Responsible for data processing is:

gitti GmbH

Saarbrücker Str. 36-38 / Prenzlauer Allee 248-251
10405 Berlin
Germany
datenschtutz@gitti.de

  

Thank you for your interest in our online shop. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your data.#

 

1. Access data and hosting

You can visit our websites without providing any personal information. Each time you access a website, the web server only automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the access, the amount of data transferred and the requesting provider (access data) and documents the access. This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving our services. This serves to protect our legitimate interests in the correct presentation of our offer, which outweigh our interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. All access data is deleted no later than seven days after the end of your visit to the site.

 

Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in designated forms on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with you, please use the contact option described in this privacy policy.

Our service providers are located in the following countries for which the European Commission has adopted a decision establishing an adequate level of data protection:Canada
Our service providers are located in these countries:USA
There is no adequacy decision by the European Commission for these countries Our cooperation with you is based on these guarantees: Standard data protection clauses of the European Commission

 

2. Data processing for contract processing, contacting and opening a customer account

We collect personal data if you voluntarily provide it to us in the context of your order or when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such because in these cases we need the data to process the contract or to process your contact and you cannot send the order or contact without providing it. Which data is collected can be seen from the respective input forms. We use the data you provide to process the contract and handle your enquiries in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO.
 Insofar as you have given your consent to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO by deciding to open a customer account, we will use your data for the purpose of opening a customer account. Further information on the processing of your data, in particular the transfer to our service providers for the purpose of order, payment and shipping processing, can be found in the following sections of this privacy policy. After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law in accordance with Art. 6 Para. 1 Sentence 1 lit. c DSGVO, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account.

 

3. Data processing for the purpose of shipment handling

In order to fulfil the contract in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Data transfer to shipping service providers for the purpose of shipping notification. If you have given us your express consent to do so during or after your order, we will pass on your e-mail address and telephone number to the selected shipping service provider on the basis of this consent in accordance with Art. 6 (1) sentence 1 lit. a DSGVO so that the shipping service provider can contact you before delivery for the purpose of announcing deliveries or coordinating deliveries.

Consent can be revoked at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

Alaiko GmbH
Sandstraße 33
80335 Munich
Germany


United Parcel Service Deutschland S.à r.l. & Co. OHG
Görlitzer Straße 1
41460 Neuss
Germany

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

FedEx Express Deutschland GmbH
Langer Kornweg 34k
65451 Kelsterbach


SEVEN SENDERS GmbH
Dirksenstraße 4
10179 Berlin


Use of special service providers for order processing and handling (fulfilment)

The order processing can also be carried out by a so-called fulfilment provider. Your name, address, all or parts of your ordered items and, if applicable, other personal data will be passed on to the fulfilment provider exclusively for the purpose of processing the online order in accordance with Art. 6 para. 1 sentence 1 lit. b DSGVO. Your data will only be passed on to the extent that this is actually necessary for the processing of the order, i.e. the processing of the contract. Consequently, the legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. b DSGVO (contract fulfilment) and our legitimate interest in the fastest and most effective purchase processing within the meaning of Art. 6 para. 1 sentence 1 lit. f DSGVO.

 

4. Data processing for payment handling

We work with these partners to process payments in our online shop: technical service providers, credit institutions, payment service providers.

 

4.1 Data processing for transaction processing

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, who work for us as part of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves the fulfilment of the contract according to Art. 6 para. 1 p. 1 lit. b DSGVO. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
 If you have any questions about our payment processing partners and the basis of our cooperation with them, please use the contact option described in this privacy policy.

4.2 Data processing for the purpose of fraud prevention and optimisation of our payment processes

If necessary, we give our service providers further data which they use together with the data necessary for the processing of the payment as our order processors for the purpose of fraud prevention and the optimisation of our payment processes (e.g. invoicing, processing of contested payments, accounting support). Pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, this serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests.

 

4.3 Identity and credit check when selecting Klarna payment services


Klarna Pay now (direct debit), Klarna Pay later (purchase on account), Klarna Slice it (hire purchase)
If you decide to use the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as Klarna), we ask you for your consent in accordance with Art. 6 (1) p. 1 lit. a DSGVO that we may transmit the data necessary for the processing of the payment and an identity and credit check to Klarna In Germany, the credit agencies named in Klarna's data protection declaration [https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy] may be used for the identity and credit check. Klarna uses the information about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option mentioned in this privacy policy. This may result in us no longer being able to offer you certain payment options. You can also revoke your consent to this use of personal data at any time vis-à-vis Klarna.

5. Advertising by e-mail

5.1 Canvassing existing customers by e-mail

If you make a purchase from us, we will also use your contact details to send you further information about our products that is relevant to you by email ("existing customer advertising"). This may include, in particular, news, promotions and offers as well as feedback and other surveys.

The legal basis for this data processing is Art. 6 para. 1 lit. f DSGVO in conjunction with Section 7 para. 3 UWG, according to which data processing is permissible in order to safeguard legitimate interests, insofar as this concerns the storage and further use of the data for advertising purposes.

In order to be able to provide you with exclusively relevant offers within the scope of the newsletter for existing customers, a customer segmentation is also carried out using the data you provided when placing your order. The legal basis for this processing is our aforementioned legitimate interest pursuant to Art. 6 Para. 1 lit. f DSGVO.

You can object to the use of your data for advertising purposes at any time by using a corresponding link in the e-mails or by notifying the above contact details (e.g. by e-mail or letter), without incurring any costs other than the transmission costs according to the basic rates.

5.2 E-mail newsletter with registration

If you register for our newsletter, we use the data required for this purpose or separately provided by you to regularly send you our email newsletter based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the list of recipients, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. 

5.3 Newsletter dispatch

The newsletter may alsobe sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with you, please use the contact option described in this privacy policy.
Our service provider, Klaviyo Inc (https://www.klaviyo.com/legal)may determine and analyse the reach of our newsletters. We can also see whether a newsletter message has been opened and which links, if any, have been clicked. This allows us to determine, among other things, which links were clicked on particularly often and were of particular interest to you and others. In addition, we can see whether certain predefined actions, e.g. a purchase, were carried out after opening/clicking (conversion rate). In addition, Klaviyo also enables us to subdivide the newsletter recipients according to various categories and to form so-called clusters. In doing so, the newsletter recipients can be subdivided according to different criteria. In this way, the dispatch of a newsletter can be better adapted to the respective target groups. Klaviyo is based in the USA (125 Summer Street, Boston, MA 02110 / USA) and processes your data on our behalf. This may also take place in the USA.  For the USA, there is currently no adequacy decision of the European Commission. Our cooperation is based on the standardised data protection clauses of the European Commission; these are integrated in the Data Processing Agreement that we have concluded with Klaviyo and can be found here. For further information on Klaviyo's data processing, please refer to the data protection information (Privacy Policy) of Klaviyo itself.

5.4 Canvassing existing customers by post


If you have concluded a contract with us, we will list you as an existing customer. In this case, we process your postal contact data in order to send you information about new products and services. The legal basis for this is Art. 6 para. 1 lit. f DSGVO in conjunction with § 7 para. 3 UWG.  You can object to the use of your data for advertising purposes at any time by notifying the above contact details (e.g. by e-mail or letter), without incurring any costs other than the transmission costs according to the basic rates.

 

6. Cookies and other technologies

6.1 General information

In order to make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser on your next visit (persistent cookies).
 We use such technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping cart function). These technologies collect and process IP address, time of visit, device and browser information as well as information on your use of our website (e.g. information on the contents of the shopping basket). This serves in the context of a balancing of interests of overriding legitimate interests in an optimised presentation of our offer in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO.
 In addition, we use technologies to fulfil the legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for the data processing, can be found in the following sections of this privacy policy.
 You can find the cookie settings for your browser at the following links:Microsoft Edge™ [https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies] / Safari™ [https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14] / Chrome™ [https://support.google.com/chrome/answer/95647?hl=de&hlrm=en] / Firefox™ [https://support.mozilla.org/de/products/firefox/protect-your-privacy/cookies] / Opera™ [https://help.opera.com/de/latest/web-preferences/#cookies
Insofar as you have consented to the use of the technologies in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy Alternatively, you can also access the following link: https://www.gitticonsciousbeauty.de/policies/privacy-policy. If you do not accept cookies, the functionality of our website may be limited. 

6.2 GDPR Legal Cookie Consent Management

On our website, we use the GDPR Legal Cookie App of beeclever GmbH to inform you about the cookies and the other technologies we use on our website, as well as to obtain, manage and document your consent, if required, to the processing of your personal data by these technologies. This is necessary pursuant to Art. 6 (1) p. 1 lit. c DSGVO to comply with our legal obligation under Art. 7 (1) DSGVO to be able to prove your consent to the processing of your personal data to which we are subject. GDPR Legal Cookie is an offer of beeclever GmbH, Universitätsstr. 3, 56070 Koblenz, Germany, which processes your data on our behalf.


 After you submit your cookie declaration on our website, the GDPR Legal Cookie web server stores the information provided by your anonymised IP address, the date and time of your declaration, browser information, the URL from which the declaration was sent, information about your consent behaviour and an anonymous random key. In addition, a cookie is used that contains the information about your consent behaviour and the key. Your data will be deleted after twelve months, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.


7. Use of cookies and other technologies for web analysis and advertising purposes

Insofar as you have given your consent to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, we use the following cookies and other third-party technologies on our website. After the end of the purpose and the end of the use of the respective technology, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your revocation options can be found in the section "Cookies and other technologies". Further information including the basis of our cooperation with the individual providers can be found in the individual technologies. If you have any questions about the providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

7.1 Use of Google services

We use the technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), as described below. The information automatically collected by Google technologies about your use of our website is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on the standard data protection clauses of the European Commission. If your IP address is collected via Google technologies, it will be shortened before being stored on Google's servers by activating IP anonymisation. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise stated for the individual technologies, data processing is carried out on the basis of an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 DSGVO. Further information on data processing by Google can be found in Google's privacy policy [https://policies.google.com/privacy?hl=de].

Google Analytics

We use Google Analytics 4 on our website, a web analytics service provided by Google Ireland
Limited, Gordon House, Barrow Street, Dublin 4, Irelandhereinafter: "Google")
 In this context, pseudonymous usage profiles are created and cookies are used. The information generated by the cookie about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is usually transmitted to Google servers in the USA and processed there.

Google Analytics is used within the scope of your consent according to (Art. 6 para. 1 sentence
1 lit. a DSGVO in connection with § 25 para. 1 TDDSG) in the analysis and optimisation of our
online offer as well as the economic operation of this websiteTherefore, Google processes the
information on our behalf in order to evaluate the use of the website, tocompilereports on
website activities and toprovide usfurtherservices associateduse of the website and the
internet for the purposes of market research and
designing these internet pages to meet our needs

We have concluded an order processing contract with Google for the use of Google Analytics. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject. The IP address processed by Google Analytics is automatically shortened. In doing so, the last three digits of your IP address are replaced by a "0", which prevents attribution. If necessary, the collected data will be transferred to third parties if this is required by law or if third parties process this data on behalf. The user data collected via cookies is automatically deleted after 2 months. Note: The information generated by the cookies about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transmitted to Google servers in the USA and processed there. The USA are so-called unsafe third countries. This means that there is no adequacy decision by the European Commission for the USA. Your data is therefore not subject to a level of data protection in the USA comparable to that in the EU. Google relies on the transmission of standard contractual clauses approved by the EU Commission as a guarantee of a level of data protection comparable to that in the EU. You can obtain a copy of the standard contractual clauses here. You can revoke or adapt your consent at any time with effect for the future. Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help. Information on Google's use of data can be found in their privacy policy.

For web analysis, the Google Analytics Google Signals extension function enables so-called "cross-device tracking". Insofar as your internet-enabled devices are linked to your Google account and you have activated the "personalised advertising" setting in your Google account, Google can generate reports on your usage behaviour (in particular cross-device user figures), even if you change your terminal device. We do not process personal data in this respect; we only receive statistics generated on the basis of Google Signals.

For web analysis and advertising purposes, the extension function of Google Analytics enables the so-called DoubleClick cookie to recognise your browser when you visit other websites. Google will use this information to compile reports on website activity and to provide other services related to website usage.

Google Ads

For advertising purposes in Google search results as well as on third-party websites, the so-called Google Remarketing Cookie is set when you visit our website, which automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information as well as information on your use of our website) and by means of a pseudonymous cookie ID and on the basis of the pages you visit. Any further data processing will only take place if you have activated the "personalised advertising" setting in your Google account. In this case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.
 For website analysis and event management, we measure your subsequent usage behaviour via Google Ads Conversion Tracking if you have reached our website via an advertisement from Google Ads. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information as well as information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter) may be collected, from which usage profiles are created using pseudonyms.

Google Recaptcha

For the purpose of protecting against misuse of our web forms and spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information and information on your use of our website) and analyses your use of our website by means of a so-called JavaScript and cookies. In addition, other cookies stored by Google services in your browser are evaluated. No personal data is read or stored from the input fields of the respective form.

 

7.2 Use of meta services

Use of Meta Pixel

We use the Meta Pixel as part of the technologies of Meta Platforms Ireland Ltd [https://about.meta.com/de/metaverse/], 4 Grand Canal Square, Dublin 2, Ireland ("Meta") described below. The Meta Pixel automatically collects and storesdata (IP address, time of visit,device and browser information as well as information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter, from which usage profiles are created using pseudonyms. In the context of so-called extended data matching, information that can be used to identify individuals (e.g. names, e-mail addresses and telephone numbers) is also collected and stored in hashed form for matching purposes. To this end, when you visit our website, the Meta Pixel automatically sets a cookie which, by means of a pseudonymous cookie ID, enables your browser to be recognised when you visit other websites. Meta will combine this information with other data from your Meta account and use it to compile reports on website activity and to provide other services related to website use, in particular personalised and group-based advertising.
 The information automatically collected by Meta Technologies about your use of our website is usually transmitted to and stored by Meta Platforms, Inc. on a server at 1601 Willow Road, Menlo Park, California 94025, USA. There is no adequacy decision of the European Commission for the USA. If the transfer of data to the USA falls within our responsibility, our cooperation is based on standard data protection clauses of the European Commission. Further information on data processing by Facebook can be found in Facebook's privacy policy [https://www.facebook.com/privacy/policy/].

Meta Analytics

As part of Meta Analytics, statistics on visitor activity on our website are created from the data collected with the Meta Pixel about your use of our website. The data processing is carried out on the basis of an agreement on commissioned processing by Meta. Their analysis serves the optimal presentation and marketing of our website.

Meta Platform Ads


We advertise this website on Meta as well as on other platforms via Meta Ads. We determine the parameters of the respective advertising campaign. Meta is responsible for the exact implementation, in particular the decision on the placement of the ads with individual users. Unless otherwise stated for the individual technologies, data processing is carried out on the basis of an agreement between joint controllers pursuant to Art. 26 DSGVO. The joint responsibility is limited to the collection of the data and its transmission to Meta. The subsequent data processing by Meta is not covered by this.
 On the basis of the statistics on visitor activity on our website compiled via Meta Pixel, we operate group-based advertising on Meta via Meta Custom Audience by determining the characteristics of the respective target group and in order to display the Meta Ads placed by us only to those Meta users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the web pages visited), which we transmit to Meta (so-called "Meta Custom Audiences"). This allows us to ensure that our Meta Ads match the potential interest of users and are not harassing. In addition, we can evaluate the effectiveness of the meta ads for statistical and market research purposes by tracking whether a user was redirected to our website after clicking on a meta ad (so-called "conversion").

The data collected is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the Meta Platform Data Usage Policy (https://www.facebook.com/about/privacy/). The data may enable Meta and its partners to place advertisements on and outside of Meta.

Based on the pseudonymous cookie ID set by the Meta Pixel and the data collected about your usage behaviour on our website, we operate personalised advertising via Meta Pixel remarketing. 

The data processing associated with the use of the meta pixel is only carried out with your express consent in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. 

7.3 Other providers of web analytics and online marketing services

Use of Hotjar for web analysis

For the purpose of website analysis, technologies provided by Hotjar [https://www.hotjar.com]Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta ("Hotjar") automatically collect and store data (IP address, time of visit, device and browser information as well as information on your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. The pseudonymised usage profiles are not combined with personal data about the bearer of the pseudonym without your express consent, which must be given separately. Hotjar acts on our behalf.

Use of Pinterest tag for web analysis and advertising purposes 

For web analytics and advertising purposes on Pinterest and third party websites, when you visit our website, Pinterest Europe Ltd [https://www.pinterest.de/]., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest") automatically collects and processes data (IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter) and enables interest-based advertising by means of a pseudonymous cookie ID and based on the pages you visit. The data collected is used to create pseudonymous usage profiles. Pinterest will combine this information with other data from your Pinterest account and use it to compile reports on website activity and to provide other services related to website use. We have no influence on the data processing by Pinterest and only receive statistics generated on the basis of Pinterest Tag. In this way, we measure your subsequent usage behaviour for website analysis and event tracking if you have arrived at our website via an advertisement from Pinterest. The information automatically collected by Pinterest is usually transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. The data processing takes place on the basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO.

Criteo Building Block

 We use the retargeting technology of Criteo SA, 32 Rue Blanche, 75009 Paris. This enables us to show you advertisements on third-party sites (so-called publishers) for products that you have viewed on our website or in the shop. For this purpose, Criteo collects information about your usage behaviour through the use of tracking technologies (e.g. cookies that are placed in your browser), as well as through the use of advertising IDs in environments that do not support cookies - for example, apps. These technologies enable Criteo to identify and analyse trends and purchase interest, and to identify the interests of individual users in relation to websites and apps, thereby tagging visitors to its partners' websites and apps. The identification of users is done by assigning a technical, unique ID. Criteo, on the other hand, does not collect any personal data that makes identification possible, such as names or addresses. Criteo only analyses the products viewed or the search behaviour and the pages visited on the websites of partners for which Criteo delivers advertising. In order to deliver personalised interest-based advertising to you, Criteo may synchronise the IDs of the different browsers you use. ("ID synchronisation") and is thus able to always show you the most relevant ads - regardless of the browser or end device used - without Criteo having to collect and process personal data such as names or addresses for this purpose. For this purpose, Criteo uses linking methods based on the technical data collected by means of the Criteo technologies used; among other things, the user is recognised pseudonymously by means of an encrypted (non-recoverable) e-mail address. Further information: https://www.criteo.com/de/privacy/how-criteo-services-work-across-environments/

You can find more information about Criteo's data protection at https://www.criteo.com/de/privacy/.

The legal basis for this data processing is Article 6(1)(a) DSGVO.

We only use the cookies required for this service (so-called marketing cookies) with your consent. You can object to the processing of your data for the pseudonymous analysis of your surfing behaviour by Criteo at any time by using the following link to opt out: at https://www.criteo.com/de/privacy/ or by revoking your consent in the preferences and settings under "Cookie settings".

We use the retargeting technology of Criteo SA, 32 Rue Blanche, 75009 Paris. This enables us to show you advertisements on third-party sites (so-called publishers) for products that you have viewed on our website or in the shop. To do this, Criteo collects information about your usage behaviour through the use of tracking technologies (e.g. cookies placed in your browser), as well as through the use of advertising IDs in environments that do not support cookies - for example, apps. These technologies enable Criteo to identify and analyse trends and purchase interest, and to identify the interests of individual users with respect to websites and apps, thereby tagging visitors to its partners' websites and apps. Users are tagged by assigning them a technical, unique ID. Criteo, on the other hand, does not collect any personal data that makes identification possible, such as names or addresses. Criteo only analyses the products viewed or the search behaviour and the pages visited on the websites of partners for which Criteo delivers advertising. In order to deliver personalised interest-based advertising to you, Criteo may synchronise the IDs of the different browsers you use. ("ID synchronisation") and is thus able to always show you the most relevant ads - regardless of the browser or end device used - without Criteo collecting and processing personal data such as names or addresses for this purpose. For this purpose, Criteo uses linking methods based on the technical data collected by means of the Criteo technologies used, among other things, the user is recognised pseudonymously by means of an encrypted (non-recoverable) e-mail address. Further information:

https://www.criteo.com/de/privacy/how-criteo-services-work-across-environments/ Further information on data protection at Criteo can be found at https://www.criteo.com/de/privacy/. The legal basis for this data processing is Article 6(1)(a) DSGVO. We only use the cookies required for this service (so-called marketing cookies) with your consent. You can object to the processing of your data for the pseudonymous analysis of your surfing behaviour by Criteo at any time by using the following unsubscribe link: at https://www.criteo.com/de/privacy/ or revoke your consent in the preferences and settings under "Cookie settings".

Use of Mable for web analysis and advertising purposes

On our website we have integrated a tool from Mable GmbH, Kaiserstraße 88, 76133 Karlsruhe. (hereinafter referred to as "Mable"). Mable enables us, in the interest of the user and to improve the user experience, to better analyse and control our data flows, in particular which data is passed on to third parties. It also allows us to independently evaluate this data according to our criteria. When we work with certain partners, e.g. for the purpose of online marketing, this often requires the integration of code components that result in a direct server connection and the collection of personal data of our website users by the partner, which may not be controllable by us. In this case, we often have no control over the data collected by third parties or the data flows. Mable allows us to embed partners without integrating their code into our website. In this case, a direct server connection to the website users by the third party is not required, but instead of the direct server connection, the partner only receives aggregated data, if any, from us.

Live chat tool Dixa

If you use the live chat tool Dixa [https://www.dixa.com] to contact us, the data you voluntarily enter there (name, email address, message) will be processed by us in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO for the purpose of answering the enquiry within the framework of contract processing. In addition, the use of this tool serves to protect our legitimate interests in effective and improved customer communication in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO, which prevail in the context of a balancing of interests. The data will subsequently be deleted. The live chat tool is provided by Dixa ApS, company no. 36561009, Vimmelskaftet 41A, 1 Sal., 1161 Copenhagen, Denmark, which acts on our behalf. This service provider is located within a country of the European Union or the European Economic Area.

Zenloop customer feedback

For the purposes of customer and product evaluations by our customers and for our own quality management, we use the personal data provided by you as part of the purchase, such as the e-mail address to request an evaluation of your order via the evaluation system used by us.
 By agreeing to this privacy policy at the end of the ordering process, you consent to us sending you an e-mail to the e-mail address you have provided with a request to submit a rating after your order has been processed. You can revoke this consent at any time by sending an informal message by e-mail to datenschutz@gitti.de.

Zenloop as data processor

We work with zenloop GmbH, Erich-Weinert-Strasse 145, 10409 Berlin. zenloop is a business-to-business software-as-a-service platform that allows us to collect and analyse feedback from our customers through various channels. This allows us to align and improve our offering to the needs of our customers. In addition, zenloop collects your survey responses.
 The legal basis for data processing by zenloop is Art. 6 para. 1 lit. f DSGVO.
 We have concluded a commission processing agreement with zenloop in accordance with Art. 28 (3) DSGVO and are satisfied that zenloop implements appropriate technical and organisational measures in such a way that the processing is carried out in accordance with the requirements of the DSGVO and the protection of your rights is guaranteed
 You can find more information on this in the privacy policy at www.zenloop.com.

Zenloop Forwarding of respondents (promoters) to rating portals/review platform

You can be redirected to a review platform after submitting your review, where you can post your review publicly

Trustpilot

gitti GmbH may contact you by email to invite you to rate services and/or products you have received from us [in order to collect your feedback and improve our services [and products]] (the "Purpose").
 We use an external company, Trustpilot A/S ("Trustpilot"), to collect your feedback, which means that we share your name, email address and reference number with Trustpilot for this purpose. If you would like to read more about how Trustpilot processes your data, you can find their privacy policy here: https://uk.legal.trustpilot.com/for-reviewers/end-user-privacy-terms.
 gitti GmbH may also use such reviews in other promotional materials and media for our advertising and promotional purposes.  

Salesforce

To website analysis, technologies of Salesforce, Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States are used, among other things for the administration of our customer database (CRM) and for internal analyses of daily performance. The data processing associated with the use of Salesforce is only carried out with your express consent in accordance with Art. 6 para. 1 lit. a GDPR and only for as long as it is required for the purpose. You can revoke your consent at any time with effect for the future. Data processing is carried out based on an order processing agreement that we have concluded with Salesforce. Further information on the use of Salesforce can be found in Salesforce's privacy policy: https://www.salesforce.com/company/privacy/


8. Social media

8.1 Social Plugins from Meta, Instagram, Pinterest, Whatsapp

Social buttons from social networks are used on our website. These are only integrated into the page as HTML links, so that no connection is established with the servers of the respective provider when our website is called up. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There you can click on the Like or Share button, for example.

8.2 Our online presence on Meta, Instagram, Youtube, Pinterest, Linkedin, TikTok

Insofar as you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, when you visit our online presences on the social media mentioned above, your data is automatically collected and stored for market research and advertising purposes, from which usage profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to the data protection notices of the providers linked below. Should you still require assistance in this regard, you can contact us.
 Meta [https://www.facebook.com/about/privacy/]is an offer of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Meta") The information automatically collected by Meta about your use of our online presence on Meta is generally transmitted to a server of Meta Platforms, Inc, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation is based on standard data protection clauses of the European Commission. Data processing in the context of visiting a Meta Fanpage takes place on the basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. Further information (information on Insights data) can be found here [https://www.facebook.com/legal/terms/information_about_page_insights_data].
 Instagram [https://help.instagram.com/519522125107875] is an offer of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Meta") The information automatically collected by Meta about your use of our online presence on Instagram is usually transmitted to a server of Meta Platforms, Inc, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation is based on standard data protection clauses of the European Commission. Data processing in the context of a visit to an Instagram fan page takes place on the basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. Further information (information on Insights data) can be found here [https://www.facebook.com/legal/terms/information_about_page_insights_data].
 YouTube [https://policies.google.com/privacy?hl=de] is a service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our online presence on YouTube is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on the standard data protection clauses of the European Commission.
 Pinterest [https://about.pinterest.com/de/privacy-policy]is an offer of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). The information automatically collected by Pinterest about your use of our online presence on Pinterest is generally transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on the standard data protection clauses of the European Commission.
 LinkedIn [https://www.linkedin.com/legal/privacy-policy]is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is usually sent to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation is based on the standard data protection clauses of the European Commission.
TikTok, Mailing Address: TikTok Inc, Attn: TikTok Legal Department 10100 Venice Blvd, Suite 401, Culver City, CA 90232, USA
Contact TikTok:https://www.tiktok.com/legal/report/privacy
 Privacy Policy: https://www.tiktok.com/legal/privacy-policy

9 Contact options And your rights 

As a data subject you have the following rights

 * in accordance with Art. 15 of the GDPR, the right to request information about your personal data processed by us to the extent specified therein;
 * in accordance with Art. 16 of the GDPR, the right to request without undue delay the rectification of inaccurate or incomplete personal data held by us;
 * in accordance with Art17 DSGVO the right to request the erasure of your personal data stored by us, unless further processing *    necessarythe exercise of the right to freedom of expression and information;
    * for compliance with a legal obligation;
    * for reasons of public interest or
* for the establishment, exercise or defence of legal claims;

 pursuant to Art18 DSGVO the right to request the restriction of the processing of your personal data, insofar as * the accuracy of the data    isdisputed
* the processing is unlawful, but you object to its erasure;
    * we no longer need the data, but you require it for the assertion, exercise or defence of legal claims or
    * youprocessingof your personal datapursuant to Art21 DSGVO to object to the processing;

 * pursuant to Art. 20 DSGVO the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
 * pursuant to Art. 77 DSGVO the right to lodge a complaint with a supervisory authorityAs a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
 If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of consent given or objection to a certain use of data, please contact us directly using the contact details in our imprint.

Data Protection Officer:

KOMADA Consult UG (haftungsbeschränkt)
c/o MTK3
Budapester Straße 5
10787 Berlin
koehler@komada.de

Right of objection


Insofar as we process personal data as explained above in order to protect our legitimate interests which prevail in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object on grounds relating to your particular situation.
 After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
 This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.

gitti Conscious Beauty News.

Subscribe to our newsletter and you will receive 15% off your next order.

Pay by

Visa
PayPal
Amazon
Mastercard
Apple Pay
Klarna
SOFORT
Shop Pay

Pay by

Visa
PayPal
Amazon
Mastercard
Apple Pay
Klarna
SOFORT
Shop Pay