Data Privacy Notice
This is where you can find out what personal data we collect from you when you visit our website, what the website does with it, and how we protect your data. We will also inform you about the rights you have when it comes to protecting your data.
I. Who is responsible for this website?
The responsible party under the Data Protection Act is:
Heilbrunner Knolle GmbH
(subsequently also referred to as “we”).
II. What’s it about?
When we process your personal data, this means that we collect, store, transmit, delete, or use it in another form. By personal data we mean information on individuals, for example on
– visitors to our website,
– visitors we reach via our newsletter,
– all other persons who are in contact with us, e.g. employees of our business partners or our service providers.
III. How we process your data when you visit our website?
1. Information we need to display the site to you and to ensure its stability and security
When using the website for information purposes only, we process the following data that is technically necessary to display the website to you and to guarantee its stability and security:
– IP address of the accessing computer
– name of the retrieved file
– date and time of retrieval
– amount of data transferred
– notification of successful retrieval
– browser type and version as well as the operating system you are using
– referrer URL
– requesting provider
– screen resolution
The data mentioned above is processed on the basis of a balancing of interests in accordance with article 6, paragraph 1, sentence 1, point (f) of the GDPR.
a) Purpose and scope of data processing
Technically required cookies:
We use technically required cookies to make the use of this website safer and more user-friendly. Among other things, these cookies can ensure the availability of content and prevent the repeated loading of content. Some elements of this website also require that the requesting browser can be identified even after a page change. The data collected from you using these technically necessary cookies will not be used to create user profiles. The following data is stored and transmitted in the cookies:
– current session ID
– use of certain website content, e.g. frequency or extent of use
– taking note of certain website contents, e.g. product information
– language settings
Most of the technically required cookies we use are so-called “session cookies.” The data stored and transmitted in it will be automatically deleted at the end of your visit. Other cookies (“persistent cookies”) are usually stored on your end device until you delete them.
This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA (“Google”).
The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
However, as part of the IP anonymization activated for this website, your IP address will be shortened by Google within member states of the European Union or in other signatories to the Agreement on the European Economic Area beforehand.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google will use this information on our behalf to analyze your use of the website, to compile reports on website activity, and to provide us with other services relating to website and internet use.
The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data.
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are further processed in abbreviated form so that they cannot be linked to a particular individual. Insofar as the data collected about you is personally identifiable, it will be excluded immediately and the personally identifiable data will be promptly deleted.
We use Google Analytics to analyze and improve the use of this website on a regular basis. Using the statistics we acquire, we can improve our service to you and make it more interesting for you as a user. In the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The information for the provider of Google Analytics can be found here: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Fax: +353 (1) 436 1001. You can view the terms of service here:
You can prevent Google from collecting the data related to your use of the website generated by the cookie (including your IP address) and Google’s processing of this data by downloading and installing the browser plug-in available at the following link:
You can also prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will then be set to prevent future collection of your data when you visit this website:
b) Legal framework, ways to opt out, and removal options
The processing of data by means of cookies is based on a balance of interests that always also takes your interests into account (article 6, paragraph 1, sentence 1, point (f) of the GDPR). Our legitimate interest in the processing lies in the aforementioned purposes of the use of the respective cookies.
Information on specific ways to opt out of the use of analytic cookies can be found above in the corresponding description of the cookie. You can also usually set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close your browser. You can delete cookies that have already been saved at any time. When cookies are deactivated, the functionality of this website may be limited.
3. Integrated content and use by other providers
We have integrated products from the following partners into our shop:
&OtherStories, 24 Sevres, 3×1 NYC, 7 For All Mankind, A.L.C, ABOUT YOU, Acne Studios, adidas, Adore Beauty, aeyde.com, AHAlife, Amara, Amazon, Anine Bing, Anthropologie, Anya Hindmarch, Asos, Assouline, Aveda, Avenue 32, AYR, Balenciaga, Banana Republic, Band of Jules, Bandier,Barneys New York, Beauty Expert,Beautylish, Bed Bath & Beyond, Bergdorf Goodman, Birkenstock.com – Offizieller Onlineshop, Bloomingdale’s, Blue & Cream, Bonanza, Boozt, Boutique 1, Breuninger, Browns Fashion, Burberry, Chairish, Chanel, Inc., Charlotte Tilbury, Cheap Monday, Closed, Coach, Coggles, Content Beauty, Converse, Cult Beauty, Cult Gaia, Davines, USA, DaWanda, Dermstore, Dolls Kill, Douglas Parfümerie, dsq206, EDITED, Ethical Superstore, Etsy, eVitamins, FarFetch, Feelunique, Fendi, Flaconi Online-Beauty-Shop, Folica, Forzieri, Free People, Ganni, Gilt, Glamloop, Glossier, goop, Gucci, H&M, Harrods, Harvey Nichols, Hat World / Lids, HQhair.com, Hypebeast, Iris von Arnim GmbH, Italist, J.Crew US, Jane, Jildor Shoes, John Lewis, Joseph, Kauf Dich Glücklich, La Redoute, Lane Crawford, LEVI’S, Liberty, LIEBESKIND Berlin, LODENFREY, Look Fantastic, ludwigbeck.de, Luisaviaroma, Lululemon, Macys, Madeindesign IT, MANGO, Mansur Gavriel, Marissa Collections, Marks & Spencer, Mary Katrantzou, Matchesfashion, Matt & Nat, MDC Cosmetic, Milanoo, Missoma, Moda Operandi, Modcloth, Mode Sportif, Mr Porter, Mycare, Mytheresa, NA-KD, Natural Collection, navabi, navabi, Need Supply Co., Neiman Marcus, Net-a-Porter, Niche Beauty, Niche Men, Nike , Nordstrom, notonthehighstreet.com, Nowlet, Offspring, Orchard Mile, OTTO, Outdoor Voices, Overstock, Parfumdreams, Perfume, Point Rouge, rag + bone, Ralph Lauren, RayBan BR, Reebonz, Rent The Runway, Rêve En Vert Limited, REVOLVE, Revolve Clothing, Rosegal, Royal Design, rubbersole, Ruelala, Saks Fifth Avenue, Sandro Paris, Sarenza, Saturdays Surf LLC, Schuh, Schuurman Schoenen, Schwab DE, Scotch & Soda, Selfridges, Sephora, Shopbop, Six:02, size?, Skin Store, SmartBuyGlasses DE, Sneaker Baas UK, Space NK, Spring, SSENSE, Stella McCartney, style.com, Stylebop, Sunspel Menswear Ltd, Superga, Tessabit Stores, The Detox Market, The Dreslyn, The Hut, The Line, The Modist, The Outnet , The Real Real, Inc., The Sports Edit, The Tot, The Undone, The Webster, Tictail, Timberland, Tommy Hilfiger, TOWER London, Unger-Fashion.com, UNIQLO, Urban Outfitters, Vans, Vestiaire Collective, Voo Store, WallpaperSTORE*, Wayfair, Weekday, West Elm, Westwing Home and Living, Williams-Sonoma, Wolford, Yoox, Zadig et Voltaire, Zalando, Zappos, Zest Beauty, zulily
Please note that our partners have their own privacy policies. These can usually be found on the respective partner pages. We are not responsible for the data protection provisions or the data processing of our partners.
The forwarding of your data within the scope of the use of our shop is based on a balance of interests that always also takes your interests into account (article 6, paragraph 1, sentence 1, point (f) of the GDPR).
Social Media Plugins
Our website uses so-called social media plugins (“plugins”) for Facebook, Twitter, Instagram, Google+, and Pinterest.
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). An overview of Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins/
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). An overview of the Twitter buttons and their appearance can be found here:
Instagram is operated by Instagram LLC, represented by Kevin Systrom and Mike Krieger, 1601 Willow Rd, Menlo Park CA 94025, USA
Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). An overview of Google plugins and their appearance can be found here: https://developers.google.com/+/web/
Pinterest is operated by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA (“Pinterest”).
The aforementioned companies are subsequently also referred to as “providers.”
In order to increase the protection of your data when you visit our website, the plugins are integrated into the site using the so-called “2-click solution” from Heise Online. This integration ensures that no connection to the servers of the respective providers is established when a subpage of our website containing such plugins is retrieved. Only when you activate the plugins, and in doing so give your consent to data transmission, will your browser establish a direct connection to the servers of the activated providers. The content of the respective plugin is then transmitted from the corresponding provider directly to your browser and integrated into the page. By integrating the plugins, the providers receive information that your browser has retrieved the corresponding subpage of our website, even if you do not have a profile with the corresponding provider or are not currently logged in to the service of the respective provider. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider, possibly in the USA, and stored there.
If you are logged in to one of the services of the providers, the providers can directly assign the visit to our website to your profile/account with the respective provider. If you interact with the plugins, for example clicking the “Like” button or the “Twitter” button, the corresponding information is also transmitted directly to a server of the providers and stored there. The information is also published on the social network or on your social media account and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights and the privacy protection setting options can be found in the providers’ data protection notices:
If you do not want the providers to assign the data collected via our website directly to your profile/account in the respective service, you must log out before activating the plugins on the corresponding service.
Your data will be processed on the basis of a balance of interests that always takes your interests into account (article 6, paragraph 1, sentence 1, point (f) of the GDPR).
You can subscribe to our newsletter via this website. We use it to inform you about news and offers. We will only send the newsletter with your consent or on the basis of a legal permission.
We use the so-called double opt-in procedure to register for the newsletter. This means that after you register, we send an email to the email address you gave us in which we ask you to confirm your registration. If you do not confirm your registration within the period specified in the email, your information will be automatically deleted. If you confirm your registration within the specified time, your email address will be stored for the purpose of sending you the newsletter.
In addition, we store your IP address and the time of registration and confirmation. The purpose of this practice is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
You can object to the use of your email address for sending the newsletter at any time, i.e. revoke your consent. You will find a link to unsubscribe from our newsletter at the end of each newsletter.
The legal basis for the data processing is article 6, paragraph 1, sentence 1, point (f) of the GDPR.
IV. Who receives your data?
We only pass on information about your visit to our website if this is permitted by law or if you have given your consent.
Service providers used by us may also receive such data if they meet our special confidentiality requirements. These could especially be companies in the categories of IT services and consulting.
V. When will your data be deleted?
If we no longer need the data mentioned in this declaration for its original purpose, it will be deleted. Anything to the contrary shall only apply if its – limited – further processing is necessary for other purposes.
VI. Will your data be transferred to a third country or an international organization?
Data that we receive from visits to this website is not transmitted to international organizations or third countries (countries outside the European Economic Area – EEA). For the transmission of pseudonymised data via analysis services, see “analytical cookies” above.
VII. What rights do you have when it comes to processing your data?
You have the following rights with us regarding your personal data:
– right to information,
– right to correction or deletion,
– right to limitation of processing,
– right to data transfer,
– Right to revoke consent given.
Information about your right of objection in accordance with article 21 of the GDPR
1. Right to objection on a case-by-case basis
You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation, which is based on article 6, paragraph 1, sentence 1, point (e) of the GDPR (data processing in the public interest) and article 6, paragraph 1, sentence 1, point (f) of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision in accordance with article 4, no. 4 GDPR.
If you object, your personal data will no longer be processed by us unless we can prove compelling reasons for the processing that are worthy of protection and which outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
2. Objection to the processing of your data for our direct marketing purposes
In particular cases we will process your personal data for direct advertising. You have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such direct advertising.
If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes.
The objection is not subject to form requirements and should be addressed to:
Heilbrunner Knolle GmbH
In connection with the processing of your personal data, you also have a right of appeal to the following supervisory authority responsible for us with regard to the protection of personal data:
Die Berliner Beauftragte für Datenschutz und Informationsfreiheit
VIII. Will your data be used for automated decision-making or profile building?
Data from visits to this website will not be used for automated decision-making in accordance with article 22 of the GDPR.