Privacy policy

We take data protection seriously. The protection and security of your personal data, i.e. all data that relates to you (hereinafter "personal data"), is our top priority.

We therefore treat all data that you entrust to us with the utmost care and in accordance with the applicable data protection regulations, namely the General Data Protection Regulation (hereinafter "GDPR") and the applicable national data protection laws.

Below you can find out which of your data we collect, how we collect it and on what legal basis, for what purpose we use it, how we protect it and what rights you have in relation to its processing.

I. DATA CONTROLLER

The controller for the processing of your personal data when you visit our website at www.westwing.lu or our app, including the sale of goods and the provision of services offered by us, as well as our Westwing accounts on the social media platforms "Facebook", "Instagram", "TikTok" and "Pinterest", among others, within the meaning of the GDPR, is the:

Westwing GmbH, Moosacher Straße 88, 80809 Munich, Germany, E-mail address: service@westwing.gr (hereinafter "Westwing" or "we").

Westwing and Westwing Group SE, Moosacher Straße 88, 80809 Munich, are also joint controllers with respect to the processing of personal data in some cases. Against this background, Westwing and Westwing Group SE have defined in an agreement pursuant to Art. 26 GDPR which of them fulfills which data protection obligations.

II. DATA PROTECTION OFFICER

You can also contact our external data protection officer, Mr. Christian Volkmer, and his team at any time if you have any questions about data protection:

Mr. Christian Volkmer Project 29 GmbH & Co KG Ostengasse 14 93047 Regensburg Phone: 0941 2986930 Fax: 0941 29869316 E-Mail: anfrage@projekt29.de Website: www.projekt29.de

III. CATEGORIES OF PERSONAL DATA

The personal data collected when you visit our website, our app or our social media accounts may fall into the following categories:

Data collected when you browse our website or app, depending on which of our cookies you have consented to (e.g. login information, i.e. the date and time you logged in to our website, language settings, products in your shopping cart, or data on your preferences, e.g. in relation to product categories),
Data that is collected when you create your customer account (e.g. your name, your address, your e-mail address, your desired title (if provided by you), your telephone number (if provided by you), your encrypted password for the customer account),
Data processed in connection with your order (e.g. on the products you have purchased or the services you have used and payment information transmitted to us),
Data from you that is collected when you contact us (e.g. your name, your e-mail address, your telephone number, your customer, order and article number, as well as any other information that you transmit to us),
Data about you that we transmit to our external service providers in certain cases in order to communicate with you on our website or in our app and to personalize the communication (e.g. your name, your e-mail address or products you are interested in based on your surfing behavior),
Data collected when you consent to receiving newsletters, customer satisfaction surveys, product reminders and your behavior in relation to the content of our promotional emails (e.g. opening the newsletter or clicking on a link in the newsletter),
Data about you that we receive from our cooperation partners in certain cases (e.g. from credit agencies, technical service providers, debt collection service providers or payment service providers),
Data that we process for participation in competitions (e.g. your name and e-mail address),
statistical or aggregated data about your usage behavior on our social media accounts,
Data about you that we receive from a friend or other contact who would like to invite you to use our website or our app (e.g. your e-mail address).

IV. PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA

We use your personal data for various purposes, namely e.g:

for the purpose of providing certain technical functions on our website and in our app (e.g. to store your goods in the shopping cart) and to protect our website and our app,
for the purpose of analyzing your behavior on our website in order to optimize our offer and our contributions for you and to make them more interesting,
for the purpose of creating a customer account,
for the execution and processing of orders for goods and services placed with us (e.g. for the dispatch of goods),
to contact you (e.g. to answer any questions you may have, to send you order confirmations and order notifications or to inform you about changes that are important to you, e.g. to the applicable General Terms and Conditions or this Privacy Policy),
for advertising and marketing purposes (e.g. to send you our newsletter, to inform you about vouchers or special promotions, to remind you of your shopping cart history, to send you product evaluation and opinion surveys or for other similar advertising activities),
for the processing of payments by us or our cooperation partners, for fraud checks by us or our cooperation partners and for debt collection by our cooperation partners,
for participation in competitions,
to statistically analyze your behavior on our social media accounts in order to optimize our offer and our contributions for you,
for the purpose of inviting a friend or other contact to use our website or our app.

At no time do we process special categories of personal data in accordance with Art. 9 GDPR (e.g. health data or data relating to your religion), unless you provide us with the relevant information without being asked when communicating with our customer service.

Should we wish to collect and process further personal data from you, we will inform you of this separately in advance and, if necessary, obtain your consent.

V. LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA

The processing of your personal data takes place on the basis of a legal permission standard, namely either on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR, or our overriding legitimate interest in the processing in accordance with Art. 6 para. 1 f) GDPR, or the fulfillment of the contract with you or the implementation of pre-contractual measures in accordance with Art. 6 para. 1 b) GDPR or the fulfillment of a necessary legal obligation to which Westwing is subject in accordance with Art. 6 para. 1 c) GDPR.

VI. RECIPIENTS OF YOUR PERSONAL DATA

Westwing remains the controller of your personal data collected on our website, in our app or on our social media accounts at all times.

Your data will only be passed on to third parties in the following cases, on the basis of the statutory provisions listed in each case:

If a transfer of your personal data is necessary for the fulfillment or execution of your contract (Art. 6 para. 1 b) GDPR; this includes, for example, data transfers to payment and logistics service providers or suppliers if they supply you directly), or
if this is necessary to fulfill a legal obligation (Art. 6 para. 1 c) GDPR; this includes, for example, data transfers to government agencies and law enforcement authorities to comply with our legal obligations to disclose, provide information and make statements or to pursue recourse claims), or
on the basis of our predominantly legitimate interest or the predominantly legitimate interest of a third party (Art. 6 para. 1 f) GDPR; this includes, for example, data transfers in the context of certain assignments of claims or for administrative purposes within the group of companies), or
if we use external service providers, so-called processors, for the processing of your personal data, who have been obliged to handle your data with care and who act exclusively on our behalf and in accordance with our instructions (Art. 28 GDPR; this includes, for example, service providers who provide the technical infrastructure).

Apart from this, we only transfer your personal data to third parties if you have given us your consent to the data transfer in question in accordance with Art. 6 para. 1 a) GDPR, whereby you can revoke your consent at any time with effect for the future.

VII. DATA TRANSFER TO THIRD COUNTRIES

When transferring your personal data to third countries, i.e. external bodies outside the European Union ("EU") and the European Economic Area ("EEA"), we ensure that the external bodies concerned treat your personal data with the same care as we do.

In addition, we only transfer your personal data to third countries for which the EU Commission has confirmed an adequate level of protection or if a level of data protection comparable to that in the EU or EEA can be guaranteed by contractual agreements or other suitable guarantees (Art. 45 et seq. GDPR). Such agreements or other appropriate safeguards are accessible upon request at anfrage@projekt29.de.

VIII. DELETION OF YOUR PERSONAL DATA

Provided there are no statutory retention periods (e.g. under commercial and tax law) to the contrary, we only store your personal data for as long as is necessary for the respective purpose of processing or until you request that your personal data in question shall be deleted.

Such retention periods under tax or commercial law apply, for example, to data in connection with your orders, such as invoices. The latter are stored for ten years, for example.

Accounts of customers who have not actively used their account for more than six years will be deleted by us.

So-called. Log files that we collect when you surf our website or use our app for network security and abuse prevention purposes are generally stored for 20 days and only in individual cases, if longer storage is necessary to investigate possible cyber-attacks, fraud or abuse, for 180 days. Your data will then be deleted or anonymized in such a way that it can no longer be associated with you as a person.

IX. DETAILS ON THE PROCESSING OF YOUR PERSONAL DATA

1. DATA PROCESSING WHEN SURFING ON OUR WEBSITE

When you visit our website, the following technically required information is collected and stored in so-called "server log files". Your browser automatically transmits this information to us so that our website can be displayed in your browser and you can use our website:

The IP address of your Internet service provider,
the website from which you visit us and the websites that you visit from our website,
Date and time of access and crash data,
Information about the browser and operating system used,
Your e-mail address that you use to register on our website,
Identification numbers that are stored in so-called cookies or eTags on your end device and by means of which we can recognize your end device on the website,
Page and product views or clicks.

Such information is collected through cookies and similar technologies. You will find detailed information on the use of cookies on our website in Section X. The processing of your personal data collected through the use of absolutely necessary cookies on our website is based on the satisfaction of our legitimate interest in accordance with Art. 6 para. 1 f) GDPR. In particular, our legitimate interest is to be able to provide you with a technically functional, user-friendly and secure website. For example, the processing or storage of your aforementioned access data or your IP address is necessary for technical reasons in order to provide and ensure system security on our website.

In addition, the processing of information collected through functional, performance and marketing cookies is based on your consent (Art. 6 para. 1 a) GDPR). For detailed information on the processing of personal data collected through the use of cookies and similar technologies, please refer to Section X.

The access data collected when you visit our website is only stored for the period of time for which this data is required to achieve the aforementioned purposes. The server log files are stored for a maximum of 180 days and then deleted.

2. DATA PROCESSING WHEN SETTING UP A CUSTOMER ACCOUNT

To create your customer account, we need your e-mail address and a password of your choice. We also collect the following contact details: Your name, your address, your desired form of address (if provided by you), your telephone number (if provided).

Your e-mail address serves as your access code for your customer account. After successful registration, you will automatically receive a confirmation e-mail. In the personal area of the customer account ("My account") you can update all details at any time.

The legal basis for this is Art. 6 para. 1 b) GDPR, according to which the processing of personal data is permitted for the performance of a contract or for the implementation of pre-contractual measures.

We would like to make your visit to our website as pleasant as possible by means of the "stay logged in" function. This function allows you to use our services without having to log in again each time. Technically speaking, a cookie is stored on your device so that you do not have to log in again on subsequent visits to our website. This function is not available to you if you have deactivated this cookie via the cookie settings or if you have deleted the cookie in your browser settings after logging out of our website.

3. DATA PROCESSING FOR HANDLING YOUR ORDER

If you place an order with us, the processing of your data serves to conclude and execute the contract and to process your order, including payment and delivery.

The legal basis for the associated data processing is Art. 6 para. 1 b) GDPR, according to which the processing of personal data is permitted for the fulfillment of a contract or for the implementation of pre-contractual measures.

We delete your personal data processed in the context of orders at the latest after expiry of the statutory retention obligations or if you have not actively used your customer account for more than six years.

3.1. CHOOSE YOUR PREFERRED PAYMENT METHOD

Depending on your preferred payment method, the data required for this will be forwarded directly to the respective payment service provider. The respective payment service provider is responsible for your payment data.

If you do not agree with the payment methods offered to you, you can inform us of this in writing by sending an email to service@westwing.gr. We will then reconsider our decision taking your point of view into account.

3.1.1. CREDIT CARD PAYMENT

When you pay by credit card, we receive the so-called payment ID and the last four digits of your credit card number from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland. These are used to authenticate and assign your order and the transmission is therefore for your security. The personal data required to process the payment is collected directly by the aforementioned payment service provider.

The legal basis for the above data processing is Art. 6 para. 1 b) GDPR, according to which processing is permitted for the performance of the contract, or Art. 6 para. 1 f) GDPR, as our legitimate interest in offering you a secure credit card payment option outweighs this in the context of a balancing of interests.

3.1.2. APPLE PAY

If you choose the Apple Pay payment method to pay for purchases directly via your bank account, we will receive the relevant account details from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland. The personal data required for processing and handling the payment is collected directly by the aforementioned payment service provider.

The legal basis for the aforementioned data processing is Art. 6 para. 1 b) GDPR, according to which the processing of the data is permissible for the fulfillment of the contract or Art. 6 para. 1 f) GDPR, since our legitimate interest in offering you a secure payment option via Apple Pay outweighs this in the context of a balancing of interests. You can find more information on data protection at Apple Pay on the Apple Pay website: https://support.apple.com/de-de/101554.

3.1.3. GOOGLE PAY

If you choose the Google Pay payment method to pay for purchases directly via your bank account, we will receive the relevant account details from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland. The personal data required for processing and handling the payment is collected directly by the aforementioned payment service provider.

The legal basis for the aforementioned data processing is Art. 6 para. 1 b) GDPR, according to which the processing of the data is permissible for the fulfillment of the contract or Art. 6 para. 1 f) GDPR, since our legitimate interest in offering you a secure payment option with Google Pay outweighs this in the context of a balancing of interests.

You can find more information about data protection at Google Pay on the Google Pay website: https://support.google.com/googlepay/answer/9039712?hl=de.

3.1.4. PAYPAL

If you choose the PayPal payment method, your personal data required for this (i.e. your first and last name, your delivery address, your e-mail address, your telephone number, the amount to be paid and your IP address) will be transmitted to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, so that you can authorize the payment to us via PayPal. You will need a PayPal account for this.

The legal basis for the aforementioned data processing is Art. 6 para. 1 b) GDPR, according to which the processing of personal data is permitted for the fulfillment of a contract or for the implementation of pre-contractual measures.

You can find more information on data protection at PayPal on the PayPal website at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

3.1.5. KLARNA

If you choose the Klarna payment method with immediate payment or payment within 30 days, payment in three interest-free instalments or interest-bearing financing through Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden ("Klarna Bank AB"; registered in the Swedish Trade Register under: 556737-0431), your personal data (i.e. your contact and identification data, your payment information) will be transferred to Klarna Bank AB.

More information can be found at the following link: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/es_es/privacy.

4. FRAUD PREVENTION

In order to avoid fraud and payment defaults, we manually check frequent fraud patterns and anomalies with the partial help of a fraud prevention service provided by our cooperation partner Shopify International Limited, Victoria Buildings 1-2, Haddington Road, Dublin 4, D04. For this purpose, order and payment data (e.g. address, article, payment method) and device information (e.g. device, browser) are processed. The legal basis is Art. 6 para. 1 f) GDPR based on our legitimate interest in protecting against misuse.

If an automated check reveals that fraud is suspected, you will be informed of this and of the specific possibility of lodging a complaint by a Westwing employee.

In addition, we may transmit information about non-debt-related behavior to individual credit agencies, such as SCHUFA, to prevent fraud (for example, in the case of credit card fraud). This is done in accordance with the legal requirements, insofar as it is necessary to safeguard our legitimate interests and the legitimate interests of third parties and there is no reason to assume that your interests or fundamental rights and freedoms, which require the protection of personal data, prevail. The processing is therefore carried out for the purpose of fraud prevention on the basis of Art. 6 para. 1 f) GDPR.

5. DATA PROCESSING WHEN CONTACTING US

5.1. CHANNELS TO GET IN TOUCH WITH US

You have various options for contacting us. You can reach our customer service via the following communication channels:

by telephone,
by letter,
by e-mail,
or via contact form.

In order to be able to process your request, we collect your name, your e-mail address, your telephone number, your customer, order and article number, as well as any other information you provide to us, depending on the communication channel you use to contact us.

The legal basis for this is Art. 1 b) GDPR, according to which the data processing is necessary for the fulfillment of the contract or Art. 6 para. 1 f) GDPR, based on our legitimate interest in processing inquiries from visitors to our website.

5.2. OUR CUSTOMER SERVICE SYSTEM ZENDESK

We use the Zendesk customer service system to process your contact requests. The service provider is Zendesk, Inc, 1019 Market Street in San Francisco, CA 94103 USA.

We use Zendesk to process your customer inquiries quickly and efficiently. We would like to point out that you can also send your inquiries only by entering your e-mail address and without giving your name.

As we have concluded an order processing contract with Zendesk, your personal data may only be processed by Zendesk in accordance with our instructions and in compliance with the GDPR.

Your data may be transferred to Zendesk servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR.

The legal basis for data processing by Zendesk is our legitimate interest pursuant to Art. 6 (1) f GDPR. If you do not agree to your request being processed via Zendesk, you can alternatively contact us by email or telephone.

Further information can be found in Zendesk's privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.

6. DATA PROCESSING FOR ADVERTISING PURPOSES

6.1. SENDING OF ADVERTISING E-MAILS

If you have consented to this, Westwing will regularly send you the Westwing newsletter by e-mail to inform you about the latest trends in the Home & Living area, must-have Home & Living styles, highlights of the Westwing online and retail stores as well as special offers or "Sales of the Day" and "Sales Highlights of the Week" ("Newsletter"). Details on this can be found in section 6.1.1.

Subject to your consent, you will also receive e-mail notifications from us about personal benefits - such as vouchers or special promotions -, reminders about the products in your shopping cart, reviews of the Westwing products you have purchased and opinion polls regarding Westwing or Westwing's services ("Notifications"). You can also find details on this under Section 6.1.1.

If you have already purchased a product or service from us and have not objected to receiving it, you will also receive promotional emails from us about similar products and/or services by email. You can find details on this under section 6.1.2.

6.1.1. SENDING OF ADVERTISING E-MAILS BASED ON YOUR CONSENT

If you have given your consent on our website by ticking a checkbox, we will send you newsletters and/or notifications by e-mail.

Please note, however, that we will only send you newsletters and/or notifications by email if you have previously expressly confirmed to us by clicking on a button that you wish to receive the relevant emails. We will send you the relevant button in a notification e-mail following receipt of your consent to the e-mail address you have provided (so-called "double opt-in procedure"). This serves to prevent misuse by third parties who could use your e-mail address to register you for the Westwing newsletter or Westwing notifications without your consent. The legal basis for the double opt-in procedure is Art. 6 para. 1 f) GDPR, as we have a predominantly legitimate interest in preventing such misuse and documenting your consent.

The relevant legal basis under data protection law for the processing of your personal data in connection with the sending of the aforementioned advertising emails is your consent pursuant to Art. 6 para. 1 a) GDPR.

You can withdraw your consent at any time with effect for the future as follows:

Click on the unsubscribe link at the end of our promotional emails so that you are redirected (depending on whether you want to unsubscribe from the newsletter or an email notification) to the newsletter management or notification management section in your customer account (together "Promotional email management"). There you can simply uncheck the boxes with the newsletters or notifications that you no longer wish to receive.

Optionally, you can also log into your customer account and then click on the "My newsletters" or "My notifications" tab (depending on the type of emails you wish to unsubscribe from) and then unsubscribe from the relevant newsletters or notifications that you no longer wish to receive in the aforementioned newsletter management or notification management by removing the corresponding checkmark.

You can also withdraw your consent to receive newsletters and/or notifications and unsubscribe from receiving the relevant promotional emails by sending an email to service@westwing.gr.

With the help of our advertising e-mail administration mentioned above, we enable you to declare and revoke your consent to receiving our newsletters and/or notifications in a differentiated manner. By checking or unchecking a box, you can decide individually whether and when or how often you would like to receive a newsletter or notification by e-mail, depending on which newsletter you are interested in or which notification you consider useful and how often you would like to receive the newsletter or notification(s) in question.

Please note that we use standard market technologies in our advertising emails to measure the opening of the emails and/or the links you click on. We use this data for general statistical evaluations and to optimize and further develop our content and customer communication. This is done with the help of small graphics that are embedded in the newsletter (so-called pixels). The legal basis for this is our legitimate interest in the optimization and further development of our content and customer communication (Art. 6 para. 1 f) GDPR). If you do not want this analysis of your usage behavior, you can unsubscribe from receiving advertising emails at any time or deactivate graphics in your email program by default.

Our newsletters and notifications are sent via the mailing service provider Braze, Inc., 318 West 39th Street, 5th Floor, New York, New York 10018, USA (“Braze”). A data processing agreement in accordance with Art. 28 GDPR has been concluded with Braze for the processing of personal data. Further information can be found in Braze's privacy policy https://www.b raze.com/company/legal/privacy.

6.1.2. SENDING E-MAILS WITH ADVERTISEMENTS FOR PRODUCTS AND SERVICES THAT MAY BE OF INTEREST TO YOU BASED ON YOUR PREVIOUS PURCHASING BEHAVIOR

If you have provided your e-mail address when purchasing a product or service in our online store, we will send you offers and information on products and services from our range that may be of interest to you, as you have already purchased similar products and services from Westwing. In addition, we will send you product evaluation and feedback surveys to ask you about your satisfaction with products you have purchased or services you have used (e.g. our customer service). However, such advertising emails will only be sent if you have not objected to receiving them - despite our corresponding notice below the purchase button.

The relevant legal basis under data protection law for the processing of your personal data is our legitimate interest pursuant to Art. 6 (1) f) GDPR in conjunction with Section 7 (3) UWG. § Section 7 (3) UWG.

You can also object to receiving the relevant advertising emails at any time by simply clicking on the unsubscribe link at the end of our advertising emails. Optionally, you can log into your customer account and unsubscribe via the advertising email administration (see section 6.1.1.). You can also subsequently object to receiving the relevant advertising emails by sending an email to service@westwing.gr.

6.2. NEWSLETTER DISPATCH VIA WHATSAPP

We also make it possible for you to receive our newsletter via a "WhatsApp" message. To send the newsletter via WhatsApp, we use the WhatsApp Business app.

For this purpose, we cooperate with our processors charles GmbH, Gartenstraße 86-87, 10115 Berlin, Germany and Braze, Inc, 318 West 39th Street, 5th Floor, New York, New York 10018, USA, ("Braze").

With regard to the use of WhatsApp, the data protection provisions of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, apply. These stipulate, among other things, that every WhatsApp message is end-to-end encrypted and therefore protected from access by third parties.

The legal basis for the processing of your data by Westwing is Art. 6 para. 1 a) GDPR, as you have consented on our website and confirmed through your WhatsApp message that you would like to receive newsletters via this channel, i.e. news on new products and interior trends. You can revoke your consent at any time with effect for the future by sending the message "Stop".

Westwing is committed to complying with the WhatsApp Business privacy policy, which you can find here: https://business.whatsapp.com/privacy-protections.

7. DATA PROCESSING FOR COMMUNICATION WITH YOU ON OUR WEBSITE AND VIA OUR APP

We use the service provider "Braze " to communicate with you on our website and in our app. For this purpose, we show you so-called "overlays" with an interaction option, for example.

Braze is also used to send you push notifications in our app.

Braze processes the following personal data for this purpose, among others: Your IP address, device-related data such as device type, model, operating system, browser type and version, usage-related information such as usage time, first name, email hash, Braze SDK and message interaction data, installation ID, device ID.

The legal basis for the processing of your personal data is Art. 6 para. 1 a) GDPR. You can withdraw your consent at any time with effect for the future. The easiest way to withdraw your consent is via our Cookie Consent Manager.

You can find more information on Braze's compliance with data protection here: https://www.braze.com/privacy/.

8. DATA PROCESSING FOR PARTICIPATION IN COMPETITIONS

If you take part in competitions, we will only process the data that is required to run the competitions (Art. 6 (1) (b) GDPR). Please note the respective data protection information in the conditions of participation for the respective competition.

9. DATA PROCESSING WHEN USING THE SOCIAL MEDIA FAN PAGES

Westwing is active and present within social networks and platforms in order to communicate with interested parties and users and to inform them about further Westwing offers. Below we provide you with an overview of the processing and use of your personal data when you visit our social media accounts:

9.1. FACEBOOK AND INSTAGRAM

We operate "fan pages" on the social networks of "Facebook" and "Instagram" in joint responsibility with Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, in order to communicate with followers (such as our customers and interested parties) and to inform them about our products, competitions and other promotions.

With the help of meta statistics on the use of our "Fanpages" (e.g. information on the number, names, interactions such as likes and comments as well as summarized demographic and other information or statistics; "Insights data"), we receive information on how our "Fanpage" is used, what interests the visitors to our "Fanpages" have and which topics and content are particularly popular, so that we can optimize our "Fanpage content" and adapt it to our users' interests. The Insights data only contains statistical, depersonalized information about visitors to the fan page, which therefore cannot be assigned to a specific person. You can find more information on the type and scope of these statistics in the meta page statistics notes. Further information on the respective responsibilities and the processing of your data by Meta can be found at: https://www.facebook.com/legal/terms/information_about_page_insights_data, https://help.instagram.com/1533933820244654.

Please note that we have no influence on the data processing carried out by Meta under its own responsibility in accordance with the Facebook and Instagram terms of use. However, we would like to point out that when you visit the "Fanpages", data on your usage behavior is transferred from Facebook/Instagram and the "Fanpages" to Meta. Meta itself processes your personal data in order to compile the aforementioned statistics and for its own market research and advertising purposes. We have no access to this data.

If we receive your personal data when operating the fan pages, you are entitled to the rights set out in this privacy policy. If you wish to assert your rights against Facebook beyond this, you can also contact Facebook directly. We will be happy to support you in asserting your rights to the extent possible and will forward your requests to Meta.

The legal basis for this data processing is Art. 6 para. 1 f) GDPR based on our aforementioned legitimate interest in being able to provide you with our Facebook "Fanpages" for marketing and advertising purposes.

You can find more information on this in Meta's privacy policy at: https://de-de.facebook.com/policy.php/.

9.2. YOUTUBE

We use so-called "plugins" of the "YouTube" platform to integrate our own videos and make them publicly accessible. YouTube is a service provided by a third party not affiliated with us, namely YouTube LLC operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; ("Google").

As soon as you access our YouTube channel, your browser establishes a connection to YouTube and transmits information. The integration of YouTube content only takes place in the so-called "extended data protection mode". This is provided by YouTube itself and, according to its own information, ensures that YouTube user information (e.g. cookies) is only stored on the device when the video(s) is/are played. When you access the videos in question, your IP address, unique identifiers, the type and settings of your browser, the type and settings of your end device, the operating system, information about the mobile network such as the name of the mobile network provider and the telephone number as well as the version number of the app are transmitted to YouTube. YouTube also collects data about the interaction of your apps, browsers and devices with its own services. This is because the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video or not. The data transmitted includes the IP address, crash reports, system activities and the date, time and referral URL of your request. In addition, YouTube collects data about your activities (e.g. terms you search for, videos you watch, etc.). All data collected about you via our YouTube channel is processed by YouTube. According to YouTube, this information is used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behavior. YouTube also uses cookies to collect information about user behavior. The storage of these cookies can be prevented by appropriate browser settings and extensions. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.

In addition, we occasionally integrate videos stored on YouTube directly into our website by means of so-called "plugins". With this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technique is also known as "framing". If you call up a (sub)page of our website on which YouTube videos are integrated in this form, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser. We have no influence on the scope and content of the data that is transmitted to YouTube and possibly other YouTube partners by activating the plugin. Among other things, the YouTube server is informed which of our pages you have visited.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 sentence 1 a) GDPR. This means that we will not use this service unless you have consented to its use. You can withdraw your consent at any time with effect for the future, most easily via our Cookie Consent Manager.

You can find out more about the information YouTube receives and how it is used in YouTube's privacy policy at: https://policies.google.com/privacy.

9.3. TIKTOK

We publish short video clips (so-called "Reals") on the "TikTok" platform and in the TikTok app to advertise our products and our online store. If you visit the TikTok website or app, TikTok Inc, 10100 Venice Blvd, Culver City, CA 90232, USA ("TikTok") collects and processes your personal data.

TikTok makes a certain portion of this data available to the owners of TikTok profiles in anonymized and aggregated form. This is the number of new followers, demographic data such as gender and country, without reference to identifiable persons. Westwing is therefore unable to identify any visitor to the TikTok profile. As the owner of this profile, Westwing also receives anonymized statistical data (so-called "Insights data") from TikTok. This data cannot be used to draw any conclusions about the respective visitor. The data contained in the statistics is used by us exclusively for the analysis of user behavior so that we can better align our TikTok profile and our offer to the needs and interests of visitors.

The use of your data transmitted to us by TikTok is based on our legitimate interest in accordance with Art. 6 para. 1 f) GDPR to carry out data analyses and to statistically record the use of our TikTok profile, to optimize our offer for you, to market our contributions and videos on our website and to continuously improve and manage our offer and our products.

Further information on data processing by TikTok can be found in TikTok's privacy policy at: https://www.tiktok.com/legal/privacy-policy?lang=de.

9.4. PINTEREST

We operate a Westwing account on the "Pinterest" platform and in the Pinterest app on which we publish inspiration on home & living topics and advertise our products. Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103, USA ("Pinterest") is responsible for the Pinterest services.

When you sign up for an account, Pinterest processes the data you provide, such as your name, email address, phone number, photos, pins and comments. In addition, Pinterest collects and processes your IP address, which is used to approximate your location if you choose to share your exact location, as well as other internet and electronic network activity (including which "pins" you click on, which "boards" you create and what text you add in a comment or description).

The legal basis for this data processing is Art. 6 para. 1 f) GDPR based on our legitimate interest in being able to provide you with our Pinterest platform for marketing and advertising purposes.

You can find more information at https://policy.pinterest.com/en/privacy-policy.

11. DATA PROCESSING BY SHOPIFY

To provide our online store and process your payments, we work with the service provider Shopify International Limited, Victoria Buildings 1-2, Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Shopify enables us to operate our online store via Shopify's cloud computing infrastructure and also processes payments for us.

Your data may be transferred to Shopify Inc. servers in the USA and/or Canada and stored there. The legal basis for this are so-called EU standard contractual clauses or the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR.

Shopify is used to provide our online store and to process your payments. The legal basis is therefore our legitimate interest within the meaning of Art. 6 para. 1 f) GDPR or the performance of your contract within the meaning of Art. 6 para. 1 b) GDPR.

Shopify acts as our processor or controller, depending on the processing activity.

Further information on data processing and data protection by Shopify can be found at https://www.shopify.com/legal/privacy.

X. COOKIES AND SIMILAR TECHNOLOGIES

We use so-called "cookies" and similar technologies (such as so-called "web beacons", "pixels", "tags") on our website and in our app.

Web beacons are small GIF files that can be hidden in other graphics, emails or similar. Web beacons can identify your computer and evaluate your user behavior, such as reactions to advertising campaigns. The information collected by web beacons cannot be used to identify you.

Cookies are small text files that are transferred from an internet server to your browser and stored on its hard disk. There are so-called "session cookies", which are deleted as soon as you close your browser, and so-called "persistent cookies", which are stored on your end device for a longer period of time or indefinitely. A cookie contains a characteristic string of characters that enables your browser to be uniquely identified when you return to the website. This helps us to personalize our offer, make it more user-friendly, effective and secure and to enable the provision of certain functions.

Under the "Cookie settings" button on our Cookie Consent Manager, you can determine which cookies you want to allow at any time. This excludes strictly necessary cookies, which ensure essential functions of the website and our app.

There are basically four different categories of cookies:

1. ABSOLUTELY NECESSARY COOKIES

Strictly necessary cookies enable basic functions and are required for the proper functioning of the website and our app. They are used, for example, to process orders or enable you to remain logged in as a registered user when accessing various subpages of our website and our app. In addition, thanks to these cookies, you do not have to re-enter your login details every time you access a new page.

The legal basis for the use of strictly necessary cookies on our website and in our app is our legitimate interest in the technically flawless and user-friendly provision of our website and our app (Art. 6 para. 1 f) GDPR). The use of strictly necessary cookies is possible and legally permissible without your prior consent.

If you do not want your device to be recognized on your next visit, you can also reject the use of such cookies by changing the settings in your browser to "Reject cookies". The respective procedure can be found in the operating instructions of your respective browser. With a corresponding browser setting, you will be informed about the setting of cookies and can allow cookies only in individual cases or exclude the acceptance of cookies for certain cases or in general. It is also possible to activate the automatic deletion of cookies when the browser is closed.

If you refuse the use of certain cookies, the use of some areas of our website and our app may be restricted.

2. FUNCTIONAL COOKIES

Functional cookies enable us to save information you have already entered (such as your registered name) and to offer you improved and customized functions. If you do not allow these cookies, some of these services may not work properly.

The relevant data processing takes place on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR. You can revoke your consent at any time with effect for the future, most easily via the Cookie Consent Manager.

3. PERFORMANCE COOKIES

Performance cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. The data collected by the cookies allows us to understand, among other things, which areas are most popular, which are least used and how visitors move around our website. All information collected by these cookies is aggregated and cannot be readily attributed to you.

Data processing is carried out on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR. You can revoke your consent at any time with effect for the future, most easily via the Cookie Consent Manager.

4. MARKETING COOKIES AND SIMILAR TECHNOLOGIES

Marketing cookies and similar technologies (e.g. "pixels") enable us to show you personalized and therefore relevant advertising content and to measure the effectiveness of our advertising measures.

Marketing cookies and similar technologies are not only set on our website, but also on other (advertising) partner websites ("third party cookies"). This so-called "retargeting" is used to place relevant advertising on other websites and to analyze the relevant target groups of products and services.

The data processing takes place on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR. You can revoke your consent at any time with effect for the future, most easily via the Cookie Consent Manager. If you do not allow these cookies, you will be shown less advertising that is relevant to you.

5. DETAILS OF THE COOKIES WE USE

5.1. REQUIRED COOKIES

5.1.1. GOOGLE RECAPTCHA

We use the service "Google reCAPTCHA" which is offered for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

With the help of this service, we can distinguish whether an entry is made by a natural person or abusively by machine and automated processing.

When using the service, your IP address and any other data required by Google for the reCAPTCHA service will be transmitted to Google.

This data is processed on the basis of our legitimate interest in exercising personal responsibility on the Internet and preventing misuse and spam (Art. 6 (1) (f) GDPR).

The data concerned may be transferred to Google servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) pursuant to Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

You can find more information about Google reCAPTCHA and Google's privacy policy at: https://www.google.com/intl/de/policies/privacy/.

5.1.2. ONE TRUST

We work with the service provider OneTrust, LLC, 1350 Spring St NW, Atlanta, GA 30309 ("OneTrust") to obtain and manage your consent. This is done via our cookie consent manager or cookie banner, which appears on your first visit to our website or in our app and which informs you about data processing or specifically cookies and other technologies on our website and in our app and allows you to reject or accept the setting of individual cookies and other technologies.

You can also call up the cookie banner again and change your selection. In addition, the cookie banner will appear when you visit our website and our app if you have deactivated the storage of cookies or if the cookies have been deleted by OneTrust or have expired.

Specifically, your consents or revocations, your IP address, information about your browser and your end device at the time of your visit are transmitted to OneTrust and information is stored on your end device.

The relevant legal basis is Art. 6 para. 1 f) GDPR, as we have a legitimate interest in complying with the legally required documentation of your cookie consents and cookie management.

The relevant data may be transferred to OneTrust servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) in accordance with Art. 45 GDPR.

5.2. FUNCTIONAL COOKIES

5.2.1. VIMEO PLUGINS

We use the "Vimeo" service of Vimeo LLC, 555 West 18th Street, New York 10011, USA ("Vimeo"), among others, for the integration of videos.

Vimeo uses so-called "plugins" for this purpose. When you call up the web pages provided with such a plugin, a connection to the Vimeo servers is established and the information about which of our web pages you have visited is transmitted. If you are logged in to Vimeo, Vimeo assigns this information to your personal user account. When you use the plugin, e.g. by clicking on the start button of a video, this information is also assigned to your user account.

The relevant data may be transferred to Vimeo servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) pursuant to Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

Further information on data processing and notes on data protection by Vimeo can be found at https://vimeo.com/privacy.

5.2.2 ALGOLIA

We use the "Algolia" service from Algolia SAS, 55 Rue d'Amsterdam, 75008 Paris, France ("Algolia") to search and index content on our website and app. For this purpose, your IP address and your search queries are forwarded to the Algolia server.

Algolia also creates reports for us with corresponding evaluations and search analyses.

In this respect, Algolia helps us to improve the findability of our offers, the search experience and the satisfaction of our customers.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 a) GDPR. You can revoke your consent at any time with effect for the future, the easiest way to do this is via our Cookie Consent Manager.

Further information can be found in Algolia's privacy policy: https://www.algolia.com/policies/privacy.

5.3. PERFORMANCE COOKIES, ESP. GOOGLE ANALYTICS WITH CONERSION TRACKING

We use the "Google Analytics" service, a web analysis service from Google, which sets pixels and performance cookies, among other things, to store information on your end device.

This enables us to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze your usage behavior across devices and improve our website and our app and make it more interesting for you. For this purpose, we also receive statistics from Google about your use of our website and our app.

Google Analytics 4 also uses artificial intelligence to automatically analyze and enrich the data. This is mainly done to create forecasts on the future behavior of website and app visitors based on structured event data (e.g. predicted sales, purchase probability and churn probability). These forecast values can also be used for forecast target groups. You can find out more about this at: https://support.google.com/analytics/answer/9846734?hl=de

Google Analytics 4 also models conversions if there is not enough data available in order to optimize the data analysis. You can find more details on this at: https://support.google.com/analytics/answer/10710245?hl=de.

Google Analytics 4 does not log or store individual IP addresses. However, Google Analytics 4 provides rough geographic location data by deriving the following metadata from IP addresses: City (and the city's inferred latitude and longitude), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively to derive geolocation data before it is immediately deleted. It is not logged, is not accessible and is not used for any other purpose.

The relevant data may be transferred to Google servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) pursuant to Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent. Due to the activation of IP anonymization on this website, your IP address will be shortened before transmission to the USA or to EU member states or EEA contracting states. Only in exceptional cases will your entire IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 a) GDPR. This means that we do not use these services unless you have consented to the use of Google Analytics with conversion tracking. You can withdraw your consent at any time with effect for the future, most easily via our Cookie Consent Manager.

You can also prevent the collection of your data (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further details on data processing by Google Analytics with conversion tracking can be found at: http://www.google.com/analytics/terms/de.html, http://www.google.com/intl/de/analytics/learn/privacy.html, and http://www.google.de/intl/de/policies/privacy.

5.4. MARKETING COOKIES AND SIMILAR TECHNOLOGIES

5.4.1. CUSTOM AUDIENCE / META PIXEL

We use "Custom Audiences" on our website with the so-called "pixel function" ("Meta Pixel") and the "server-side conversion API", which is operated for visitors outside the USA and Canada by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").

This allows us to show you interest-based advertising when you visit the social networks Facebook and Instagram, or other Meta apps and websites, and to track the effectiveness of our advertising. Through the meta pixels integrated on our website, your browser automatically establishes a connection with Meta's servers for extended matching of the integrated meta pixel. This gives Meta the information, for example, that you have clicked on a specific ad or product on our website, which in turn enables us to show you ads based on your interests on our website or on other websites.

If you are registered with a Meta service, Meta can assign the website visit to your account, as your personal data in the form of your e-mail and IP address are transmitted by us to Meta in hashed form via the pixel and partially enriched with existing tracking data. The country in which you are located is also transmitted. Even if you are not registered with Facebook or Instagram or have not logged in, it is possible that Meta will find out your aforementioned personal data and use it to create a profile.

The data concerned may be transferred to servers of Meta Platforms, Inc. in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) pursuant to Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 a) GDPR. This means that we do not use these services unless you have consented to the use of Facebook Custom Audiences or pixels. You can withdraw your consent at any time with effect for the future, most easily via our Consent Manager. Furthermore, if you are logged into your Facebook account, you can also object to data processing via the following link: https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu

Further information, in particular on the joint responsibility of us and Meta and on the purpose and scope of data processing by Meta as well as the setting options for protecting your privacy, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

5.4.2. PINTEREST TAG

In order to further optimize our Pinterest campaigns and measure their success, we use the "Pinterest Tag" service of the social network "Pinterest", which is offered to visitors from the European Economic Area by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest").

We use the Pinterest tag together with the "server-side conversion API" to display our Pinterest ads only to those Pinterest users who have shown an interest in our offer. At the same time, this ensures that the content of our ads is highly likely to match the interests of the respective user. We can also track the user behavior of Pinterest users who have clicked on one of our ads. For this purpose, Pinterest processes data that the service collects via cookies, web beacons and comparable storage technologies on our websites and in our app.

The following information is processed when the service is used: Device information (e.g. type, brand), operating system used (e.g. iOS 11), IP address of the device used, time of access to our offer, type and content of the campaign and the reaction to the respective campaign (e.g. clicking on a button) as well as the device identifiers, which consist of individual characteristics of your end device. We can also use these device identifiers to recognize your device on the website. The data collected in this way is anonymous to us and does not allow any conclusions to be drawn about your identity. If you log into your Pinterest account after visiting our website or if you visit our website while logged in, it is possible that this data will be stored and processed by Pinterest, which we would like to inform you about. Pinterest may be able to link this data to your Pinterest account and also use it for its own advertising purposes.

The relevant data may be transferred to servers of Pinterest, Inc. in the USA and stored there. The legal basis for this are so-called EU standard contractual clauses in conjunction with your consent.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 a) GDPR. This means that we will not use this service unless you have consented to the use of Pinterest Tag. You can withdraw your consent at any time with effect for the future, most easily via our Consent Manager.

You can find more information on the purpose and scope of data processing and the setting options for protecting your privacy in the Pinterest privacy policy, which you can access via the following link: https://policy.pinterest.com/de/privacy-policy.

5.4.3. MICROSOFT BING ADS

On our website we use the conversion tracking service "Microsoft Bing Ads" from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft Bing Ads places a cookie on your computer if you have reached our website via a Microsoft Bing ad. This allows us to recognize that you clicked on an ad and were redirected to our website. This helps us to understand how effective a particular ad is. However, we only receive information about the total number of users who clicked on a Bing ad and were then redirected to our website. No information about the identity of the user is shared.

The relevant data may be transferred to Microsoft servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) pursuant to Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

Further information on data processing and the cookies used by Bing Ads can be found at: https://privacy.microsoft.com/de-de/privacystatement.

5.4.4. GOOGLE ADS (FORMERLY ADWORDS) AND CONVERSION TRACKING

We use the services "Google Ads" and "Google Conversion Tracking", which are offered to persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

This enables us to place Google Ads and take your interests and location into account.

When you click on a Google ad, a cookie is temporarily set on your computer, which allows us to recognize that you have clicked on the ad and have been redirected to this page.

With the help of the conversion statistics created on this basis, we learn the total number of users who clicked on the ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information through which users can be personally identified.

If you use a Google Account, Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalize ads, depending on the settings stored in your Google Account. If you do not want this assignment to your Google account, you must log out of Google before visiting our website. You can also prevent the relevant cookies from being set by changing the settings in your browser software or on the Google website.

You can find more information about Google Ads and conversion tracking as well as Google's privacy policy at: https://www.google.com/privacy/ads and https://policies.google.com/privacy.

5.4.5. GOOGLE DYNAMIC REMARKETING

We also use the remarketing function "Google Dynamic Remarketing". This service is used to present you with interest-based advertisements on other websites after you have visited our website. The ads are based on the products and services that you clicked on during your last visit to our website. For this purpose, Google sets cookies that are temporarily stored in your browser. Google only stores information such as your web request, IP address, browser type, browser language, date and time of your request.

You can find more information about Google Dynamic Retargeting and Google's privacy policy at: https://www.google.com/privacy/ads and https://policies.google.com/privacy.

5.4.6. GOOGLE AD MANAGER (FORMERLY DOUBLECLICK)

We also use "Google Ad Manager" (formerly "Doubleclick"). This service uses cookies, pixels and other technologies to present you with interest-based advertisements based on previous visits to our or other websites. It also enables us to track how successful our advertising campaigns have been. According to its own statement, Google also processes the relevant data to optimize its own products and services.

If you use a Google Account, Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalize ads, depending on the settings stored in your Google Account. If you do not want this assignment to your Google account, you must log out of Google before visiting our website. You can also prevent the setting of the relevant cookies by adjusting the settings in your browser software or on the Google website.

You can find more information about Google Ad Manager and Google's privacy policy at: https://www.google.com/privacy/ads and https://policies.google.com/privacy.

5.4.7. YOUTUBE IN EXTENDED DATA PROTECTION MODE

We use the provider YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA ("YouTube"), among others, to embed videos on our website. When you visit our website with videos embedded by YouTube, your browser establishes a direct connection to YouTube's servers in order to display the content to you. The content accessed can be recorded by your browser. If you are logged into your YouTube account, YouTube can assign your usage behavior to your personal profile. You can prevent this by logging out of your YouTube account before you visit our website.

The relevant data may be transferred to YouTube servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) pursuant to Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 sentence 1 a). This means that we will not use this service unless you have consented to its use. You can withdraw your consent at any time with effect for the future, most easily via our Cookie Consent Manager.

You can find more information about YouTube's data processing in YouTube's privacy policy at: https://policies.google.com/privacy?hl=de&gl=de.

5.4.8 SEGMENT

We also use the "Segment" service of Segment Inc, 101 15th St San Francisco, CA 94103, USA ("Segment").

Segment collects and stores data from you from which usage profiles can be created using pseudonyms. These usage profiles are used to analyze your usage behavior and are evaluated to improve our offer for you. Cookies may be used for this purpose, which enable us to recognize you when you visit our website again. The pseudonymized user profiles are not merged with personal data about the bearer of the pseudonym.

The relevant data may be transferred to Segment's servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) pursuant to Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

Further information can be found in Segment's privacy policy: https://segment.com/docs/legal/privacy/.

5.4.9 HOTJAR

We use the web analysis service "Hotjar" from Hotjar Limited, Dragonara Road, Paceville St. Julian's STJ 3141, Malta ("Hotjar").

Hotjar uses cookies and other technologies to analyze and evaluate your usage behavior and your interactions with our website. This helps us to optimize your user experience on our website by giving us a better understanding of our users' experiences on our website (e.g. clicks, scrolls, mouse movements).

Your IP address is shortened before the usage statistics are analyzed so that no direct conclusions can be drawn about your identity.

You can find more information in the "about Hotjar" section at https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotja.

5.4.11. BRAZE

We use the web analysis service "Braze" from Braze, Inc, 318 West 39th Street, 5th Floor, New York, New York 10018, USA, ("Braze") to communicate with you on our website and in our app and to understand the function and use of our mobile content on your device. For example, we display pop-up windows with an interaction option.

Braze is also used to send push notifications in our app and on our website.

In addition, we use Braze to send you personalized promotions and information about our products tailored to you.

We will also inform you via Braze about items that you have forgotten in your shopping cart.

The data concerned may be transferred to Braze servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) pursuant to Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

You can find more information on Braze's compliance with data protection here: https://www.braze.com/privacy/.

5.4.11. CRITEO

We also use the remarketing tool "Criteo" from Criteo, SA, 32 Rue Blanche, 75009 Paris, France, on our website and in our app to show you personalized advertisements on partner websites and in apps about products that may be of interest to you based on the products you clicked on our website or in our app. For this purpose, the aforementioned data on your previous browsing behavior is linked by Criteo to a unique identifier, such as an identification cookie or other similar technology (e.g. mobile advertising IDs and non-cookie-based technologies).

Criteo and Westwing act as joint controllers within the meaning of Art. 26 GDPR.

The legal basis under data protection law is your consent in accordance with Art. 6 para. 1 a) GDPR. You can revoke this consent at any time with effect for the future - the easiest way is via our Cookie Consent Manager or at the following link: https://www.criteo.com/de/privacy/disable-criteo-services-on-internet-browsers/ - revoke your consent.

If Criteo transfers personal data to non-EU or EEA countries, Criteo will do so on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR or on the basis of suitable data protection guarantees pursuant to Art. 46 GDPR, for example the conclusion of the EU standard contractual clauses.

You can find more information about the processing of your data by Criteo here: http://www.criteo.com/de/privacy

5.4.12. KLEAR

We use the influencer marketing service "Klear", provided by Meltwater Deutschland GmbH, Jannowitz Center, Brückenstrasse 6, 10179 Berlin. This enables us to set up influencer marketing programs, measure and analyze influencer campaigns. Klear uses cookies to track the success of campaigns on our website.

These analyses help us to search for influencers in social networks by region, language, industry, hashtag and previous collaborations, among other things, and to make data-driven decisions about our influencer marketing strategy.

You can find more information here: https://klear.com/legal/cookies; https://klear.com/legal/privacy-notice-for-influencers.

5.4.13. GOOGLE CUSTOMER MATCH

We also use Google's "Google Customer Match" service, which enables us to display interest-based advertising to visitors to our website based on their previous browsing behavior on our website and third-party websites, as well as in apps and emails.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 a) GDPR. This means that we will not use this service unless you have consented to its use. You can withdraw your consent at any time with effect for the future, most easily via our Cookie Consent Manager. If you wish to prevent receiving interest-based advertising from Google Customer Match, you can also opt out of this via the following websites: http://www.networkadvertising.org/choices/; http://www.youronlinechoices.com/

You can find more information on Google's compliance with data protection here: https://support.google.com/google-ads/answer/6334160?sjid=2821624592503930728-EU

5.4.14. LEAD FORENSICS

We also use a B2B tool for sales and marketing from Lead Forensics, UK Headquarters, Communication House, 26 York Street, London, W1U 6PZ, UK ("Lead Forensics").

Lead Forensics uses a tracking code to identify companies that visit our website based on their business IP addresses. The Lead Forensics tracking code only collects information that is readily available in the public domain. The information in question is not used to personally identify an individual visitor. The IP addresses that are collected are anonymized immediately after storage.

Lead Forensics does not provide us with the IP addresses. It only provides us with information about which companies have visited our website, as well as the date and duration of their visit. This information enables us to analyze the use of our website and possibly contact these companies.

The information generated by the Lead Forensics tracking code is transmitted to Lead Forensics servers in the United Kingdom, where it is processed and stored. The legal basis for this is the adequacy decision of the European Commission of July 10, 2023 (so-called Data Privacy Framework) pursuant to Art. 45 GDPR or Art. 49 para. 1 a) GDPR in conjunction with your consent.

The legal basis for the processing of your data is your consent, Art. 6 para. 1 a) GDPR. This means that we will not use this service unless you have consented to its use. You can withdraw your consent at any time with effect for the future, most easily via our Cookie Consent Manager. To unsubscribe from tracking, you can also use the following link: https://optout.leadforensics.com/?clientID=786109.

5.4.15. TIKTOK ADS

We use the "TikTok Ads" service provided by TikTok Inc, 10100 Venice Blvd, Culver City, CA 90232, USA ("TikTok"), which enables us to display interest-based advertising to visitors to our website based on their previous surfing behavior on our website and on third-party websites as well as in apps and emails.

When you visit our website, a connection to the TikTok servers is established by setting a pixel, and personal data such as your IP address, pages visited and interactions can be logged.

The corresponding data may also be transferred to TikTok servers in the USA and stored there. The legal basis for this are so-called EU standard contractual clauses in conjunction with your consent.

The legal basis for processing your data is your consent in accordance with Art. 6 (1) a) GDPR. This means that we only use this service if you have given us your consent to do so. You can revoke your consent at any time with effect for the future, the easiest way to do this is via our Cookie Consent Manager.

You can find more information here: https://ads.tiktok.com/help/article/app-retargeting?lang=en; https://www.tiktok.com/legal/page/eea/privacy-policy/en.

5.4.16. CLARITY

We use the analytics tool Microsoft Clarity, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Clarity helps us understand how visitors interact with our checkout process (e.g. feature usage, error messages, and items in the cart) to identify technical issues and improve the user experience.

Clarity records user interactions in anonymized form, with any personal data (PII) automatically masked before processing. The information may be transmitted to and processed by Microsoft on our behalf.

The use of Microsoft Clarity is based on your consent in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.

As part of the use of Clarity, data may be transferred to the United States. The legal basis for this transfer is the U.S. Data Privacy Framework, to which Microsoft is certified. Where this framework does not apply, the transfer is based on the Standard Contractual Clauses (Art. 46(2)(c) GDPR) to ensure an adequate level of data protection.

For more information on how Microsoft processes data, please refer to the Microsoft Privacy Statement: https://www.microsoft.com/de-de/privacy

XI. TECHNICAL AND ORGANIZATIONAL MEASURES FOR DATA SECURITY

We have taken technical and organizational security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access by third parties, to ensure an appropriate level of protection and to protect your personal rights.

For example, we encrypt your personal data, including confidential content such as your contact requests, before it is transmitted and all of our employees as well as service providers and processors working for us have undertaken to comply with the applicable data protection regulations and data protection laws.

We regularly check that our numerous safety precautions are state of the art.

XII. YOUR RIGHTS AS A DATA SUBJECT

In accordance with the statutory provisions on data protection, you have the following rights with regard to your personal data at all times:

1. RIGHT TO INFORMATION

You have the right to request information about your personal data processed by us as well as a copy of this data.

2. RIGHT TO RECTIFICATION

You have the right to request the rectification of inaccurate data and, taking into account the purposes of the processing, the completion of incomplete data.

3. RIGHT TO ERASURE

You have the right to request the deletion of your data for the following reasons:

The storage of the data is no longer necessary for the purposes for which it was collected or otherwise processed,
You withdraw your consent on which the processing was based and there is no other legal basis for the processing,
You object to the processing and there are no overriding legitimate interests for the processing,
the personal data in question has been processed unlawfully,
or the deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States.

Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations. Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that the storage is no longer required for the respective purpose of processing and there are no legal or statutory retention obligations to the contrary.

4. RIGHT TO RESTRICTION OF PROCESSING

You also have the right to request the restriction of the processing of your data, provided that:

the accuracy of your personal data is contested by you, for a period enabling us to verify the accuracy of your personal data,

the processing is unlawful and you refuse the erasure of your personal data and instead request the restriction of the use of your personal data;

we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or

you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether our legitimate interests override yours.

5. RIGHT TO DATA PORTABILITY

If the legal requirements are met, you have the right to receive the data provided in a structured, commonly used and machine-readable format and to transmit this data to another controller or, if technically feasible, to have it transmitted by Westwing.

6. RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT DATA PROTECTION AUTHORITY

You also have the right to lodge a complaint with the competent data protection supervisory authority. To assert this right, you can for example reach out directly to the authority via poststelle@lda.bayern.de or send an email to: serice@westwing.gr.

7. RIGHT OF OBJECTION

If your personal data is processed on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence f) GDPR, you also have the right to object to the processing of your personal data for reasons arising from your particular situation, e.g. by sending an email to: service@westwing.gr. We will then no longer process your personal data for these purposes, unless our legitimate interest prevails in individual cases.

8. RIGHT OF REVOCATION

If your personal data is processed on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR, you have the right to withdraw your consent at any time with effect for the future, e.g. by sending an email to service@westwing.gr.

If you wish to assert one of the aforementioned rights, you can also contact our external data protection officer at any time by e-mail at: anfrage@projekt29.de.

XIII. AMENDMENTS TO THIS PRIVACY POLICY

We reserve the right to amend this privacy policy if this should be necessary, e.g. due to the use of new services or technologies. If fundamental changes are made, we will announce these on our website or by e-mail.

Status: June 2025