, namely, for example, your name, email address, phone number, photos, pins and comments. In addition, Pinterest collects and processes your IP address, which is used to approximate your location, if you choose to share your exact location, as well as other internet and electronic network activities (including which "pins" you click, which "boards" you create, and what text you add to a comment or description).

The legal basis for this data processing is Art. 6 para. 1 f) GDPR based on our legitimate interest in being able to provide you with our Pinterest platform for marketing and advertising purposes.

You can find more information at https://policy.pinterest.com/en/privacy-policy.

10. DATA PROCESSING WHEN BOOKING OUR DESIGN SERVICES

Via our website you have the opportunity to book the Westwing Design Service via the tab "Design Service"/ "Start your project" and have your apartment individually furnished by us. You can choose between our basic, premium and deluxe service package.

As part of the booking, the following personal data will be processed in order to contact you with your designer in the course of creating the concept: first name, last name, e-mail address, telephone number, as well as any other project-related information that you transmit to us.

You can also book an individualized furnishing concept for your company (e.g. office, café, hotel) via the tab "Design Service" / "Business Customer Service". The following personal data may be processed via your pre-registration for our business customer service: first name, last name, e-mail, telephone number.

The legal basis for this is Art. 1 lit. b) GDPR (performance of contract) or Art. 6 para. 1 lit. f) GDPR (balancing of interests, based on our interest in processing inquiries from users of our website).

11. DATA PROCESSING BY SHOPIFY

To provide our online store and process your payments, we work with the service provider Shopify International Limited, Victoria Buildings 1-2, Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Shopify enables us to operate our online store via Shopify's cloud computing infrastructure and also processes payments for us.

Your data may be transferred to and stored on Shopify Inc.'s servers in the United States and/or Canada. The legal basis for this is so-called EU standard contractual clauses or the adequacy decision of the European Commission of 10 July 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR.

Shopify is used to provide our online shop and to process your payments. The legal basis is therefore our legitimate interest within the meaning of Art. 6 para. 1 f) GDPR or the execution of your contract within the meaning of Art. 6 para. 1 b) GDPR.

Shopify acts as our processor or as a controller, depending on the processing activity.

For more information on data processing and privacy by Shopify, see https://www.shopify.com/legal/privacy.

X. COOKIES AND SIMILAR TECHNOLOGIES

We use so-called "cookies" and similar technologies (such as so-called "web beacons", "pixels", "tags") on our website and in our app.

Web beacons are small GIF files that can be hidden in other graphics, emails, or the like. Web beacons can identify your computer and evaluate your user behavior, such as reactions to promotions. The information collected by web beacons cannot be used to identify you.

Cookies are small text files that are transferred from an internet server to your browser and stored on its hard drive. There are so-called "session cookies", which are deleted as soon as you close your browser, and so-called "persistent cookies", which are stored on your device for a longer period of time or indefinitely. A cookie contains a characteristic string of characters that allows your browser to be uniquely identified when you return to the website. This helps us to personalize our offering, make it more user-friendly, effective, and secure, and enable the provision of certain features.

Under the "Cookie Settings" button on our Cookie Consent Manager, you can determine at any time which cookies you want to allow. Exceptions to this are strictly necessary cookies, which ensure essential functions of the website and our app.

Cookie-Einstellungen

Basically, a distinction is made between four different cookie categories:

1. STRICTLY NECESSARY COOKIES

Strictly necessary cookies enable basic functions and are necessary for the website and our app to function properly. They are used, for example, for order processing or enable you as a registered user to always remain logged in when accessing various subpages of our website and our app. In addition, thanks to these cookies, you do not have to re-enter your login details every time you visit a new page.

The legal basis for the use of strictly necessary cookies on our website and in our app is our legitimate interest in providing our website and our app in a technically flawless and user-friendly manner (Art. 6 para. 1 f) GDPR). The use of strictly necessary cookies is possible and legally permissible without your prior consent.

If you do not want your device to be recognized the next time you visit, you can also refuse the use of such cookies by changing the settings in your browser to "Reject cookies". You can find the respective procedure in the operating instructions of your respective browser. If you have an appropriate browser setting, you will be informed about the setting of cookies and can only allow cookies in individual cases or exclude the acceptance of cookies for certain cases or in general. It is also possible to activate the automatic deletion of cookies when the browser is closed.

If you refuse the use of certain cookies, you may experience restrictions on your use of some areas of our website and app.

2. FUNCTIONAL COOKIES

Functional cookies allow us to remember information that has already been provided (such as your registered name) and to offer you improved and tailored features. If you do not allow these cookies, some of these services may not work properly.

The data processing in question is carried out on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR in conjunction with § 25 para. 1 TTDSG. You can revoke your consent at any time with effect for the future, the easiest way is via the Cookie Consent Manager.

3. PERFORMANCE COOKIES

Performance cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. The data collected by the cookies allows us to understand, among other things, which areas are the most popular, which are least used and how visitors move around our website. All information collected by these cookies is aggregated and cannot be easily attributed to you.

The data processing is carried out on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR in conjunction with § 25 para. 1 TTDSG. You can revoke your consent at any time with effect for the future, the easiest way is via the Cookie Consent Manager.

4. MARKETING COOKIES AND SIMILAR TECHNOLOGIES

Marketing Cookies and similar technologies (e.g. "pixels") enable us to show you personalized advertising content that is relevant to you and to measure the effectiveness of our advertising efforts.

Marketing cookies and similar technologies are set not only on our website, but also on other (advertising) partner sites ("third party cookies"). This so-called "retargeting" serves to place relevant advertising on other websites and to analyze the relevant target groups of the products and services.

5. DETAILS OF THE COOKIES WE USE

5.1. REQUIRED COOKIES

5.1.1. GOOGLE RECAPTCHA

We use the "Google reCAPTCHA" service, which is offered to individuals from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

With the help of this service, we can distinguish whether an input is made by a natural person or improperly through machine and automated processing.

When using the service, your IP address and, if applicable, other data required by Google for the reCAPTCHA service will be transmitted to Google.

The processing of this data is carried out on the basis of our legitimate interest in exercising personal responsibility on the Internet and avoiding abuse and spam (Art. 6 para. 1 f) GDPR). The storage of information and access to information in your device is absolutely necessary and therefore takes place in accordance with § 25 para. 2 TTDSG.

For more information about Google reCAPTCHA and Google's privacy policy, please visit: https://www.google.com/intl/de/policies/privacy/.

5.1.2. ONE TRUST

We work with OneTrust, LLC, 1350 Spring St NW, Atlanta, GA 30309 ("OneTrust") to obtain and manage your consents. This is done via our cookie consent manaher or cookie banner, which appears on your first visit to our website or app and through which you are informed about data processing or specifically cookies and other technologies on our website and in our app and can reject or accept the setting of individual cookies and other technologies.

You can also return to the cookie banner and change your selection. In addition, the cookie banner appears when you visit our website and our app, provided that you have deactivated the storage of cookies or the cookies have been deleted or expired by OneTrust.

Specifically, your consents or revocations, your IP address, information about your browser and your device at the time of your visit are transmitted to OneTrust and information is stored on your device.

The legal basis in question is Art. 6 para. 1 f) GDPR, as we have a legitimate interest in complying with the legally required documentation of your cookie consents and cookie management. Another legal basis is § 25 para. 2 TTDSG.

The data in question may be transferred to OneTrust's servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of 10 July 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR.

5.2. FUNCTIONAL COOKIES

5.2.1. VIMEO PLUGINS

For the integration of videos, we use, among other things, the service "Vimeo" of Vimeo LLC, 555 West 18th Street, New York 10011, USA ("Vimeo").

Vimeo uses so-called "plugins" for this purpose. When you access the websites provided with such a plugin, a connection to the Vimeo servers is established and the information about which of our websites you have visited is transmitted. If you are logged in to Vimeo, Vimeo will assign this information to your personal user account. When using the plugin, e.g. clicking on the start button of a video, this information is also assigned to your user account.

The data in question may be transferred to Vimeo servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of 10 July 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

Further information on data processing and information on data protection by Vimeo can be found under https://vimeo.com/privacy.

5.2.2. ALGOLIA

We use the "Algolia" service of Algolia SAS, 55 Rue d'Amsterdam, 75008 Paris, France ("Algolia") to search for and index content on our website and app. For this purpose, your IP address and your search queries are forwarded to Algolia's server.

Algolia also prepares reports for us with corresponding evaluations and search analyses.

In this regard, Algolia helps us improve the discoverability of our listings, the search experience, and the satisfaction of our customers.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 a) GDPR. You can revoke your consent at any time with effect for the future, the easiest way to do this is via our Cookie Consent Manager.

For more information, please see Algolia's Privacy Policy: https://www.algolia.com/policies/privacy.

5.3. PERFORMANCE COOKIES, ESP. GOOGLE ANALYTICS WITH CONERSION TRACKING

We use the service "Google Analytics", a web analysis service from Google, which, among other things, sets pixels and performance cookies to store information on your device.

This enables us to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze your usage behavior across devices and to improve our website and our app and make it more interesting for you. For this purpose, we also receive statistics from Google about your use of our website and app.

Google Analytics 4 also uses artificial intelligence to automate the analysis and enrichment of the data. This is mainly done to create forecasts of the future behavior of website and app visitors based on structured event data (e.g. the predicted revenue, the probability of purchase and the probability of churn). These forecast values can also be used for forecast audiences. For details, please visit: https://support.google.com/analytics/answer/9846734?hl=de

In addition, Google Analytics 4 models conversions if there is not enough data available to optimize the data evaluations. For more details, please visit: https://support.google.com/analytics/answer/10710245?hl=de.

Google Analytics 4 does not log or store individual IP addresses. However, Google Analytics 4 provides rough geographic location data by deriving the following metadata from IP addresses: city (and the city's inferred latitude and longitude), continent, country, region, subcontinent (and ID-based counterparts). In the case of EU traffic, the IP address data is used exclusively for the derivation of geolocation data before it is immediately deleted. They are not logged, are not accessible and are not used for other purposes.

The data in question may be transferred to Google's servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of 10 July 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent. Due to the activation of IP anonymization on this website, your IP address will be shortened before transmission to the USA or to EU member states or EEA contracting states. Only in exceptional cases will your entire IP address be transmitted to a Google server in the USA and only shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

You can also prevent the collection of your data (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie is set that prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookie in this browser, you will have to set the opt-out cookie again.

Further details on data processing by Google Analytics with conversion tracking can be found at: http://www.google.com/analytics/terms/de.html, http://www.google.com/intl/de/analytics/learn/privacy.html, and http://www.google.de/intl/de/policies/privacy.

5.4. MARKETING COOKIES AND SIMILAR TECHNOLOGIES

5.4.1. CUSTOM AUDIENCE / META PIXEL

We use "Custom Audiences" on our website with the so-called "pixel function" ("Meta Pixel") and the "server-side conversion API", which is operated for visitors outside the USA and Canada by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").

This allows us to display interest-based advertising to you when you visit the social networks Facebook and Instagram, or other Meta apps and websites, and to understand the effectiveness of our advertising. Through the meta pixels integrated on our website, your browser automatically establishes a connection with Meta's servers for advanced comparison of the integrated meta pixel. For example, this provides Meta with information that you have clicked on a particular ad or product on our website, which in turn allows us to show you ads based on your interests on our website or on other websites.

If you are registered with a Meta service, Meta can assign the website visit to your account, as your personal data in the form of your e-mail and IP address is transmitted by us to Meta in hashed form via the pixel and partly enriched with existing tracking data. The country in which you are located is also transmitted. Even if you are not registered with Facebook or Instagram or have not logged in, it is possible that Meta will learn your aforementioned personal data and use it to create a profile.

The data in question may be transferred to and stored on servers of Meta Platforms, Inc. in the USA. The legal basis for this is the adequacy decision of the European Commission of 10 July 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 a) GDPR in conjunction with § 25 para. 1 TTDSG. This means that we will not use these services unless you have consented to the use of Facebook Custom Audiences or pixels. The revocation of your consent is possible at any time with effect for the future, the easiest way is via our consent manager. Furthermore, if you are logged in to your Facebook account, you can also object to data processing under the following link: https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu

Further information, in particular on the joint responsibility of us and Meta and on the purpose and scope of data processing by Meta as well as the setting options to protect your privacy, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

5.4.2. PINTEREST TAG

In order to further optimize our Pinterest campaigns and measure their success, we use the "Pinterest Tag" service of the social network "Pinterest", which is offered to visitors from the European Economic Area by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest").

We use the Pinterest tag and the "server-side conversion API" to only be able to display our Pinterest ads to those Pinterest users who have also shown an interest in our offer. At the same time, it is ensured that our advertisements are also highly likely to correspond to the interests of the respective user in terms of content. We can also track the behavior of Pinterest users who have clicked on one of our ads. For this purpose, Pinterest processes data that the service collects via cookies, web beacons and comparable storage technologies on our websites and in our app.

When using the service, the following information is processed: device information (e.g. type, brand), operating system used (e.g. iOS 11), IP address of the device used, time of access to our offer, type and content of the campaign and the reaction to the respective campaign (e.g. clicking on a button) as well as the device identifiers, which consists of individual characteristics of your device. Based on these device identifiers, we can also recognize your device on the website. The data collected in this way is anonymous to us and does not allow any conclusions to be drawn about your identity. If you log into your Pinterest account after visiting our website or if you visit our website while logged in, it is possible that this data will be stored and processed by Pinterest, about which we would like to inform you. Pinterest may be able to connect this data to your Pinterest account and also use it for its own advertising purposes.

The data in question may be transferred to and stored on servers of Pinterest, Inc. in the USA. The legal basis for this is so-called EU standard contractual clauses in connection with your consent.

You can find more information about the purpose and scope of data processing as well as the setting options to protect your privacy in the Pinterest privacy policy, which you can access via the following link: https://policy.pinterest.com/de/privacy-policy .

5.4.3. MICROSOFT BING ADS

On our website, we use the conversion tracking service "Microsoft Bing Ads" from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft Bing Ads will place a cookie on your computer if you have reached our website via a Microsoft Bing ad. This allows us to recognise that you have clicked on an ad and been redirected to our website. This helps us understand how effective a particular ad is. However, we only receive information about the total number of users who clicked on a Bing ad and were then redirected to our website. No information about the identity of the user is communicated.

The data in question may be transferred to Microsoft servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of 10 July 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

You can find more information about data processing and the cookies used by Bing Ads at: https://privacy.microsoft.com/de-de/privacystatement.

5.4.4. GOOGLE ADS (FORMERLY ADWORDS) AND CONVERSION TRACKING

We use the "Google Ads" and "Google Conversion Tracking" services, which are offered to individuals from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

This allows us to serve Google Ads ads while taking into account your interests and location.

When you click on a Google ad, a cookie is temporarily set on your computer, which allows us to recognize that you clicked on the ad and were redirected to that page.

The conversion statistics generated on this basis tell us the total number of users who clicked on the ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.

If you use a Google Account, Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalize ads, depending on the settings stored in your Google Account. If you do not want this assignment to your Google account, it is necessary that you log out of Google before accessing our website. You can also prevent the setting of the cookies in question by setting your browser software or on the Google website.

You can find more information about Google Ads and Conversion Tracking as well as Google's privacy policy at: https://www.google.com/privacy/ads and https://policies.google.com/privacy.

5.4.5. GOOGLE DYNAMIC REMARKETING

We also use the "Google Dynamic Remarketing" remarketing feature. This service is used to present you with interest-based advertisements on other websites after you visit our website. The ads are based on the products and services you clicked on the last time you visited our website. For this purpose, Google sets cookies, which are temporarily stored in your browser. Google only stores information such as your web request, IP address, browser type, browser language, date and time of your request.

You can find more information about Google Dynamic Retargeting and Google's privacy policy at: https://www.google.com/privacy/ads and https://policies.google.com/privacy.

5.4.6. GOOGLE AD MANAGER (FORMERLY DOUBLECLICK)

We also use "Google Ad Manager" (formerly "Doubleclick"). This service uses cookies, pixels and other technologies to present you with interest-based advertisements based on previous visits to our or other websites. It also allows us to understand how successful our advertising campaigns have been. Google says it also processes the data in question to optimize its own products and services.

You can find more information about Google Ad Manager and Google's privacy policy at: https://www.google.com/privacy/ads and https://policies.google.com/privacy.

5.4.7. YOUTUBE IN ENHANCED PRIVACY MODE

We use the provider YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, ("YouTube") to embed videos on our website. When you visit our website with videos embedded by YouTube, your browser establishes a direct connection to YouTube's servers in order to be able to display the content to you. In this case, the retrieved content can be recorded by your browser. If you are logged in to your YouTube account, YouTube can assign your usage behavior to your personal profile. You can prevent this by logging out of your YouTube account before you access our website.

The data in question may be transferred to YouTube servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of 10 July 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

You can find more information about YouTube's data processing in YouTube's privacy policy at: https://policies.google.com/privacy?hl=de&gl=de.

5.4.8. SEGMENT

We also use the "Segment" service of Segment Inc., 101 15th St San Francisco, CA 94103, USA ("Segment").

Segment collects and stores data from you, from which usage profiles can be created using pseudonyms. These usage profiles serve to analyze your usage behavior and are evaluated to improve our offer for you. Cookies can be used for this purpose, which enable recognition when you visit our website again. The pseudonymised user profiles will not be merged with personal data about the bearer of the pseudonym.

The data in question may be transferred to and stored on Segment's servers in the United States. The legal basis for this is the adequacy decision of the European Commission of 10 July 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

For more information, please see Segment's privacy policy: https://segment.com/docs/legal/privacy/.

5.4.9. HOTJAR

We use the web analysis service "Hotjar" of Hotjar Limited, Dragonara Road, Paceville St. Julian's STJ 3141, Malta ("Hotjar").

Hotjar uses cookies and other technologies to analyze and evaluate your usage behavior and interactions with our website. This helps us to optimize your user experience on our website by giving us a better understanding of our users' experience on our website (e.g. clicks, scrolls, mouse movements).

Your IP address is shortened before the usage statistics are evaluated, so that no direct conclusions can be drawn about your identity.

For more information, see the "about Hotjar" section on https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotja.

5.4.10. BRAZE

We use the web analytics service "Braze" provided by Braze, Inc., 318 West 39th Street, 5th Floor, New York, New York 10018, USA, ("Braze") to communicate with you on our website and app and to understand the function and use of our mobile content on your device. For example, we display pop-up windows with an interaction option.

Braze is also used to send push notifications in our app and on our website.

We also use Braze to send you personalized promotions and tailored information about our products.

We will also inform you via Braze about items that you have forgotten in your shopping cart.

The data in question may be transferred to and stored on Braze's servers in the United States. The legal basis for this is the adequacy decision of the European Commission of 10 July 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

You can find more information about Braze's compliance with data protection here: https://www.braze.com/privacy/.

5.4.11. CRITEO

We also use the remarketing tool "Criteo" on our website and in our app from the company Criteo, SA, 32 Rue Blanche, 75009 Paris, France, in order to be able to show you personalized advertisements on partner websites and apps about products that may interest you based on the products you have clicked on on our website or in our app. To do this, Criteo links the above information about your past browsing behavior to a unique identifier, such as an identification cookie or other similar technology (e.g., mobile advertising IDs and non-cookie-based technologies).

Criteo and Westwing act as joint controllers within the meaning of Art. 26 GDPR.

The legal basis under data protection law is your consent in accordance with Art. 6 para. 1 a) GDPR in conjunction with § 25 para. 1 TTDSG. You can revoke this at any time with effect for the future – the easiest way is via our Cookie Consent Manager or under the following link: https://www.criteo.com/de/privacy/disable-criteo-services-on-internet-browsers/.

If personal data is transferred by Criteo to non-EU or EEA countries, this is done according to Criteo on the basis of an adequacy decision of the European Commission in accordance with Art. 45 of the GDPR or on the basis of suitable data protection safeguards in accordance with Art. 46 GDPR, such as the conclusion of the EU Standard Contractual Clauses.

You can find more information about Criteo's processing of your data here: https://www.criteo.com/de/privacy

5.4.12. KLEAR

We use the influencer marketing service "Klear", of Meltwater Deutschland GmbH, Jannowitz Centre, Brückenstrasse 6, 10179 Berlin. This allows us to build influencer marketing programs, measure and analyze influencer campaigns. In order to be able to track the success of the campaign on our website, Klear uses cookies.

The analyses created in this way help us, among other things, to search for influencers on social networks by region, language, industry, hashtag and previous collaborations and to make data-driven decisions about our influencer marketing strategy.

You can find more information here: https://klear.com/legal/cookies; https://klear.com/legal/privacy-notice-for-influencers.

5.4.13. GOOGLE CUSTOMER MATCH

We also use Google's "Google Customer Match" service, which enables us to display interest-based advertising to visitors to our website based on their previous browsing behavior on our website and third-party websites, as well as in apps and e-mails.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 a) GDPR in conjunction with § 25 para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. The revocation of your consent is possible at any time with effect for the future, the easiest way is via our cookie consent manager. If you would like to opt out of receiving interest-based advertising from Google Customer Match, you can also opt out by visiting the following websites: http://www.networkadvertising.org/choices/; http://www.youronlinechoices.com/

You can find more information about Google's compliance with data protection here: https://support.google.com/google-ads/answer/6334160?sjid=2821624592503930728-EU

5.4.14. LEAD FORENSICS

We also use a B2B tool for sales and marketing from Lead Forensics, UK Headquarters, Communication House, 26 York Street, London, W1U 6PZ, UK ("Lead Forensics").

Lead Forensics uses a tracking code to identify companies that visit our website based on their business IP addresses. The Lead Forensics tracking code simply collects information that is easily accessible to the public. The information in question is not used to personally identify an individual visitor. The IP addresses that are collected are anonymized immediately after storage.

Lead Forensics does not provide us with the IP addresses. It only provides us with information about which companies have visited our website and the date and duration of their visit. This information enables us to analyse the use of our website and possibly to contact these companies.

The information generated by the Lead Forensics tracking code is transmitted to, processed and stored by Lead Forensics servers in the United Kingdom. The legal basis for this is the adequacy decision of the European Commission of 10 July 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR or Art. 49 para. 1 a) GDPR in connection with your consent.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 a) GDPR in conjunction with § 25 para. 1 TTDSG. This means that we will not use this service unless you have consented to its use. The revocation of your consent is possible at any time with effect for the future, the easiest way is via our cookie consent manager. To unsubscribe from tracking, you can also use the following link: https://optout.leadforensics.com/?clientID=786109.

5.4.15. TIKTOK ADS

We use the "TikTok Ads" service of TikTok Inc, 10100 Venice Blvd, Culver City, CA 90232, USA ("TikTok"), which enables us to display interest-based advertising to visitors to our website based on their previous browsing behavior on our website and on third-party websites, as well as in apps and emails.

When you visit our website, setting a pixel connects to TikTok's servers, and personal data such as your IP address, pages visited, and interactions may be logged.

The corresponding data can also be transmitted to TikTok servers in the USA and stored there. The legal basis is so-called EU standard contractual clauses in connection with your consent.

The legal basis for the processing of your data is your consent, in accordance with Art. 6 para. 1 a) GDPR. This means that we will only use this service if you have given us your consent to do so. You can revoke your consent at any time with effect for the future, the easiest way is via our Cookie Consent Manager.

You can find more information here: https://ads.tiktok.com/help/article/app-retargeting?lang=en; https://www.tiktok.com/legal/page/eea/privacy-policy/en.

XI. TECHNICAL AND ORGANIZATIONAL MEASURES FOR DATA SECURITY

We have taken technical and organizational security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access by third parties, as well as to ensure an appropriate level of protection and to protect your personal rights.

For example, we encrypt your personal data, including confidential content, such as your contact requests, before it is transmitted, and all of our employees, service providers and processors working for us are committed to complying with applicable data protection regulations and data protection laws.

We regularly check that our numerous safety precautions correspond to the state of the art.

XII. YOUR RIGHTS AS A DATA SUBJECT

In accordance with the legal provisions on data protection, you have the following rights with regard to your personal data at any time:

1. RIGHT TO INFORMATION

You have the right to request information about the personal data we process about you and a copy of this data.

2. RIGHT TO RECTIFICATION

You have the right to request the correction of inaccurate data and, taking into account the purposes of the processing, the completion of incomplete data.

3. RIGHT TO ERASURE

You have the right to request the deletion of your data for the following reasons:

The storage of the data is no longer necessary for the purposes for which it was collected or otherwise processed,

You withdraw your consent on which the processing was based and there is no other legal basis for the processing,

You object to the processing and there are no overriding legitimate interests for the processing,

the personal data in question has been unlawfully processed,

or the erasure of your personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States.

Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Regardless of whether you exercise your right to erasure, we will delete your data immediately and completely, provided that the storage is no longer necessary for the respective purpose of processing and there are no legal or statutory retention obligations to the contrary.

4. RIGHT TO RESTRICTION OF PROCESSING

You also have the right to request the restriction of the processing of your data, provided that:

the accuracy of your personal data is contested by you, for a period of time that allows us to verify the accuracy of your personal data,

the processing is unlawful and you oppose the erasure of your personal data and instead request the restriction of the use of your personal data;

we no longer need the personal data for the purposes of the processing, but you need it to establish, exercise or defend legal claims, or

You have objected to the processing in accordance with Art. 21 (1) GDPR, as long as it has not yet been determined whether our legitimate interests outweigh yours.

5. RIGHT TO DATA PORTABILITY

If the legal requirements are met, you have the right to receive the data provided in a structured, commonly used and machine-readable format and to transmit this data to another controller or, as far as this is technically feasible, to have it transmitted by Westwing.

6. RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT DATA PROTECTION AUTHORITY

You also have the right to lodge a complaint with the competent data protection supervisory authority. To assert this right, we ask you to contact us by e-mail at: serice@westwing.de.

7. RIGHT TO OBJECT

Insofar as the processing of your personal data is carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence f) GDPR, you also have the right to object to the processing of your personal data on grounds arising from your particular situation, e.g. by e-mail to: service@westwing.de. We will then no longer process your personal data for these purposes, unless our legitimate interest prevails in the individual case.

8. RIGHT OF WITHDRAWAL

Insofar as the processing of your personal data is carried out on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR, you have the right to revoke your consent at any time with effect for the future, e.g. by e-mail to service@westwing.de.

If you would like to assert one of the rights mentioned, you can also contact our external data protection officer at any time by e-mail at: anfrage@projekt29.de.

XIII. CHANGES TO THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy if necessary, for example, due to the use of new services or technologies. If fundamental changes are made, we will announce them on our website or by e-mail.

As of: November 2024