Privacy policy

UNBINDING CONVENIENCE AUTOMATED ENGLISH TRANSLATION:

We take the protection of personal data seriously. The protection and security of your personal data, i.e. all data relating to you ("Personal Data"), is our priority.

Therefore, we treat all data you entrust to us with the utmost care and in accordance with the applicable data protection regulations, namely the General Data Protection Regulation ("GDPR") and the applicable domestic data protection regulations.

Below you can find out what data we collect about you, how we collect it and on what legal basis, what we use it for, how we protect it and what rights you have in relation to its processing.

I. DATA CONTROLLER

The controller for the processing of your personal data when you visit our website at www.westwing.si or our app, including the sale of goods and the provision of services offered by us, and our Westwing accounts on the social media platforms "Facebook", "Instagram", "TikTok" and "Pinterest", among others, within the meaning of the GDPR, is:

Westwing GmbH, Moosacher Straße 88, 80809 Munich, Germany, E-mail: service@westwing.si ("Westwing" or "we").

Westwing and Westwing Group SE, Moosacher Straße 88, 80809 Munich, are in some cases also joint controllers with regard to the processing of personal data. In this regard, Westwing and Westwing Group SE have agreed in an agreement pursuant to Article 26 GDPR which of them fulfils which data protection obligations.

II. DATA PROTECTION OFFICER

If you have any questions about data protection, you can also contact our external Data Protection Officer, Mr Christian Volkmer, and his team at any time:

Christian Volkmer Project 29 GmbH & Co KG Ostengasse 14 93047 Regensburg Telephone: +49 (0)941 2986930 E-mail: anfrage@projekt29.de Website: www.projekt29.de

III. CATEGORIES OF PERSONAL DATA

Personal data collected when you visit our website, our app or our social media accounts may fall into the following categories:

Data collected when you browse our website or app, depending on which cookies you have agreed to (e.g. login data, i.e. the date and time you logged in to our website, language preferences, products in your shopping basket, or information about your preferences, e.g. in relation to product categories),
Information collected when you create a user account (e.g. your name, your address, your email address, your preferred title (if you provide one), your telephone number (if you provide one), your encrypted password for your user account),
Data processed in connection with your order (e.g. about the products you have purchased or the services you have used and the payment details you have provided to us),
your information that we collect when you contact us (e.g. your name, email address, telephone number, customer, order and item number and any other information you provide to us),
Information about you that we provide to our external service providers in certain cases to communicate with you on our website or app and to personalise communications (e.g. your name, email address or products of interest to you based on your browsing behaviour),
Data collected when you consent to receive newsletters, customer satisfaction surveys, product reminders and your behaviour in relation to the content of our promotional emails (e.g. opening a newsletter or clicking on a link in a newsletter),
Information about you that we receive from our cooperation partners (e.g. credit reference agencies, technical service providers, debt collection service providers or payment service providers) in certain cases,
Data we process for participation in prize draws (e.g. your name and email address),
Statistical or aggregate information about your behaviour when using our social media accounts,
Information about you that we receive from a friend or other person who wants to invite you to use our website or app (e.g. your email address).

IV. THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA

We use your personal data for a variety of purposes, including:

to provide certain technical functions on our website and app (e.g. to store your goods in a shopping basket) and to protect our website and app,
to analyse your behaviour on our website in order to optimise and make our offers and contributions more interesting for you,
for the purpose of creating a user account,
to execute and process orders for goods and services that you order from us (e.g. for the shipment of goods),
to contact you (e.g. to answer any questions you may have, to send you order confirmations and order notifications, or to inform you of changes that are important to you, such as changes to the applicable terms and conditions or this privacy policy),
for advertising and marketing purposes (e.g. to send you our newsletter, to inform you about coupons or special promotions, to remind you of your shopping basket history, to send you product reviews and opinion polls, or for other similar advertising activities),
to process payments by us or our collaborating partners, to check fraud by us or our collaborating partners and to collect debts owed by our collaborating partners,
to enter prize draws,
to statistically analyse your behaviour on our social media accounts in order to optimise our offer and our contributions to you,
to invite a friend or other person to use our website or app.

We never process special categories of personal data in accordance with Article 9 of the GDPR (e.g. health data or data about your religion), unless you provide us with the relevant data without being asked when you communicate with our customer service.

If we wish to collect and process additional personal data from you, we will specifically inform you in advance and, where necessary, obtain your consent.

V. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

The processing of your personal data is carried out on the basis of the standard of legal authorisation, either on the basis of your consent pursuant to Article 6(1)(a) GDPR or our overriding legitimate interest in the processing pursuant to Article 6(1)(f) GDPR or the performance of a contract with you or the performance of a pre-contractual measure pursuant to Article 6(1)(b) GDPR or the fulfilment of a necessary legal obligation to which Westwing is subject pursuant to Article 6(1)(c) GDPR.The processing of your personal data is carried out on the basis of the standard of lawful processing pursuant to Article 6(1)(f) GDPR or the performance of a contract or the performance of a pre-contractual measure pursuant to Article 6(1)(b) GDPR.

VI. RECIPIENTS OF YOUR PERSONAL DATA

Westwing will always remain the controller of your personal data collected on our website, app or social media accounts.

Your data will only be disclosed to third parties in the following cases, on the basis of the legal provisions set out on a case-by-case basis:

If the transfer of your personal data is necessary for the performance or performance of your contract (Article 6(1)(b) of the GDPR; this includes, for example, the transfer of data to payment and logistics service providers or suppliers if they supply you directly), or
if it is necessary for compliance with a legal obligation (Article 6(1)(c) of the GDPR; this includes, for example, the transfer of data to government agencies and law enforcement authorities for the purposes of compliance with our legal obligations to disclose, provide information and statements or pursue legal claims), or
on the basis of our overriding legitimate interest or the overriding legitimate interest of a third party (Article 6(1)(f) of the GDPR; this includes, for example, the transfer of data in the context of certain assignments of claims or for administrative purposes within a group of undertakings), or
if we use external service providers, so-called processors, to process your personal data, who are obliged to treat your data with care and act solely on our behalf and in accordance with our instructions (Article 28 of the GDPR; this includes, for example, service providers that provide technical infrastructure).

In addition, we only transfer your personal data to third parties if you have given us your consent to the data transfer in question in accordance with Article 6(1)(a) GDPR, and you may withdraw your consent at any time with effect for the future.

VII. TRANSFER OF DATA TO THIRD COUNTRIES

When we transfer your personal data to third countries, i.e. to external bodies outside the European Union ("EU") and the European Economic Area ("EEA"), we ensure that the external bodies concerned treat your personal data with the same level of care as we do.

In addition, we only transfer your personal data to third countries for which the EU Commission has certified an adequate level of protection or where contractual agreements or other appropriate safeguards can ensure a level of data protection comparable to that in the EU or EEA (Article 45 et seq. of the GDPR).

VIII. DELETION OF YOUR PERSONAL DATA

In the absence of statutory retention periods (e.g. under commercial and tax law), we will only retain your personal data for as long as is necessary for the relevant purpose of the processing or until you inform us that the personal data concerned must be erased.

Such retention periods under tax or commercial law apply, for example, to data relating to your orders, such as invoices. For example, these are kept for ten years.

We will delete the user accounts of customers who have not actively used their account for more than six years.

So-called. The log files we collect when you browse our website or use our app are kept for 20 days for network security and abuse prevention purposes in general, and 180 days in individual cases only, if longer retention is necessary to investigate possible cyber-attacks, fraud or abuse. Your data will then be deleted or anonymised so that it can no longer be linked to you as a person.

IX. DETAILS OF THE PROCESSING OF YOUR PERSONAL DATA

1. PROCESSING OF DATA WHILE BROWSING OUR WEBSITE

When you visit our website, the following technically necessary data is collected and stored in so-called "server log files". Your browser automatically provides us with this information so that our website can be displayed in your browser and so that you can use it:

The IP address of your ISP,
The website from which you visit us and the websites you visit from our website,
Date and time of access and crash information,
Information about the browser and operating system used,
Your email address used to register on our website,
Identification numbers, which are stored in so-called cookies or eTags on your terminal device and which can be used to identify your terminal device on the website,
Page and product views or clicks.

The processing or storage of your access data or your IP address as described above is necessary for technical reasons to ensure and guarantee the security of the system on our website.

The processing or temporary storage of your technical access data is based on our overriding legitimate interest under Article 6(1)(f) of the GDPR, which is to be able to provide you with a technically functional and secure website.

The access data collected when you visit our website will only be stored for the time necessary to achieve the above purposes. The server log files are kept for a maximum of 180 days, after which they are deleted.

2. PROCESSING OF DATA WHEN SETTING UP A USER ACCOUNT

To create your user account, we need your email address and a password of your choice. We also collect the following contact information: your name, your address, your preferred form of address (if you have provided one), your telephone number (if you have provided one).

Your email address serves as the access code to your user account After successful registration, you will automatically receive a confirmation email. You can update all your details at any time in the personal section of your user account ("My Account").

The legal basis for this is Article 6(1)(b) GDPR, according to which the processing of personal data is permitted for the performance of a contract or the performance of pre-contractual measures.

We want to make your visit to our website as pleasant as possible by providing you with a "stay logged in" function. This feature allows you to use our services without having to log in again each time. Technically, a cookie is stored on your device so that you do not have to log in again on subsequent visits to our website. This feature is not available to you if you have deactivated this cookie via the cookie settings or if you have deleted the cookie in your browser settings after logging out of our website.

3. DATA PROCESSING FOR THE PROCESSING OF YOUR ORDER

If you place an order with us, the processing of your data is for the purpose of concluding and executing the contract and processing the order, including payment and delivery.

The legal basis for the related data processing is Article 6(1)(b) GDPR, according to which the processing of personal data is permitted for the performance of a contract or the performance of pre-contractual measures.

We delete your personal data processed in the context of orders at the latest after the expiry of the legal retention obligations or if you have not actively used your user account for more than six years.

3.1. SELECT YOUR PREFERRED PAYMENT METHOD

Depending on the payment method chosen, the data necessary for this will be sent directly to the relevant payment service provider. Your payment data is the responsibility of the relevant payment service provider.

If you do not agree with the payment methods offered, you can notify us in writing by email to service@westwing.si. We will reconsider our decision and take your views into account.

3.1.1. PAYMENT BY CREDIT CARD

When you pay by credit card, we receive a so-called payment ID and the last four digits of your credit card number from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland. These are used to authenticate and allocate your order, so the transfer is for your security. The personal data necessary for the processing of the payment is collected directly by the above-mentioned payment service provider.

The legal basis for the above data processing is Article 6(1)(b) GDPR, according to which the processing is permitted for the performance of a contract, or Article 6(1)(f) GDPR, as our legitimate interest in offering you a secure credit card payment option outweighs the balancing of interests.

3.1.2. APPLE PAY

If you choose the Apple Pay payment method to pay for your purchases directly through your bank account, we will receive the relevant account details from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland . The personal data necessary for the processing and handling of the payment is collected directly by the payment service provider.

The legal basis for the above data processing is Article 6(1)(b) GDPR, under which the processing is permitted for the performance of a contract, or Article 6(1)(f) GDPR, as our legitimate interest in providing you with a secure payment option through Apple Pay outweighs this in the balancing of interests. For more information about data protection with Apple Pay, please visit the Apple Pay website: https://support.apple.com/de-de/101554.

3.1.3. GOOGLE PAY

If you choose the Google Pay payment method to pay for your purchases directly through your bank account, we will receive the relevant account details from our payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, Grand Canal Doc, Dublin, D02 H210, Ireland. The personal data necessary for the processing and handling of the payment is collected directly by the aforementioned payment service provider.

The legal basis for the above data processing is Article 6(1)(b) GDPR, according to which the processing is permitted for the performance of a contract, or Article 6(1)(f) GDPR, as our legitimate interest in offering you a secure payment option with Google Pay prevails in the context of the balancing of interests.

For more information on data protection with Google Pay, please visit the Google Pay website: https://support.google.com/googlepay/answer/9039712?hl=de.

3.1.4 PAYPAL

If you choose the PayPal payment method, the personal data necessary for this (i.e. your name and surname, your delivery address, your email address, your telephone number, the amount to be paid and your IP address) will be sent to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, in order for you to authorise payment to us via PayPal. You will need a PayPal account for this.

The legal basis for the above data processing is Article 6(1)(b) GDPR, according to which the processing of personal data is permitted for the performance of a contract or the performance of pre-contractual measures.

For more information on data protection at PayPal, please visit the PayPal website: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

4. FRAUD PREVENTION

To avoid fraud and non-payment, we manually check for common patterns of fraud and irregularities, partly with the help of a fraud prevention service provided by our cooperation partner Shopify International Limited, Victoria Buildings 1-2, Haddington Road, Dublin 4, D04. For this purpose, order and payment data (e.g. address, item, payment method) as well as device data (e.g. device, browser) are processed. The legal basis is Article 6(1)(f) GDPR based on our legitimate interest to protect against abuse.

If the automated check shows that fraud is suspected, we will notify you of this and inform you of the specific possibility to lodge a complaint with a Westwing employee.

In addition, we may share information about non-debt related behaviour with individual credit reference agencies, such as SCHUFA, in order to prevent fraud (for example, in the case of credit card fraud). We do this in accordance with legal requirements where it is necessary to protect our legitimate interests and the legitimate interests of third parties and there is no reason to believe that your interests or fundamental rights and freedoms require the protection of your personal data. We may also share information with other credit reference agencies, such as SCHUFA, in order to prevent fraud (for example, in the case of credit card fraud). We will do this in accordance with the requirements of the law, where it is necessary to protect our own and third parties' legitimate interests and where there is no reason to believe that your own interest or your fundamental rights and freedoms require protection of your personal data. Processing is therefore carried out for the purpose of fraud prevention pursuant to Article 6(1)(f) GDPR.

5. PROCESSING OF DATA WHEN YOU CONTACT US

5.1. CHANNELS TO CONTACT US

You have several options for contacting us. You can contact our customer service through the following communication channels:

on the phone,
with a letter,
by email,
or via the contact form.

In order to process your request, we collect your name, email address, telephone number, customer, order and item number and any other information you provide to us, depending on the communication channel you use to contact us.

The legal basis for this is Article 6(1)(b) GDPR, according to which the processing of data is necessary for the performance of a contract, or Article 6(1)(f) GDPR, which is based on our legitimate interest in processing queries from visitors to our website.

5.2. OUR ZENDESK CUSTOMER SERVICE SYSTEM

We use the Zendesk customer service system to process your contact requests. The service provider is Zendesk, Inc, 1019 Market Street, San Francisco, CA 94103 USA.

We use Zendesk to process customer enquiries quickly and efficiently. Please note that you can also send enquiries by entering your email address without providing your name.

As we have entered into an order processing agreement with Zendesk, Zendesk may only process your personal data in accordance with our instructions and in compliance with the GDPR.

Your data may be transferred to and stored on Zendesk's servers in the USA. The legal basis for this is the European Commission's Implementing Decision of 10 July 2023 on adequacy (the so-called "Data Privacy Framework") pursuant to Article 45 of the GDPR and the so-called "Binding Corporate Rules (BCR)" approved by the Irish Data Protection Authority. These are binding BCRs that facilitate the lawful internal transfer of data to third countries outside the EU and EEA. Details can be found here: https://www.zendesk.fr/blog/update-privacy-shield-invalidation-european-court-justice/?_gl=1*1ybyvqt*_gcl_au*ODc2NzY0OTM3LjE3MzQ2MjQ1NzY.*_ga*MTI4NjAzMTcyMi4xNzM0NjI0NTcz*_ga_FBP7C61M6Z*MTczNDYyNDU3Mi4xLjEuMTczNDYyNDU4Ny40OS4wLjA.

The legal basis for the processing of data by Zendesk is our legitimate interest under Article 6(1)(f) GDPR. If you do not agree to Zendesk processing your request, you can contact us by email or telephone.

Further information is available in Zendesk's privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.

6. PROCESSING OF DATA FOR ADVERTISING PURPOSES

6.1. SENDING ADVERTISING E-MAILS

If you have consented to this, Westwing will send you regular Westwing Newsletters by email to inform you about the latest home and living trends, indispensable home and living styles, highlights from Westwing online and retail stores, special offers or "sale of the day" and "sale of the week" ("Newsletters"). For details, please refer to section 6.1.1.

If you agree, you will also receive email notifications from us about personalised benefits such as coupons or special promotions, reminders about products in your shopping basket, reviews of Westwing products you have purchased and opinion polls about Westwing or its services ("Notifications"). Please also refer to section 6.1.1 for details.

If you have already purchased a product or service from us and have not objected to receiving it, you will also receive promotional emails from us about similar products and/or services. Please refer to section 6.1.2 for details.

6.1.1. SENDING ADVERTISING EMAILS BASED ON YOUR CONSENT

If you have given your consent on our website ticking the check box, we will send you newsletters and/or notifications by email.

Please note, however, that we will only send you news and/or announcements by email if you have explicitly confirmed that you wish to receive the relevant emails by clicking on the button above. The corresponding button will be sent to you in a notification email after we have received your consent at the email address you have provided (the so-called "double opt-in procedure"). This serves to prevent abuse by third parties who could use your email address to subscribe to Westwing newsletters or notifications without your consent. The legal basis for the double opt-in procedure is Article 6(1)(f) GDPR, as we have an overriding legitimate interest in preventing such abuse and documenting your consent.

The relevant legal basis under data protection law for the processing of your personal data in connection with the sending of the above-mentioned marketing emails is your consent in accordance with Article 6(1)(a) GDPR

You may withdraw your consent at any time with effect for the future as follows:

Click on the unsubscribe link at the end of our promotional emails and you will be redirected (depending on whether you want to unsubscribe from newsletters or email notifications) to the newsletter or notification management section of your user account (together with "Manage promotional emails"). There, you can simply tick the boxes of the newsletters or notifications you no longer wish to receive.

If you prefer, you can also log in to your user account and then click on the "My Newsletters" or "My Notifications" tab (depending on the type of email you want to unsubscribe from) and unsubscribe from the relevant newsletters or notifications you no longer wish to receive in the aforementioned News Management or Notification Management by unticking the relevant checkbox.

You can withdraw your consent to receive newsletters and/or notifications and unsubscribe from receiving relevant promotional emails by sending an email to service@westwing.si.

By ticking or unticking the box above, you can decide individually if, when or how often you would like to receive newsletters or email notifications, depending on which news you are interested in or which notification you find useful and how often you would like to receive the newsletter or notification.

Please note that we use standard marketing technologies to measure the open rates of emails and/or links you click on in our marketing emails. We use this information for general statistical evaluations and to optimise and further develop our content and customer communications. We do this by means of small graphical elements embedded in the newsletter (so-called pixels). The legal basis for this is our legitimate interest in optimising and further developing our content and customer communication (Article 6(1)(f) GDPR). If you do not wish to have this analysis of your usage behaviour, you can opt out of receiving advertising messages at any time or disable the display of images in your email program by default.

We send our newsletters and notifications via the postal service provider Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 Munich, Germany ("Mapp"). Mapp has been contracted to process orders for the processing of personal data in accordance with Article 28 of the GDPR. Further information can be found in Mapp's privacy policy. https://mapp.com/de/privacy/.

6.1.2. SENDING YOU EMAILS ADVERTISING PRODUCTS AND SERVICES THAT MAY BE OF INTEREST TO YOU BASED ON YOUR PREVIOUS PURCHASING BEHAVIOUR

If you have provided your email address when purchasing a product or service from our online shop, we will send you offers and information about products and services in our range that may be of interest to you because you have already purchased similar products and services from Westwing. In addition, we will send you product evaluation surveys and feedback surveys asking you about your satisfaction with the products you have purchased or the services you have used (e.g. our customer service). However, such promotional emails will only be sent if you have not objected to receiving them - notwithstanding our relevant notice under the buy button.

The relevant legal basis under data protection law for the processing of your personal data is our legitimate interest under Article 6(1)(f) GDPR in conjunction with the relevant national law.

You can also opt-out of receiving relevant advertising emails at any time by simply clicking on the unsubscribe link at the end of our advertising emails. If you wish, you can log in to your user account and unsubscribe via the management of advertising emails (see section 6.1.1.). You can also subsequently object to receiving the relevant advertising emails by sending an email to service@westwing.si.

6.2. SENDING NEWS VIA WHATSAPP

We also allow you to receive our news via WhatsApp. We use WhatsApp Business to send you news via WhatsApp.

For this purpose, we cooperate with our processors charles GmbH, Gartenstraße 86-87, 10115 Berlin, Germany, and Braze, Inc, 318 West 39th Street, 5th Floor, New York, New York 10018, USA, ("Braze").

Your use of WhatsApp is subject to the data protection provisions of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These stipulate, among other things, that every WhatsApp message is encrypted from start to finish and therefore protected from access by third parties.

The legal basis for the processing of your data by Westwing is Article 6(1)(a) GDPR, as you have consented on our website and confirmed in a WhatsApp message that you would like to receive news, i.e. news about new products and interior trends, via this channel. You can withdraw your consent at any time with effect for the future by sending a "Stop" message.

Westwing is committed to complying with the WhatsApp Business Privacy Policy, which can be found here: https://business.whatsapp.com/privacy-protections.

7. PROCESSING OF DATA FOR COMMUNICATION WITH YOU ON OUR WEBSITE AND THROUGH OUR APP

We use the service provider "Braze " to communicate with you on our website and in our app. For this purpose, we show you so-called "interaction overlays", for example.

Braze is also used to send push notifications in our app.

For this purpose, Braze processes the following personal data, among others: your IP address, device-related data such as device type, model, operating system, browser type and version, usage-related data such as time of use, name, email password, Braze SDK interaction and messaging data, installation ID, device ID.

The legal basis for the processing of your personal data is Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future. The easiest way to withdraw your consent is through our cookie consent manager.

More information on Braze's data protection compliance can be found here: https://www.braze.com/privacy/.

8. PROCESSING OF DATA FOR PARTICIPATION IN

If you participate in competitions, we will only process the data necessary for the performance of the competitions (Article 6(1)(b) GDPR). Please note the relevant data protection information in the terms and conditions of participation for each competition.

9. PROCESSING OF DATA WHEN USING SOCIAL MEDIA ON FAN PAGES

Westwing is active and present on social media and platforms to communicate with stakeholders and users and to keep them informed about further Westwing offers. In below we provide you with an overview of the processing and use of your personal data when you visit our social media accounts:

9.1. FACEBOOK AND INSTAGRAM

We operate "fan pages" on Facebook and Instagram with Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to communicate with our followers (such as our customers and interested parties) and to keep them informed about our products, competitions and other promotions.

Using meta statistics on the use of our "Fan Pages" (e.g. information about the number, names, interactions such as likes and comments, and aggregated demographic and other information or statistics; "Insight Data"), we obtain information about how our "Fan Pages" are used, what interests visitors have in our "Fan Pages", and which topics and content are particularly popular, so that we can optimize the content of our "Fan Pages" and tailor it to our users' interests. The Insights Data contains only statistical, depersonalised information about visitors to the "Fan Pages" and cannot therefore be attributed to a specific person. For more information on the type and scope of these statistics, please see the notes on the meta statistics of the pages. Further information on the respective responsibilities and the processing of your data by Meta can be found at the following websites: https://www.facebook.com/legal/terms/information_about_page_insights_data, https://help.instagram.com/1533933820244654.

Please note that we have no influence on the processing of data carried out by Meta under its own responsibility in accordance with the Facebook and Instagram Terms of Service. However, we would like to point out that when you visit the "Fan Page", data about your usage behaviour is transferred from Facebook/Instagram and the "Fan Page" to Meta. Meta itself processes your personal data for the purposes of compiling the above statistics and for its own market research and advertising purposes. We do not have access to this data.

If we receive personal data about you when we operate a fan page, you have the rights set out in this privacy policy. If you wish to exercise other rights outside of this with Facebook, you can contact Facebook directly. We will be happy to assist you in exercising your rights as far as possible and to forward your requests to Meta.

The legal basis for this data processing is Article 6(1)(f) of the GDPR based on our legitimate interest as stated above to provide you with our Facebook "fan pages" for marketing and advertising purposes.

For more information, please see Meta's privacy policy at: https://de-de.facebook.com/policy.php/.

9.2 YOUTUBE

We use so-called "plug-ins" of the YouTube platform to integrate our videos and make them publicly available. YouTube is a service provided by a third party that is not affiliated with us, namely YouTube LLC, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; ("Google").

When you access our YouTube channel, your browser connects to YouTube and downloads information. The integration of YouTube content only takes place in so-called "extended data protection mode". This mode is provided by YouTube itself and, according to its own information, ensures that YouTube user data (e.g. cookies) are only stored on the device when the video(s) are played. When you access the videos in question, your IP address, unique identifiers, browser type and settings, the type and settings of your terminal device, operating system, mobile network information such as the name of your mobile network provider and phone number, and the version number of the app are transmitted to YouTube. YouTube also collects information about the interaction of your apps, browsers and devices with its services. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether or not you view a video. The data transmitted includes the IP address, crash reports, system activities as well as the date, time and reference URL of your request. In addition, YouTube collects data about your activities (e.g. terms you search for, videos you watch, etc.) All data about you collected via our YouTube channel is processed by YouTube. According to YouTube, this data is used, among other things, to collect statistics about videos, improve user-friendliness and prevent abuse. YouTube also uses cookies to collect information about user behaviour. You can prevent the storage of these cookies by using the appropriate browser settings and extensions. If you are logged in to your YouTube account, you allow YouTube to attribute your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.

In addition, we occasionally integrate videos stored on YouTube directly into our website using so-called plug-ins. This integration allows content from YouTube to be displayed in parts of the browser window. However, YouTube videos are only called up by clicking on them separately. This technique is also known as 'framing'. If you call up a (sub)page of our website where YouTube videos are integrated in this format, a connection is established with the YouTube servers and the content is displayed on the website with a notification from your browser. We have no influence on the scope and content of the data that is transmitted to YouTube and possibly to other YouTube partners by activating the plug-in. Among other things, the YouTube server is informed about which of our pages you have visited.

You can find out more about the information YouTube receives and how it uses it in YouTube's privacy policy at: https://policies.google.com/privacy.

9.3 TIKTOK

We publish short videos ("Reels") on the TikTok platform and TikTok app to advertise our products and our online shop. If you visit the TikTok website or TikTok app, TikTok Inc, 10100 Venice Blvd, Culver City, CA 90232, USA ("TikTok") collects and processes your personal data.

TikTok makes some of this data available to TikTok profile owners in an anonymised and aggregated form, such as the number of new followers, demographic data such as gender and country, without reference to identifiable persons. Westwing is therefore unable to identify any visitor to a TikTok profile. As the owner of this profile, Westwing also receives anonymised statistical data from TikTok (so-called "Insights data"). No conclusions can be drawn about the visitor in question on the basis of this data. We use the statistical data exclusively to analyse user behaviour in order to better tailor the TikTok profile and our offer to the needs and interests of our visitors.

The use of your data provided to us by TikTok is based on our legitimate interest in accordance with Article 6(1)(f) of the GDPR to carry out data analysis and statistical logging of the use of our TikTok profile, to optimise our offer for you, to market our posts and videos on our website and to continuously improve and manage our offer and our products.

Further information on TikTok's data processing can be found in TikTok's privacy policy at: https://www.tiktok.com/legal/privacy-policy?lang=de.

9.4 PINTEREST

We manage a Westwing account on Pinterest and the Pinterest app, where we post inspiration on home and living topics and advertise our products. Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103, USA ("Pinterest") is responsible for the Pinterest Services.

When you sign up for an account, Pinterest processes your data such as name, email address, phone number, photos, pins and comments. In addition, Pinterest collects and processes your IP address, which is used to approximate your location if you choose to share your exact location, and other Internet and electronic network activities (including which "pins" you click, which "boards" you create, and what text you add to a comment or description).

The legal basis for this data processing is Article 6(1)(f) GDPR based on our legitimate interest in providing you with our Pinterest platform for marketing and advertising purposes.

For more information, visit https://policy.pinterest.com/en/privacy-policy.

11. PROCESSING OF DATA BY SHOPIFY

We work with Shopify International Limited, Victoria Buildings 1-2, Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify") to provide our online shop and process your payments. Shopify enables us to operate our online shop through Shopify's cloud computing infrastructure and also processes payments for us.

Your data may be transferred to and stored on Shopify Inc. servers in the USA and/or Canada. The legal basis for this is the so-called EU standard contractual clauses or the European Commission's Implementing Decision on adequacy of 10 July 2023 (the so-called Data Privacy Framework) pursuant to Art. 45 GDPR.

Shopify is used to provide our online store and process your payments. The legal basis is therefore our legitimate interest within the meaning of Article 6(1)(f) GDPR or the performance of your contract within the meaning of Article 6l(1)(b) GDPR.

Shopify acts as our processor or controller, depending on the processing activity.

Further information about Shopify's data processing and data protection is available at https://www.shopify.com/legal/privacy.

X. COOKIES AND SIMILAR TECHNOLOGIES

We use so-called cookies and similar technologies (such as so-called "web beacons", "pixels", "tags") on our website and in our app.

Web beacons are small GIF files that can be hidden in other graphics, emails and so on. Web beacons can identify your computer and assess your user behaviour, such as responses to advertising campaigns. The information collected by web beacons cannot be used to identify you.

Cookies are small text files that are downloaded by an internet server to your browser and stored on your browser's hard drive. There are so-called "session cookies", which are deleted as soon as you close your browser, and so-called "persistent cookies", which are stored on your device for a longer period of time or indefinitely. A cookie contains a characteristic string of characters that allows your browser to uniquely identify you when you return to a website. This helps us to personalise our offerings, make them more user-friendly, efficient and secure, and enable us to provide certain features.

You can specify which cookies you want to allow at any time under the "Cookie settings" button in our cookie consent manager. This does not include strictly necessary cookies that provide essential functions of the website and our app.

There are basically four different categories of cookies:

1. STRICTLY NECESSARY COOKIES

Strictly necessary cookies enable basic functions and are necessary for the proper functioning of the website and our application. For example, they are used to process orders or to allow you to remain logged in as a registered user when you access various subpages of our website and our app. In addition, these cookies prevent you from having to re-enter your login details each time you access a new page.

The legal basis for the use of strictly necessary cookies on our website and in our app is our legitimate interest in the technically sound and user-friendly provision of our website and our app (Article 6(1)(f) GDPR). The use of strictly necessary cookies is possible and legally permissible without your prior consent.

If you do not want your device to be recognised on your next visit, you can also refuse the use of such cookies by changing your browser settings to "Reject cookies". Please refer to your browser's user guide for the relevant procedure. By setting your browser accordingly, you will be informed of the setting of cookies and can allow cookies only in individual cases or exclude the acceptance of cookies for certain cases or in general. It is also possible to activate the automatic deletion of cookies when you close your browser.

If you refuse the use of certain cookies, the use of some parts of our website and our app may be restricted.

2. FUNCTIONAL COOKIES

Functional cookies allow us to store information that you have already entered (for example, your registered name) and to offer you enhanced and personalised features. If you do not allow these cookies, some of these services may not work properly.

The processing in question is based on your consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future, preferably via the cookie consent manager.

3. COOKIES FOR PERFORMANCE MEASUREMENT

Performance measurement cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. The data collected by cookies allows us to understand, among other things, which areas are the most popular, which are the least popular and how visitors move around our website. All information collected by these cookies is aggregated and cannot be easily attributed to you.

The processing of data is carried out on the basis of your consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future, most easily via the cookie consent manager.

4. ADVERTISING COOKIES AND SIMILAR TECHNOLOGIES

Advertising cookies and similar technologies (e.g. "pixels") allow us to show you personalised and therefore relevant advertising content and to measure the effectiveness of our advertising measures.

Advertising cookies and similar technologies are not only placed on our website, but also on other (advertising) partner websites ("third-party cookies"). This so-called "retargeting" is used to place relevant advertising on other websites and to analyse relevant target groups of products and services.

The processing of your data is based on your consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future, most easily via the cookie consent manager. If you do not allow these cookies, you will be shown fewer advertisements that are relevant to you.

5. DETAILS OF THE COOKIES WE USE

5.1. REQUIRED COOKIES

5.1.1. GOOGLE RECAPTCHA

We use the "Google reCAPTCHA" service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") for persons in the European Economic Area and Switzerland.

This service can be used to distinguish whether an entry was made by a natural person or whether it was tampered with by machine and automated processing.

When you use the service, your IP address and any other data required by Google for the reCAPTCHA service is transmitted to Google.

This data is processed on the basis of our legitimate interest in exercising our personal responsibility on the Internet and preventing abuse and spam (Article 6(1)(f) GDPR).

The data can be transferred to and stored on Google's servers in the US. The legal basis for this is the European Commission's Implementing Decision on adequacy of 10 July 2023 (the so-called Data Privacy Framework) pursuant to Article 45 GDPR or Article 49(1)(a) GDPR in conjunction with your consent.

For more information about Google reCAPTCHA and Google's privacy policy, please visit: https://www.google.com/intl/de/policies/privacy/.

5.1.2. ONE TRUST

We work with our service provider, OneTrust, LLC, 1350 Spring St NW, Atlanta, GA 30309 ("OneTrust"), to obtain and manage your consent. We do this through our cookie consent manager or cookie banner, which appears when you first visit our website or app and informs you about the processing of data or specifically about cookies and other technologies on our website and app, and allows you to opt-out of or accept the setting of particular cookies and other technologies.

You can also call up the cookie banner again and change your choice. In addition, the cookie banner will appear when you visit our website and our app if you have deactivated the storage of cookies or if OneTrust has deleted or expired cookies.

In particular, your consents or cancellations, your IP address, browser and terminal device data at the time of your visit are transmitted to OneTrust and stored on your terminal device.

The relevant legal basis is Article 6(1)(f) GDPR, as we have a legitimate interest in complying with the legally required documentation of your consent cookies and cookie management.

The relevant data may be transferred to and stored on OneTrust's servers in the USA. The legal basis for this is the European Commission's adequacy implementing decision of 10 July 2023 (the so-called Data Privacy Framework) pursuant to Article 45 of the GDPR.

5.2. FUNCTIONAL COOKIES

5.2.1. VIMEO PLUGINS

We use, among other things, the "Vimeo" service of Vimeo LLC, 555 West 18th Street, New York 10011, USA ("Vimeo") to integrate videos.

Vimeo uses so-called "plugins" for this purpose. When you call up web pages equipped with such plugins, a connection is established with Vimeo's servers and information is transmitted about which of our web pages you have visited. If you are logged in to Vimeo, Vimeo assigns this information to your personal user account. When you use a plug-in, e.g. by clicking on the start button of a video, this information is also assigned to your personal user account.

The relevant data may be transferred to and stored on Vimeo's servers in the USA. The legal basis for this is the European Commission's Implementing Decision on adequacy of 10 July 2023 (the so-called Data Privacy Framework) pursuant to Article 45 GDPR or Article 49(1)(a) GDPR in conjunction with your consent.

The legal basis for the processing of your data is your consent, Article 6(1)(1)(a) GDPR. This means that we will not use this service if you have not consented to its use. You can withdraw your consent at any time with effect for the future, most easily via our cookie consent manager.

Further information on data processing and Vimeo's data protection notes are available at https://vimeo.com/privacy.

5.2.2 ALGOLIA

We use the Algolia service of Algolia SAS, 55 Rue d'Amsterdam, 75008 Paris, France ("Algolia") to search and index the content on our website and app. For this purpose, your IP address and your search queries are transmitted to the Algolia server.

Algolia also prepares reports for us with relevant evaluations and search analyses.

In this respect, Algolia helps us to improve the search for our offers, the search experience and the satisfaction of our customers.

The legal basis for the processing of your data is your consent, Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future, which is easiest to do via our cookie consent manager.

For more information, please refer to Algola's privacy policy: https://www.algolia.com/policies/privacy.

5.3. PERFORMANCE COOKIES, E.G. GOOGLE ANALYTICS WITH TRACKING

We use "Google Analytics", Google's web analytics service that, among other things, sets pixel cookies and performance cookies to store information on your end device.

This allows us to attribute data, sessions and interactions across multiple devices to a pseudonymous user ID to analyse your usage behaviour across devices and improve our website and app and make them more engaging for you. For this purpose, we also receive statistics from Google about your use of our website and app.

Google Analytics 4 also uses artificial intelligence to automatically analyse and enrich your data. This is mainly done to generate predictions about the future behaviour of visitors to websites and apps based on structured event data (e.g. predicted sales, likelihood to buy and likelihood to leave). These predictive values can also be used to target groups according to the predictions. Read more: https://support.google.com/analytics/answer/9846734?hl=de

Google Analytics 4 also models conversions if there is not enough data available to optimise the data analysis. For more details, see: https://support.google.com/analytics/answer/10710245?hl=de.

Google Analytics 4 does not log or store individual IP addresses. However, Google Analytics 4 provides rough geolocation data by extracting the following metadata from IP addresses: (and assumed latitude and longitude of the city), continent, country, region, subcontinent (and ID-based equivalents). For traffic within the EU, the IP address data is used solely to derive geolocation data before being deleted immediately. The data is not logged, not accessible and not used for any other purpose.

The data can be transferred to and stored on Google's servers in the US. The legal basis for this is the European Commission's adequacy implementing decision of 10 July 2023 (the so-called Data Privacy Framework) pursuant to Article 45 GDPR Article 49(1)(a) GDPR in conjunction with your consent. Due to the activation of IP anonymisation on this website, your IP address will be truncated before being sent to the USA or EU member states or EEA contracting states. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be combined with other Google data. The legal basis for the processing of your data is your consent, Art. 6 (1) (a) GDPR: . This means that we do not use these services unless you have consented to the use of Google Analytics with conversion tracking. You can withdraw your consent at any time with effect for the future, most easily via our cookie consent manager.

You can also prevent Google from collecting and processing your data (including your IP address) by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete cookies in this browser, you will need to set the opt-out cookie again.

Further details on the processing of data in Google Analytics with conversion tracking are available at: http://www.google.com/analytics/terms/de.html, http://www.google.com/intl/de/analytics/learn/privacy.html and http://www.google.de/intl/de/policies/privacy.

5.4. ADVERTISING COOKIES AND SIMILAR TECHNOLOGIES

5.4.1. TARGET GROUP / META PIXEL

We use a "custom audience" on our website with a so-called "pixel feature" ("Meta Pixel") and a "server-side conversion API" operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta") for visitors outside the USA and Canada.

This allows us to show you interest-based advertising when you visit Facebook and Instagram or other Meta apps and websites, and to monitor the effectiveness of our advertising. Through the meta pixels embedded on our website, your browser automatically connects to Meta's servers for extended embedded meta pixel matching. This provides Meta with information, for example, that you have clicked on a particular advertisement or product on our website, which in turn enables us to serve you advertisements on our website or on other websites based on your interests.

If you are registered with Meta, Meta can attribute your visit to the website to your user account, as your personal data in the form of email and IP address is transmitted to Meta via pixel in a condensed (hashed) form and partially supplemented with existing tracking data. Information about the country in which you are located is also provided. Even if you are not registered on Facebook or Instagram or have not logged in, it is possible that Meta will become aware of your personal data as described above and use it to create a profile. The data in question may be transferred to and stored on the servers of Meta Platforms, Inc. in the USA. The legal basis for this is the European Commission's implementing adequacy decision of 10 July 2023 (the so-called Data Privacy Framework) pursuant to Article 45 GDPR or Article 49(1)(a) GDPR in conjunction with your consent.

The legal basis for the processing of your data is your consent, Article 6(1)(a) GDPR. This means that we do not use these services if you have not consented to the use of Facebook's custom target groups or pixels. You can withdraw your consent at any time with effect for the future, most easily via our consent manager. In addition, if you are logged in to your Facebook account, you can also object to the processing of your data via the following link: https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu.

Further information, in particular about the joint management between us and Meta and the purpose and scope of data processing by Meta, as well as the settings options to protect your privacy, is available in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

5.4.2. PINTEREST TAG

To further optimise our Pinterest campaigns and measure their performance, we use the Pinterest "Pinterest Tag" social networking service offered to visitors from the European Economic Area by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest").

We use the Pinterest tag together with a server-side conversion API to serve ads on Pinterest only to Pinterest users who have shown an interest in our offer. This also ensures that the content of our ads is highly likely to match the interests of the user in question. We may also monitor the behaviour of Pinterest users who have clicked on one of our ads. For this purpose, Pinterest processes the data collected by the service on our websites and in our app using cookies, web beacons and comparable storage technologies.

When you use the service, the following information is processed: device data (e.g. type, make), the operating system used (e.g. iOS 11), the IP address of the device used, the time of access to our offer, the type and content of the campaign and the response to each campaign (e.g. a click on a button), as well as device identifiers, which are made up of the individual characteristics of your end device. We may also use these device identifiers to identify your device on the Site. The information collected in this way is anonymous to us and does not allow us to infer your identity. If you log in to your Pinterest account after visiting our website or if you visit our website while logged in, it is possible that this data will be stored and processed by Pinterest, which we would like to inform you about. Pinterest may also be able to link this data to your Pinterest account and use it for its own advertising purposes.

The data concerned may be transferred to and stored on the servers of Pinterest, Inc. in the USA. The legal basis for this is the so-called EU standard contractual clauses in connection with your consent.

The legal basis for the processing of your data is your consent, Article 6(1)(a) GDPR. This means that we will not use this service if you have not consented to the use of Pinterest's hashtag. You can withdraw your consent at any time with effect for the future, most easily via our consent manager.

For more information on the purpose and scope of the data processing and the privacy protection settings, please refer to Pinterest's privacy policy, which can be accessed via the following link: https://policy.pinterest.com/de/privacy-policy.

5.4.3. MICROSOFT BING ADS

We use the "Microsoft Bing Ads" conversion tracking service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, to track conversions on our website.

Microsoft Bing Ads places a cookie on your computer if you have come to our website via a Microsoft Bing ad. This allows us to recognise that you have clicked on an ad and been redirected to our website. This helps us understand how effective a particular advert is. However, we only receive information about total number of users who clicked on a Bing ad and were then redirected to our website. Information about the identity of the user is not passed on.

The relevant data can be transferred to Microsoft servers in the US and stored there. The legal basis for this is the European Commission's Implementing Decision on adequacy of 10 July 2023 (the so-called Data Privacy Framework) pursuant to Article 45 GDPR or Article 49(1)(a) GDPR in conjunction with your consent.

The legal basis for the processing of your data is your consent, Article 6(1)(a) of the GDPR. This means that we will not use this service if you have not consented to its use. You can withdraw your consent at any time with effect for the future, most easily via our cookie consent manager.

Further information on data processing and cookies used by Bing Ads is available at: https://privacy.microsoft.com/de-de/privacystatement.

5.4.4. GOOGLE ADS (FORMERLY ADWORDS) AND CONVERSION TRACKING

We use the "Google Ads" and "Google Conversion Tracking" services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to persons in the European Economic Area and Switzerland.

This allows us to publish Google ads and take your interests and location into account.

When you click on a Google advert, a cookie is temporarily placed on your computer to allow us to recognise that you have clicked on an advert and have been redirected to that page.

The conversion statistics generated from this help us to know the total number of users who clicked on the ad and were redirected to the page with the conversion tracking tag. However, we do not receive any information that can be used to personally identify users.

If you have a Google Account, Google may link your web and app browsing history to your Google Account and use the information from your Google Account to personalise your ads, depending on the settings stored in your Google Account. If you do not want this assignment to your Google account, you must log out of Google before visiting our website. You can also prevent the setting of relevant cookies by changing the settings in your browser software or on the Google website.

The relevant data can be transferred to and stored on Google's servers in the US. The legal basis for this is the European Commission's Implementing Decision on adequacy of 10 July 2023 (the so-called Data Privacy Framework) pursuant to Article 45 GDPR or Article 49(1)(a) GDPR in conjunction with your consent.

For more information about Google Ads and Conversion Tracking and Google's privacy policy, please visit https://www.google.com/privacy/ads and https://policies.google.com/privacy.

5.4.5. GOOGLE DYNAMIC REMARKETING

We also use the "Google Dynamic Remarketing" remarketing feature. This service is used to serve interest-based ads on other websites after you have visited our website. The ads are based on the products and services you clicked on during your last visit to our website. For this purpose, Google sets cookies that are temporarily stored on your browser. Google only stores information such as your web request, IP address, browser type, browser language, date and time of your request.

If you have a Google Account, Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads, depending on the settings stored in your Google Account. If you do not want this assignment to your Google account, you must log out of Google before visiting our website. You can also prevent the setting of relevant cookies by changing the settings in your browser software or on the Google website.

For more information about Google Dynamic Re-targeting and Google's privacy policy, please visit https://www.google.com/privacy/ads and https://policies.google.com/privacy.

5.4.6. GOOGLE AD MANAGER (FORMERLY DOUBLECLICK)

We also use Google Ad Manager (formerly Doubleclick). This service uses cookies, pixels and other technologies to present you with ads that are tailored to your interests based on your previous visits to our website or other websites. It also allows us to monitor the performance of our advertising campaigns. Google also processes relevant data to optimise its products and services, in accordance with its own statement.

If you have a Google Account, Google may link your web and app browsing history to your Google Account and use the information from your Google Account to personalise your ads, depending on the settings stored in your Google Account. If you do not want this assignment to your Google account, you must log out of Google before visiting our website. You can also prevent the setting of relevant cookies by adjusting the settings in your browser software or on the Google website.

For more information about Google Ad Manager and Google's privacy policy, please visit https://www.google.com/privacy/ads and https://policies.google.com/privacy.

5.4.7. YOUTUBE IN EXTENDED DATA PROTECTION MODE

We use, inter alia, YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA ("YouTube") to embed videos on our website. When you visit our website with videos embedded by YouTube, your browser establishes a direct connection to YouTube's servers in order to display the content to you. The content you access may be recorded by your browser. If you are logged in to your YouTube account, YouTube can attribute your usage behaviour to your personal profile. You can prevent this by logging out of your YouTube account before visiting our website.

The relevant data may be transferred to YouTube servers in the US and stored there. The legal basis for this is the European Commission's Implementing Decision on adequacy of 10 July 2023 (the so-called Data Privacy Framework) pursuant to Article 45 GDPR or Article 49 (1) a) GDPR in conjunction with your consent.

For more information about YouTube's data processing, please refer to YouTube's privacy policy at: https://policies.google.com/privacy?hl=de&gl=de.

5.4.8 SEGMENT

We also use the "Segment" service of Segment Inc, 101 15th St San Francisco, CA 94103, USA ("Segment").

Segment collects and stores information from you that can be used to create usage profiles using pseudonyms. These usage profiles are used to analyse your usage behaviour and are evaluated to improve our offer to you. Cookies may be used for this purpose to enable us to recognise you when you revisit our website. Pseudonymised user profiles are not combined with personal data about the pseudonym holder.

The relevant data may be transferred to Segment's servers in the USA and stored there. The legal basis for this is the European Commission's Implementing Decision on adequacy of 10 July 2023 (the so-called Data Privacy Framework) pursuant to Article 45 GDPR or Article 49(1)(a) GDPR in conjunction with your consent.

For more information, see Segment's privacy policy: https://segment.com/docs/legal/privacy/.

5.4.9 HOTJAR

We use the web analytics service "Hotjar" of Hotjar Limited, Dragonara Road, Paceville St. Julian's STJ 3141, Malta ("Hotjar").

Hotjar uses cookies and other technologies to analyse and evaluate your usage behaviour and your interaction with our website. This helps us to optimise your user experience on our website by enabling us to better understand our users' experience on our website (e.g. clicks, scrolling, mouse movements).

Your IP address is truncated before the usage statistics are analysed, so that no direct conclusions can be drawn about your identity.

For more information, please visit the "About Hotjar" section of the website https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotja.

5.4.11. BRAZE

We use the web analytics service "Braze" from Braze, Inc, 318 West 39th Street, 5th Floor, New York, New York 10018, USA ("Braze") to communicate with you on our website and app and to understand how our mobile content works and is used on your device. For example, we display pop-up windows with the option to interact.

Braze is also used to send push notifications in our app and on our website.

We also use Braze to send you personalised promotions and information about our products, tailored to you.

We'll also notify you via Brazejo about products you've forgotten in your shopping basket.

The data in question may be transferred to Braze's servers in the USA and stored there. The legal basis for this is the European Commission's Implementing Decision of 10 July 2023 on adequacy (the so-called Data Privacy Framework) pursuant to Article 45 GDPR or Article 49(1)(a) GDPR in conjunction with your consent.

More information on Braze's data protection compliance can be found here: https://www.braze.com/privacy/.

5.4.11. CRITEO

We also use the "Criteo" remarketing tool from Criteo, SA, 32 Rue Blanche, 75009 Paris, France, on our website and app to show you tailored product ads on partner websites and apps that may be of interest to you based on the products you clicked on our website or app. To do this, Criteo associates the above information about your previous browsing behaviour with a unique identifier, such as an identifier cookie or other similar technology (e.g. mobile advertising identifiers and non-cookie based technologies).

Criteo and Westwing act as joint controllers within the meaning of Article 26 of the GDPR.

The legal basis under data protection law is your consent in accordance with Article 6(1)(a) GDPR. You can withdraw this consent at any time with effect for the future - most easily via our Cookie Consent Manager or at the following link: https://www.criteo.com/de/privacy/disable-criteo-services-on-internet-browsers/ - withdraw consent.

If Criteo transfers personal data to non-EU or non-EEA countries, it will do so on the basis of an adequacy decision by the European Commission pursuant to Article 45 GDPR or on the basis of appropriate data protection safeguards pursuant to Article 46 GDPR, such as the conclusion of EU standard contractual clauses.

For more information about Criteo's processing of your data, please visit: http://www.criteo.com/de/privacy.

5.4.12. KLEAR

We use the influencer marketing service "Klear" provided by Meltwater Deutschland GmbH, Jannowitz Center, Brückenstrasse 6, 10179 Berlin. This allows us to set up influencer marketing programmes and to measure and analyse influencer campaigns. Klear uses cookies to monitor the performance of campaigns on our website.

These analyses help us, among other things, to find social influencers by region, language, industry, hashtag and previous engagements, and to make data-driven decisions about our influencer marketing strategy.

More information is available here: https://klear.com/legal/cookies; https://klear.com/legal/privacy-notice-for-influencers.

5.4.13. GOOGLE CUSTOMER MATCHING

We also use Google's "Google Customer Match" service, which allows us to serve interest-based advertising to visitors to our website based on their previous browsing behaviour on our website and third party websites, apps and emails.

The legal basis for the processing of your data is your consent, Article 6(1)(a) GDPR This means that we will not use this service unless you have consented to its use. You can withdraw your consent at any time with effect for the future, most easily via our cookie consent manager. If you wish to prevent receiving interest-based advertising from Google Customer Match, you can also opt-out of receiving interest-based advertising from Google Customer Match via the following websites: http://www.networkadvertising.org/choices/; http://www.youronlinechoices.com/.

More information about Google's data protection compliance can be found here: https://support.google.com/google-ads/answer/6334160?sjid=2821624592503930728-EU.

5.4.14. LEAD FORENSICS

We also use a B2B sales and marketing tool from Lead Forensics, a UK based company, Communication House, 26 York Street, London, W1U 6PZ, United Kingdom ("Lead Forensics").

Lead Forensics uses a tracking code to identify companies that visit our website based on their business IP addresses. The Lead Forensics tracking code only collects information that is available in the public domain. The information in question is not used to personally identify an individual visitor. The collected IP addresses are anonymised immediately after storage.

Lead Forensics does not provide us with IP addresses. It only provides us with information about which companies have visited our website and the date and duration of their visit. This information allows us to analyse the use of our website and possibly contact these companies.

The information generated by the Lead Forensics tracking code is transferred to Lead Forensics servers in the UK, where it is processed and stored. The legal basis for this is the European Commission's adequacy decision of 10 July 2023 (the "Data Privacy Framework") under Article 45 GDPR or Article 49(1)(a) GDPR in conjunction with your consent.

The legal basis for the processing of your data is your consent, Article 6(1)(a) GDPR. This means that we will not use this service if you have not consented to its use. You can withdraw your consent at any time with effect for the future, most easily via our cookie consent manager. If you wish to opt-out of being tracked, you can also use the following link: https://optout.leadforensics.com/?clientID=786109.

5.4.15. TIKTOK ADS

We use the "TikTok Ads" service provided by TikTok Inc, 10100 Venice Blvd, Culver City, CA 90232, USA ("TikTok"), which allows us to serve interest-based advertising to visitors to our website based on their previous browsing behaviour on our website and third party websites, apps and emails.

When you visit our website, a pixel setting establishes a connection to TikTok's servers, which may record personal data such as your IP address, pages visited and interactions.

The relevant data can also be transferred to TikTok's servers in the USA and stored there. The legal basis for this is the so-called EU standard contractual clauses in conjunction with your consent.

The legal basis for processing your data is your consent in accordance with Article 6(1)(a) GDPR. This means that we only use this service if you have given us your consent to do so. You can withdraw your consent at any time with effect for the future, which is easiest to do via our cookie consent manager.

More information is available here: https://ads.tiktok.com/help/article/app-retargeting?lang=en; https://www.tiktok.com/legal/page/eea/privacy-policy/en.

XI. TECHNICAL AND ORGANISATIONAL MEASURES FOR DATA SECURITY

We have taken technical and organisational security measures to protect your personal data against loss, destruction, manipulation and unauthorised access by third parties in order to ensure an adequate level of protection and to safeguard your personal rights.

For example, we encrypt your personal data, including confidential content such as your contact requests, before we transfer it, and all our employees and service providers and processors working for us are committed to complying with applicable data protection regulations and data protection laws.

We regularly check that our many safety measures comply with the latest standards.

XII. YOUR RIGHTS AS A DATA SUBJECT

In accordance with the legal provisions on data protection, you always have the following rights in relation to your personal data:

1. RIGHT OF

You have the right to request information about your personal data that we process and a copy of that data.

2. RIGHT OF RECTIFICATION

You have the right to request the rectification of inaccurate data and, taking into account the purposes of the processing, the completion of incomplete data.

3. RIGHT TO ERASURE

You have the right to request the deletion of your data for the following reasons:

The storage of the data is no longer necessary for the purposes for which it was collected or otherwise processed,

you withdraw the consent on which the processing was based and there is no other legal basis for the processing,

You object to processing and there are no overriding legitimate interests for processing,

The personal data concerned have been unlawfully processed,

whether the erasure of your personal data is necessary to comply with a legal obligation under Union or Member State law.

Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legal retention obligations. Notwithstanding the exercise of your right to erasure, we will erase your data immediately and in full if the retention is no longer necessary for the processing purpose in question and if there are no legal or statutory retention obligations that would exclude us.

4. RIGHT TO RESTRICTION OF PROCESSING

You also have the right to request restriction of the processing of your data if:

if you contest the accuracy of your personal data, for a period which allows us to verify its accuracy

the processing is unlawful and you refuse to have your personal data erased and request instead that we restrict the use of your personal data;

we no longer need the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or

you have objected to processing in accordance with Article 21 (1) GDPR, pending verification that our legitimate interests outweigh yours.

5. THE RIGHT TO DATA PORTABILITY

Provided that the legal requirements are met, you have the right to receive the data provided in a structured, commonly used and machine-readable format and to have it transmitted to another controller or, if technically feasible, to have it transmitted to Westwing.

6. THE RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT DATA PROTECTION AUTHORITY

You also have the right to lodge a complaint with the competent data protection supervisory authority. To exercise this right, please send an email to:

7. RIGHT TO OBJECT

If your personal data is processed on the basis of our legitimate interest in accordance with Article 6(1)(f) GDPR, you also have the right to object to the processing of your personal data on grounds relating to your particular situation, e.g. by sending an email to service@westwing.si. We will then no longer process your personal data for these purposes, unless our legitimate interest prevails in individual cases.

8. RIGHT OF REVOCATION

If your personal data is processed on the basis of your consent in accordance with Article 6(1)(a) GDPR, you have the right to withdraw your consent at any time with effect for the future, e.g. by sending an email to service@westwing.si.

If you wish to exercise any of the above rights, you may also contact our external Data Protection Officer at any time by email to: anfrage@projekt29.de.

XIII. AMENDMENTS TO THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy if necessary, e.g. as a result of the use of new services or technologies. If material changes are made, we will post them on our website or by email.

Status: May 2025