Privacy policy
1. Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data means any information that can be used to personally identify you.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is vT concept GmbH, Kurfürstenstraße 17, 10785 Berlin, Germany, Tel.: +49 30 26934519, E-mail: client@lilianvontrapp.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2. Data Collection When Visiting Our Website
2.1 For the purely informational use of our website, i.e., if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website:
Our visited website
Date and time of access
Amount of data sent in bytes
Source/referrer from which you reached the site
Browser used
Operating system used
IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 (1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. Your data will not be shared or used in any other way. However, we reserve the right to check the server log files retrospectively should concrete indications of unlawful use arise.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.
2.3 We work with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay in order to improve and market our products and services. Website usage data is captured using first- and third-party cookies and other tracking technologies to determine the popularity of products/services and online activities. We also use this information for website optimization, fraud/security purposes, and advertising. For more information on how Microsoft collects and uses your data, please refer to the Microsoft Privacy Statement.
3. Cookies
To make your visit to our website attractive and to enable the use of certain functions, we use cookies—small text files that are stored on your device. Some cookies are automatically deleted after closing the browser (“session cookies”), while others remain on your device longer and allow us to store your settings (“persistent cookies”). You can find the storage duration in your browser’s cookie settings overview.
If personal data is processed by cookies we use, the processing is carried out either in accordance with Art. 6 (1)(b) GDPR for contract performance, in accordance with Art. 6 (1)(a) GDPR in the case of consent, or in accordance with Art. 6 (1)(f) GDPR to protect our legitimate interests in the best possible functionality of the website and a user-friendly and efficient website experience.
You can configure your browser to notify you about the setting of cookies and decide individually whether to accept them, exclude them in certain cases, or block them altogether.
Please note that disabling cookies may limit the functionality of our website.
4. Contacting Us
4.1 WhatsApp Business
We give visitors of our website the option to contact us via the messaging service WhatsApp, provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the “Business Version” of WhatsApp.
If you contact us via WhatsApp regarding a specific business matter (e.g., an order), we store and use the mobile number you use on WhatsApp and—if provided—your first and last name in accordance with Art. 6 (1)(b) GDPR to process and respond to your inquiry. On the same legal basis, we may ask you for additional information (order number, customer number, address, or email address) to assign your inquiry to a specific transaction.
If you use the WhatsApp contact option for general inquiries (e.g., about our services, availability, or website), we store and use the mobile number you use on WhatsApp and—if provided—your first and last name in accordance with Art. 6 (1)(f) GDPR based on our legitimate interest in efficiently providing requested information.
Your data is used exclusively for responding to your inquiry via WhatsApp. It is not shared with third parties.
Please note that WhatsApp Business has access to the address book of the device we use and automatically transfers stored phone numbers to a server of Meta Platforms Inc. in the USA. We use a device whose address book contains only the WhatsApp contact details of users who have contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact details are stored has already consented to the transmission of their phone number to WhatsApp in accordance with Art. 6 (1)(a) GDPR by accepting WhatsApp’s terms of use on their device. No data is transmitted regarding individuals who do not use WhatsApp and/or have not contacted us through WhatsApp.
For information on the purpose and scope of data collection, further processing, and your rights and settings to protect your privacy, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
Data transfers to Meta Platforms Inc. in the USA may occur during the above-mentioned processing operations.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
4.2 When contacting us (e.g., via contact form or email), personal data is processed solely for the purpose of handling and responding to your inquiry and only to the extent necessary.
The legal basis for this processing is our legitimate interest in answering your inquiry in accordance with Art. 6 (1)(f) GDPR. If your inquiry is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1)(b) GDPR. Your data will be deleted once it can be inferred that the matter in question has been conclusively resolved and no statutory retention obligations apply.
5. Data Processing for Account Creation
In accordance with Art. 6 (1)(b) GDPR, personal data is collected and processed when you provide it to us for the opening of a customer account. The required data is specified in the input form on our website.
You may delete your customer account at any time by sending a message to the controller at the address provided above. Once your account is deleted, your data will also be deleted, provided all associated contracts have been fully processed, no statutory retention obligations apply, and we have no legitimate interest in further storage.
6. Use of Customer Data for Direct Advertising
6.1 Newsletter Subscription
When you subscribe to our email newsletter, we will regularly send you information about our offers. The only required data is your email address. Any additional information is voluntary and used to address you personally. We use the double opt-in procedure to ensure that you only receive the newsletter once you have confirmed your subscription by clicking a verification link sent to your email address.
By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6 (1)(a) GDPR. We store your IP address and the date and time of registration to trace any potential misuse of your email address. The data collected during newsletter subscription is used exclusively for sending the newsletter.
You can unsubscribe at any time via the link provided in the newsletter or by sending a message to the controller. After unsubscribing, your email address will be immediately removed from our newsletter mailing list unless you expressly consent to further use of your data or we are legally permitted to retain it as described in this declaration.
6.2 Klaviyo
Newsletter distribution is carried out by the following provider:
Klaviyo, 225 Franklin St, Boston, MA 02110, USA
Based on our legitimate interest in effective and user-friendly newsletter marketing, we transfer the data you provided during subscription to this provider in accordance with Art. 6 (1)(f) GDPR so they can distribute newsletters on our behalf.
With your express consent in accordance with Art. 6 (1)(a) GDPR, the provider also conducts statistical evaluations of newsletter campaigns using web beacons/pixels, measuring open rates and interactions. Device information (e.g., time of access, IP address, browser type, operating system) may also be collected but will not be merged with other datasets.
You may withdraw your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits unauthorized sharing with third parties.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework.
7. Data Processing for Order Handling
7.1 To fulfill the contract, we transfer personal data to the contracted transport company and the contracted financial institution in accordance with Art. 6 (1)(b) GDPR where necessary for delivery and payment.
If we owe you updates for goods with digital elements or digital products under the contract, we process the contact details you provided for your order (name, address, email address) to personally inform you of updates within the legally prescribed period, in accordance with Art. 6 (1)(c) GDPR.
We also work with the following service provider(s) to process your order. Personal data is transferred according to the information below.
7.2 Use of Payment Service Providers
– PayPal
One or more payment methods from:
PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg
If you select a PayPal payment method that requires you to pay in advance, the payment data you provide during checkout (name, address, bank/card details, currency, transaction number) and information about your order are shared with PayPal in accordance with Art. 6 (1)(b) GDPR solely for payment processing.
If you select a payment method where we pay in advance, you will also be required to provide additional personal information (name, address, date of birth, email address, telephone number, possibly alternative payment data). For our legitimate interest in assessing your ability to pay, this data is transferred to PayPal for a credit check in accordance with Art. 6 (1)(f) GDPR.
The credit report may include score values based on a recognized mathematical-statistical procedure, including but not limited to address data.
You may object to this data processing at any time by notifying us or PayPal. However, PayPal may still process your personal data if required for contractual payment processing.
– Shopify Payments
One or more payment methods from:
Shopify International Limited, Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland
If you choose a payment method requiring advance payment (e.g., credit card), your payment data and order details will be transferred to Shopify Payments solely for payment processing in accordance with Art. 6 (1)(b) GDPR.
8. Web Analytics Services
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google (Universal) Analytics uses cookies that store information, including your IP address, which Google truncates to prevent direct personal identification.
Data may be transmitted to Google LLC in the USA.
Google uses the collected data on our behalf to analyze website usage, compile activity reports, and provide related services. The shortened IP address will not be merged with other Google data. Analytics data is stored for two months and then deleted.
All processing described above occurs only with your express consent in accordance with Art. 6 (1)(a) GDPR. Without your consent, Google Analytics will not be used. You may withdraw consent at any time via the cookie-consent tool.
We have concluded a data processing agreement with Google.
Additional legal information is available here:
https://policies.google.com/privacy?hl=de&gl=de
https://policies.google.com/technologies/partner-sites
Demographic Features
Google Analytics may generate demographic statistics based on third-party advertising data, which cannot be linked to individuals and are deleted after two months.
Google Signals
With your consent, Google Signals may be used to generate cross-device reports if you have personalized ads enabled and your devices linked to your Google account.
UserIDs
If you have an account on this website and log in on different devices, Analytics may link activity across devices.
For US data transfers, Google participates in the EU-US Data Privacy Framework.
9. Site Functionality
Instagram Plugins
We use plugins from:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Plugins are initially deactivated via a “2-click” or “Shariff” solution.
Only when you activate a plugin by clicking do you consent (Art. 6 (1)(a) GDPR) to data transfer to Meta. This includes device information (IP address, browser, page history). If you are logged into Instagram, interactions will be published to your profile.
Data may also be transferred to Meta Platforms Inc. in the USA.
We have a data processing agreement with the provider, and they participate in the EU-US Data Privacy Framework.
10. Tools and Other Services
10.1 sevDesk
For accounting purposes, we use the cloud-based software of:
sevDesk GmbH, Hauptstraße 115, 77652 Offenburg, Germany
The provider processes invoices and possibly bank transactions to generate accounting records. Any personal data processed is handled in accordance with Art. 6 (1)(f) GDPR based on our legitimate interest in efficient business management.
10.2 Cookie-Consent Tool
This website uses a cookie-consent tool to obtain valid user consent for cookies and tracking technologies. Consent-dependent cookies are only activated when the user gives their consent. Technically necessary cookies are used to store preferences.
If personal data (e.g., IP address) is processed for storing or logging preferences, this is done in accordance with Art. 6 (1)(f) GDPR based on our legitimate interest in lawful cookie management, and Art. 6 (1)(c) GDPR based on legal obligations.
Additional information is available directly within the tool interface on our website.
11. Rights of the Data Subject
11.1 Under applicable data protection law, you have the following rights with respect to the processing of your personal data (conditions based on the cited legal bases):
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to notification (Art. 19 GDPR)
Right to data portability (Art. 20 GDPR)
Right to withdraw consent (Art. 7 (3) GDPR)
Right to lodge a complaint (Art. 77 GDPR)
11.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, WE MAY CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU MAY OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING. YOU MAY EXERCISE YOUR RIGHT AS DESCRIBED ABOVE.
IF YOU OBJECT, WE WILL STOP PROCESSING YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES.
12. Duration of Storage of Personal Data
The storage duration depends on the applicable legal basis, purpose of processing, and statutory retention periods (e.g., commercial or tax law).
For processing based on consent (Art. 6 (1)(a) GDPR), the data is stored until you withdraw your consent.
Data required for contract performance (Art. 6 (1)(b) GDPR) is stored according to legal retention periods, then deleted unless still needed.
For processing based on legitimate interests (Art. 6 (1)(f) GDPR), data is stored until you exercise your right to object (Art. 21 (1) GDPR), unless overriding legitimate grounds apply.
For direct marketing (Art. 6 (1)(f) GDPR), data is stored until you object (Art. 21 (2) GDPR).
Unless stated otherwise, personal data is deleted when no longer necessary for the purposes for which it was collected.
