Cookies
Last updated: July 27, 2026.
1. Introduction to Cookies and Similar Technologies
1.1 Cookies may be used during your visit to our websites. Technically, these are so-called HTML cookies and similar software tools such as Web/DOM Storage or Local Shared Objects (so-called "flash cookies"), which we collectively refer to as "cookies".
1.2 Cookies are small files that are stored on your desktop, notebook, or mobile device during your visit to a website and are read later. This allows us, for example, to determine whether a connection has previously been established between the device and the websites and which language or other settings you prefer, to offer you certain functions, or to recognize your interests based on your online usage. Cookies may also contain personal data.
1.3 Consent management
We are committed to ensuring that you have control over the extent to which you share your data with us. Therefore, we only use cookies and similar technologies (with the exception of necessary cookies) after you have given us your explicit consent.
We use a Consent Management Tool that allows you to enable and disable cookies. Additionally, we give you the option to view and modify your decision, and to delete cookies that have already been placed. You can check and change your current browser's cookie settings using the methods below.
|
Browser |
How to set up |
|
Microsoft Edge |
|
|
Chrome |
|
|
Safari |
|
In addition, we provide information about which cookies or similar technologies we use, what information we automatically collect via the cookies or technologies, how we use this information, and whether we share this information with third parties.
1.4 We use the following types of cookies:
a.Strictly necessary cookies
These are cookies that are necessary for the essential operation of the Service, for example to identify users and prevent fraudulent use.
b.Analytical cookies
These cookies allow us to process statistical data about the use of our website, including recognizing the number of visitors and counting and viewing how visitors navigate the Service when using it. This enables us to improve the functioning of the Service, for example by ensuring that users can find what they are looking for on the Service more easily.
c.Marketing cookies
These cookies record your visit to our website, the pages you have visited, and the links you have followed. We use this information to better tailor our website, the advertisements displayed on it, and the marketing messages we send you to your interests. We may also share this information with third parties who provide a service to us for this purpose.
2. Detailed information on cookies we used
2.1 Overview of cookies and similar technologies by type
| Type | Cookie Name | Provider | Purpose | First party / Third party |
|---|---|---|---|---|
| Strictly necessary cookies | Shopify | Shopify International Ltd. | Essential for core website functionality, maintaining user session states, and managing shopping cart checkout. | First Party |
| Strictly necessary cookies | PayPal | PayPal (Europe) S.à r.l. et Cie, S.C.A. | Provides secure payment gateway integration, fraud prevention, and transaction processing. | Third Party |
| Strictly necessary cookies | Klarna | Klarna Bank AB (publ) | Enables payment and financing options, identity verification, and anti-fraud assessments. | Third Party |
| Marketing | Meta Pixel | Meta Platforms Ireland Limited | Tracks cross-platform conversions, builds retargeting audiences, and measures advertisement campaign performance. | First Party |
| Analytical cookies | Google Analytics | Google Ireland Limited | Collects aggregated data to analyze website traffic, user interaction paths, and page performance to optimize user experience. | First Party |
| Marketing | Google Ads | Google Ireland Limited | Delivers personalized advertisements, tracks cross-site ad conversions, and measures the return on investment (ROI) of advertising campaigns. | Third Party |
2.2 Detailed description about the cookies and similar technologies we use.
a.Shopify
Description and purpose
On our website, we use the Shopify service, provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. Shopify also analyzes visitor numbers, visitor sources, and customer behavior and generates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing address, payment details, and other data relating to the purchase (e.g., phone number, sales volume, etc.). Shopify stores cookies in your browser for these analyses.
Legal basis
The legal basis for the processing of your personal data is your consent in accordance with Article 6(1)(a) of the GDPR. In addition, the processing also takes place on the basis of our legitimate interest in accordance with Article 6(1)(f). Our overriding legitimate interest is the attractive and user-friendly presentation of the content on our website.
Recipient
The recipient of your personal data is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. If you pay via credit card using Shopify Payments, your payment is processed by Shopify International Limited (and its technical partners, such as Stripe).
Transfer to third countries
Although the Shopify service is provided to us by Shopify International Limited (Ireland), your personal data will be transferred to, stored, and processed in countries outside the European Economic Area (EEA). In particular, data is transferred to Shopify Inc. in Canada (the parent company) and to Shopify entities and third-party sub-processors (including Stripe, Inc. for payment processing via Shopify Payments) located in the United States and other global destinations.
For data transfers to Canada, we rely on the European Commission’s adequacy decision, which recognizes that Canada’s legal framework provides an adequate level of protection for personal data. For data transfers to the United States and other countries without an adequacy decision, Shopify ensures that appropriate safeguards are in place in accordance with Article 46 of the GDPR. This includes relying on the EU-U.S. Data Privacy Framework (DPF) for certified recipients, and/or executing the Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by necessary technical and organizational measures to secure the data.
Duration of data storage
The data will be deleted as soon as they are no longer needed for the purpose for which they were collected. Furthermore, the data will be deleted if you exercise your right to erasure in accordance with Article 17, paragraph 1, of the GDPR.
Cancellation
You have the right to withdraw your consent at any time, see Article 7, paragraph 3, first sentence of the GDPR. This can be done informally and without giving reasons, and the withdrawal has effect for the future. The withdrawal of consent does not affect the lawfulness of the processing that took place prior to the withdrawal. You can find more information on this above in our privacy policy under 'Rights of data subjects'.
Contractual and legal obligations
There is no contractual or legal obligation to provide the data.
Additional information on data protection
You can find more information about the processing of your personal data here: https://www.shopify.com/de/legal/datenschutz and
https://stripe.com/privacyShopify payment
b.PayPal
Description and purpose
On our website, we offer the option to process payments via the PayPal service, provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. When you choose to pay via PayPal, or when PayPal payment widgets are loaded on the checkout page, PayPal collects your IP address, information about the device you are using, and browser details. Furthermore, PayPal uses cookies and similar tracking technologies to process the payment transaction securely, maintain your active session status, verify your identity, and carry out essential risk management and fraud prevention measures.
Legal basis
The legal basis for the processing of your personal data to execute the payment is the performance of a contract in accordance with Article 6(1)(b) of the GDPR. In addition, the processing of data for risk management and fraud prevention purposes takes place on the basis of our legitimate interest, as well as PayPal's legitimate interest, in accordance with Article 6(1)(f) of the GDPR. The storage and reading of strictly necessary cookies for the secure execution of the payment service is based on the applicable national ePrivacy regulations (e.g., § 25 (2) No. 2 of the German TDDDG).
Recipient
The recipient of your personal data is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. As an independent data controller for the payment process, PayPal may also share data with credit reference agencies to conduct credit checks, depending on the payment method selected (e.g., Pay Later).
Transfer to third countries
Your personal data may be transferred to third countries outside the European Economic Area (EEA), particularly to PayPal Inc. and its sub-processors in the United States. Such data transfers are secured by appropriate safeguards, such as the EU-U.S. Data Privacy Framework (DPF) or the Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring a level of data protection that complies with the GDPR.
Duration of data storage
The cookies used by PayPal are stored for varying durations. Session cookies are deleted as soon as you close your browser, while persistent cookies remain on your device for a specified period (typically to recognize your device for fraud prevention) or until you manually delete them. Your underlying transaction data will be retained by PayPal for as long as is strictly necessary to fulfill statutory commercial, financial, and tax-related retention obligations, we generally store these data for 10 years.
Cancellation
Please note that the core processing of data required for the execution of the payment and mandatory fraud prevention is not based on consent and therefore cannot be canceled in this manner once a transaction is initiated.
Contractual and legal obligations
There is no statutory obligation to provide the data. However, the provision of your data to PayPal is a contractual requirement if you select PayPal as your payment method. Without the provision of this data and the enabling of the associated strictly necessary cookies, the payment cannot be processed via this service.
Additional information on data protection You can find more information about the processing of your personal data and the specific cookies used by PayPal here: https://www.paypal.com/webapps/mpp/ua/privacy-full and https://www.paypal.com/webapps/mpp/ua/cookie-full
c.Klarna
Description and purpose
On our website, we offer the option to process payments via the services of Klarna, provided by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. When you select a Klarna payment method (e.g., Pay Later, Pay Now, or Financing) or interact with Klarna checkout widgets, Klarna collects your IP address, information about the device you are using, and browser details. Klarna uses cookies and similar tracking technologies to process the payment securely, verify your identity, perform credit and risk assessments (credit scoring), and carry out essential fraud prevention measures.
Legal basis
The legal basis for processing your personal data to execute the payment transaction is the performance of a contract in accordance with Article 6(1)(b) of the GDPR. The processing of data for identity verification, credit assessment, and fraud prevention takes place on the basis of Klarna's legitimate interests in accordance with Article 6(1)(f) of the GDPR, as well as to comply with legal obligations (such as anti-money laundering regulations) under Article 6(1)(c) of the GDPR. The storage and reading of strictly necessary cookies for the secure execution of the payment and risk evaluation is based on the applicable national ePrivacy regulations (e.g., § 25 (2) No. 2 of the German TDDDG).
Recipient
The recipient of your personal data is Klarna Bank AB (publ). As an independent data controller for the payment and credit evaluation process, Klarna may share your data with credit reference agencies (e.g., SCHUFA in Germany) to conduct identity checks and assess your creditworthiness.
Transfer to third countries
Your personal data is primarily processed within the European Economic Area (EEA). If Klarna transfers data to a third country outside the EEA (e.g., to sub-processors in the US), such transfers are secured by appropriate safeguards, such as the EU-U.S. Data Privacy Framework (DPF) or the Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring a level of data protection that complies with the GDPR.
Duration of data storage
The cookies used by Klarna are stored for varying durations. Session cookies are deleted as soon as you close your browser, while persistent cookies used for fraud prevention and device recognition remain on your device for a specified period or until you manually delete them. Your underlying transaction and credit data are retained by Klarna for as long as is strictly necessary to fulfill statutory commercial, financial, and anti-money laundering retention obligations, we generally store these data for 10 years.
Cancellation
Please note that the core cookie placement and data processing required for the execution of the payment contract, credit assessment, and mandatory fraud prevention do not rely on consent and therefore cannot be canceled in this manner once you initiate a transaction via Klarna.
Contractual and legal obligations
There is no statutory obligation for you to provide the data to us. However, the provision of your data and the enabling of the associated strictly necessary cookies is a contractual requirement if you wish to use Klarna as your payment method. Without this data, Klarna cannot perform the necessary credit checks or process the payment securely.
Additional information on data protection
You can find more information about the processing of your personal data and the specific cookies used by Klarna here: https://www.klarna.com/international/privacy-policy/ and https://www.klarna.com/international/cookies/
d.Meta-Pixel
Description and purpose
To understand your user behavior, we use the so-called Meta Pixel from Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. This is an analytics tool that measures the effectiveness of advertisements. It is a piece of code for your website that allows us to measure, optimize, and build target audiences for advertising campaigns. Conversion tracking enables us to track which actions people take on various devices (including mobile phones, tablets, and desktop computers) after seeing our Facebook ads. By creating a Meta Pixel and adding it to our pages where conversions occur (for example, the purchase confirmation page), we can identify which individuals convert as a result of our Facebook ads. The pixel further monitors the actions people take after clicking on our ads. We can determine which device our customers used to view the ad and which devices they ultimately used to complete the conversion. According to Facebook, the collected data includes the following:
| HTTP headers | Information about the web browser, the storage location of the page or document, the URL reference and the user agent of the web browser, as well as the IP address (which, according to Meta, can only be evaluated at a general country level). |
| Pixel-specific data | This includes the pixel ID and Facebook cookie data, which are used to link events to a specific Facebook advertising account and assign them to a person known to Facebook. |
| Optional values | Developers and marketers can optionally send additional information about the visit via standard and custom data events. Typical custom data events include information about whether a purchase was made on a page, the conversion value, and much more. You can find more information about custom data events here. With your permission, we use the "visitor action pixel" from Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA, or, if you are located in the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, on our website. This conversion tool allows us to track your actions after you have seen or clicked on a Facebook ad. This serves to monitor and analyze the effectiveness of our Facebook ads for statistical and market research purposes. Although we can only recognize this data in anonymized form, it is also stored and processed by Facebook. We do not know exactly what Facebook does with this data, but we can assume that Facebook can and will link this data to your Facebook account. Facebook may then use this information for advertising, market research, and to tailor Facebook pages to user needs. To this end, for example, Facebook and its partners create usage, interest, and relationship profiles to analyze your use of our website in relation to the advertisements you see on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook. For this purpose, cookies may also be placed on your device. |
Meta uses the following cookies:
| _fbp | Meta cookie used for website analysis, ad targeting, and ad measurement. | Duration: 2 months, 29 days, 7 hours, 30 minutes |
| fr | The primary Meta cookie used to deliver, measure, and improve the relevance of advertisements. | Duration: 2 months, 28 days |
| _fbc | Ads, recommendations, insights, and measurements (stores data on link clicks from Meta ads to provide advertising and website analytics services). | Duration: 2 months, 28 days |
| datr | Meta security cookie used for fraud prevention, browser identification, and account protection. | Duration: 2 years |
| sb | Meta cookie used to identify the browser securely for authentication and security purposes. | Duration: 2 years |
Extensive matching
Advertisers can optionally enable the enhanced matching feature of the metapixel by sending encrypted information, such as an email address or phone number, to Facebook. Advertisers can send one or more of the following matching identifiers: email address, phone number, first name, last name, city, province/state, postal code, date of birth, or gender.
Legal basis
The legal basis for the processing of your personal data is Article 6, paragraph 1, point (a), of the GDPR.
Recipient
The recipient of your personal data is and Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland) and Meta Platforms Inc. (1 Hacker Way, Menlo Park, California 94025, USA).
Transfer to third countries
Personal data is transferred to the US. This transfer is subject to appropriate safeguards in accordance with Article 46 of the GDPR. We have entered into standard contractual clauses with the data importer in accordance with Article 46(2)(c) of the GDPR. Furthermore, we are aware of our responsibility and will, where necessary, take additional measures to protect the rights and freedoms of natural persons and to ensure the protection of personal data.
Duration of data storage
The data will be deleted as soon as they are no longer needed for the purpose for which they were collected. Furthermore, the data will be deleted if you exercise your right to erasure in accordance with Article 17, paragraph 1, of the GDPR.
Cancellation
You have the right to withdraw your consent at any time, see Article 7, paragraph 3, first sentence of the GDPR. This can be done informally and without giving reasons, and the withdrawal has effect for the future. The withdrawal of consent does not affect the lawfulness of the processing that took place prior to the withdrawal. You can find more information on this above in our privacy policy under 'Rights of data subjects'.
Additional information on data protection You can find more information about the Meta Pixel here:
https://de-de.facebook.com/business/help/742478679120153?id=1205376682832142
e.Google Analytics
Description and purpose
Google Analytics is a web analytics service provided by Google Ireland Limited, Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (" Google ") which tracks and shares website traffic.
Google Analytics uses so-called tracking pixels and cookies. The information generated by a cookie about your use of this website is usually transmitted to a Google server in the United States and stored there. By activating IP anonymization, your IP address is shortened by Google within the European Economic Area beforehand and is therefore not fully transmitted to a Google server in the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and shortened there.
On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide us with other services relating to the analysis of your website activity and internet usage. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
Google Analytics uses the following cookies:
| __utmb | This cookie is used to keep track of the time of the visit. | Duration: Session |
| _ga | This cookie is used to distinguish between users. | Duration: 2 years, 12 hours |
| IDE | This is used to display personalized advertisements. | Duration: 1 year, 30 days, 16 hours, 30 minutes |
| _gid | This cookie name is associated with Google Universal Analytics to distinguish unique users of the website. | Duration: 24 hours |
| _hole | This cookie is used to limit the number of requests per second (request rate). When Google Analytics is deployed via Google Tag Manager, this cookie is named _dc_gtm_. |
Duration: 1 minute |
| CONSENT | This is used to store the user's consent choices. | Duration: 2 years, 12 hours |
| FPID | This is used to store a value that is used to set the client ID in the request to Google's servers. | Duration: 2 years, 12 hours |
| FPLC | This registers a unique ID, which is used to generate statistical data about how the visitor uses the website. | Duration: 20 hours |
| _ga_<container-id> | Google Analytics 4 cookie used to persist session state and user behavior tracking. | Duration: 2 years |
| _gat | Google Analytics cookie used to throttle request rate. | Duration: 1 minute |
Legal basis
The legal basis for the processing of your personal data is Article 6, paragraph 1, point (a), of the GDPR.
Recipient
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Where applicable, Google LLC and Google group companies/sub-processors may also process personal data in connection with hosting, support, security, and international data transfers. Google generally acts as a processor for standard Google Analytics processing; if specific data-sharing settings are enabled, Google may process shared data as an independent controller.
Transfer to third countries
Personal data is transferred to the United States. This transfer is subject to appropriate safeguards in accordance with Article 46 of the GDPR. We have concluded standard contractual clauses with the data importer for this purpose. Furthermore, we are aware of our responsibility and will, where necessary, take additional measures to protect the rights and freedoms of natural persons and to ensure the protection of personal data.
Duration of data storage
The retention period is the time span during which the collected data is stored for the processing purposes. The data must be deleted as soon as it is no longer needed for the stated processing purposes. The retention period depends on the type of data stored. Each user can choose how long Google Analytics retains data before it is automatically deleted.
Cancellation
You have the right to withdraw your consent at any time, see Article 7, paragraph 3, first sentence of the GDPR. This can be done informally and without giving reasons, and the withdrawal has effect for the future. The withdrawal of consent does not affect the lawfulness of the processing that took place prior to the withdrawal. You can find more information on this above in our privacy policy under 'Rights of data subjects'.
Additional information on data protection
You can find more information about the processing of your personal data here:
https://support.google.com/analytics/answer/6004245?hl=de https://policies.google.com/privacy?hl=de&gl=de .
https://policies.google.com/technologies/cookies?hl=en
f.Google Ads
Description and purpose
Google Ads is an advertising and tracking service offered by Google. Google uses cookies and other technologies for advertising, including displaying and playing ads, personalizing ads, limiting the frequency used to show you an ad, blocking ads you no longer want to see, and measuring the effectiveness of ads.
With your permission, a direct connection to Google's server is automatically established. By integrating the Floodlight tag, Google receives information that you have accessed the relevant part of our website or clicked on one of our advertisements.
In addition, the Floodlight tags used enable us to determine whether you perform certain actions on our website after viewing or clicking on one of our display/video advertisements on another platform (conversion tracking). Google uses this cookie to gain insight into the content you have viewed on our website in order to send you targeted advertising later.
Google Ads processes the following information: Online identifiers (including cookie identifiers), Internet Protocol (IP) addresses and device identifiers, location data, customer-assigned identifiers and names, email addresses, phone numbers, and addresses where enabled.
Google Ads uses the following cookies:
| __utmb | This cookie is used to keep track of the time of the visit. | Duration: Session |
| _ga | This cookie is used to distinguish between users. | Duration: 2 years, 12 hours |
| IDE | This is used to display personalized advertisements. | Duration: 1 year, 30 days, 16 hours, 30 minutes |
| _gid | This cookie name is associated with Google Universal Analytics to distinguish unique users of the website. | Duration: 24 hours |
| __utma | This cookie is used to record the time and date of the first visit, the total number of visits, and the start time of the current visit. | Duration: Session |
| _hole | This cookie is used to limit the number of requests per second (request rate). When Google Analytics is deployed via Google Tag Manager, this cookie is named _dc_gtm_. |
Duration: 1 minute |
| CONSENT | This is used to store the user's consent choices. | Duration: 2 years, 12 hours |
| FPID | This is used to store a value that is used to set the client ID in the request to Google's servers. | Duration: 2 years, 12 hours |
| FPLC | This registers a unique ID, which is used to generate statistical data about how the visitor uses the website. | Duration: 20 hours |
| _gcl_au | Google Ads cookie used for conversion tracking and advertising measurement. | Duration: 90 days |
| _gcl_aw | Google Ads cookie used to store ad click information for conversion attribution. | Duration: 90 days |
| _gcl_dc | DoubleClick cookie used for conversion attribution and campaign measurement. | Duration: 90 days |
| test_cookie | Google Ads cookie used to test whether the browser supports cookies. | Duration: 15 minutes |
| DSID | Google cookie used to identify signed-in users across Google services. | Duration: 2 weeks |
| ANID | Google cookie used for advertising preferences and personalized ads. | Duration: 13 months |
Legal basis
The legal basis for the processing of your personal data is consent in accordance with Article 6, paragraph 1, letter a) of the GDPR.
Recipient
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Depending on the user location and the specific Google Ads, conversion measurement, remarketing, or data-sharing functions used, Google LLC and other Google affiliates may also receive or process personal data. For certain advertising and measurement functions, Google may process personal data as an independent controller; for processor services, Google processes data on our behalf under applicable data processing terms.
Transfer to third countries
Personal data is transferred to the US (server location). This transfer is subject to appropriate safeguards in accordance with Article 46 of the GDPR. We have entered into standard contractual clauses with the data importer in accordance with Article 46(2)(c) of the GDPR. Furthermore, we are aware of our responsibility and take additional measures where necessary to protect the rights and freedoms of natural persons and to ensure the protection of personal data.
Duration of data storage
The data will be deleted as soon as they are no longer needed for the purpose for which they were collected. Furthermore, the data will be deleted if you exercise your right to erasure in accordance with Article 17, paragraph 1, of the GDPR. Remarketing cookies have a retention period of up to 540 days.
Cancellation
You have the right to withdraw your consent at any time, see Article 7, paragraph 3, first sentence of the GDPR. This can be done informally and without giving reasons, and the withdrawal has effect for the future. The withdrawal of consent does not affect the lawfulness of the processing that took place prior to the withdrawal. You can find more information on this above in our privacy policy under 'Rights of data subjects'.
Additional information on data protection
You can find more information about the processing of your personal data here: www.google.com/policies/privacy/
In addition, you can find information about how Google as a company handles personal data in a business context on Google's Business Data Responsibility Site:
https://business.safety.google/privacy/ .