For a limited time: Free oxygen water with your order
Free shipping from 25 €
Das schwarze Textlogo auf weißem Hintergrund lautet in großen Buchstaben „MERME“, darunter links in kleineren Buchstaben „BERLIN“.Das schwarze Textlogo auf weißem Hintergrund lautet in großen Buchstaben „MERME“, darunter links in kleineren Buchstaben „BERLIN“.
DE
0

Privacy policy

MERME GmbH (hereinafter: "we") appreciates your interest in our company and our products. It is our concern that you also feel safe regarding the protection of your personal data when visiting the websites operated by us (hereinafter: "Website").

In this Privacy Policy, we inform you about the type, scope and purpose of the personal data processed by us when you use our Website, including all subpages and our shop. If you wish to make use of certain services on our Website, e.g. submitting reviews of our products or the wishlist, personal data will be processed. Personal data is any data that can be related to you personally, e.g. name, address, email addresses, user behaviour.

This Privacy Policy also contains information on the processing of personal data in connection with our presences in social media.

You can navigate directly to the relevant topics via the following links to learn how we process personal data concerning you. You may also read, save and print this Privacy Policy as a complete document.

Contents of the Privacy Policy

  1. Information on the controller, data protection officer
  2. Collection and processing of personal data
  3. Cookies and similar technologies
  4. Disclosure of personal data in general
  5. Social plug-ins, integration of third-party content
  6. Analysis of usage data ("tracking") and usage-based information ("(re-)targeting")
  7. Use of our online shop
  8. Information on the newsletter (email and WhatsApp)
  9. Our presences in social media, influencers
  10. Your rights as a data subject
  11. Update of the Privacy Policy
  12. List of cookies used

1. Information on the controller, data protection officer

(a) Controller

The controller within the meaning of the General Data Protection Regulation ("GDPR") and other national data protection laws of the EU Member States as well as other data protection regulations is:

MERME GmbH Alt-Moabit 90 10559 Berlin

Email: service@merme.de

You can find more information about us in the legal notice (Impressum).

2. Collection and processing of personal data

When you use the Website for purely informational purposes, i.e. if you do not otherwise transmit information to us, we generally only collect the personal data that your browser transmits to our server. We collect the following data, which is technically necessary for us to display our Website to you in the version and language suitable for you and to ensure stability and security and to compile general reports on the use of our Website (the legal basis is Art. 6 (1) sentence 1 lit. f GDPR):

  • IP address
  • Date and time of the request
  • Content of the request (specific page)
  • Website from which the request originates
  • Browser
  • Operating system

The above data will be anonymised or deleted immediately when it is no longer required for the purposes mentioned, at the latest 30 days after we have collected it.

If you provide us with further personal data via the Website or by other means such as WhatsApp, e.g. as part of a registration, a contact form, a survey, a competition, or for the performance of a contract or the dispatch of products, we use this data for the purposes mentioned, for purposes of customer administration and – insofar as necessary – for the purposes of processing and billing any business transactions, in each case to the extent required for this.

When you use our digital testers, we determine your approximate location (with an accuracy of approx. 50 km) from an IP address that has been anonymised by truncation, and through the scan of the QR code we determine which version of our point of sale you are standing in front of. This data is used exclusively for statistical purposes and is not merged with other data.

In the event of contact by email (e.g. to the address indicated above) or other means (e.g. messenger), the personal data transmitted with your email message will be stored. The data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

The legal basis for the processing of the data transmitted in the course of sending a message is Art. 6 (1) sentence 1 lit. b and lit. f GDPR. This data is used by us solely for processing the contact request; this also constitutes the necessary legitimate interest in the processing of the data within the meaning of Art. 6 (1) sentence 1 lit. f GDPR. The data will be deleted as soon as it is no longer required for the purpose for which it was collected, which is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

3. Cookies and similar technologies

In addition to the data mentioned above, cookies are stored on your computer when you use our Website, and comparable technologies are used. Cookies are small text files that are stored on your hard drive assigned to the browser you use, and through which certain information flows to the entity that sets the cookie (here, us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the internet offering more user-friendly and effective overall.

The vast majority of cookies are only set with your consent (Art. 6 (1) sentence 1 lit. a GDPR). For other cookies, the legal basis is our legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR). Our cookie banner informs you which cookies fall into which category.

(a) General

This Website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies. Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our Website. Session cookies are deleted when you log out or close your browser. Such a cookie can store, for example, the contents of a shopping cart in an online shop or a login status.

Persistent cookies. Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

(b) Browser settings

You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. Stored cookies can be deleted in the browser's system settings. We point out that you may not be able to use all functions of this Website.

(c) List of cookies

A list of the cookies used and comparable technologies can be found in the cookie banner on our Website.

(d) Withdrawing consent to cookies

In the footer of our Website, you will find a "Cookie Settings" link, via which you can change your cookie settings at any time.

4. Disclosure of personal data in general

(a) Disclosure to service providers

In some cases we use service providers bound by instructions for certain data processing activities, who process the data on our behalf and according to our instructions (processing on behalf of a controller).

(b) Disclosure to public authorities, to injured parties and for the prosecution of legal claims

If it is necessary to clarify unlawful or abusive use of our Website or for the prosecution of legal claims, personal data will be forwarded to law enforcement authorities and, where applicable, to injured third parties. However, this only takes place if there are indications of unlawful or abusive behaviour.

Disclosure may also take place if it serves the enforcement of terms of use or other agreements. Furthermore, we are legally obliged to provide information to certain public bodies upon request. These are law enforcement authorities, authorities prosecuting administrative offences subject to fines, and the tax authorities.

The legal basis for this is Art. 6 (1) sentence 1 lit. b, Art. 6 (1) sentence 1 lit. c, Art. 6 (1) sentence 1 lit. d and Art. 6 (1) sentence 1 lit. f GDPR.

(c) Disclosure in the context of corporate transactions

In the course of the further development of our business, the structure of our company may change, in that the legal form is changed, subsidiaries, parts of the company or components are founded, purchased or sold. In such transactions, customer information may be passed on together with the part of the company to be transferred to the acquirer or legal successor.

In any disclosure of personal data to the extent described above, we will ensure that this is done in accordance with this Privacy Policy and the applicable data protection law.

(d) Disclosure to recipients outside the EU

It is possible that we transfer personal data to countries outside the EU ("third countries"). Any transfer of data to a recipient in a third country takes place in compliance with the applicable data protection law. In many cases, we obtain your consent to such a transfer via our cookie banner. Insofar as we do not obtain consent (and in some cases also in addition to consent), we provide for appropriate safeguards to ensure adequate protection of the personal data concerning you, insofar as the European Commission has not determined the existence of an adequate level of protection for a third country. This may be done in particular by concluding data processing agreements containing EU standard data protection clauses, which, by decision of the European Commission, provide appropriate safeguards (available at: Standard Contractual Clauses (SCC) (europa.eu)). Please contact us for further details, such as the text of the EU standard data protection clauses.

(e) Consentmanager

We have integrated the consent management tool "consentmanager" (www.consentmanager.net) of Jaohawi AB, Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net, on our Website in order to obtain consent for data processing or the use of cookies or comparable functions. With the help of "consentmanager", you have the option of giving or refusing your consent for certain functionalities of our Website, e.g. for the purpose of integrating external elements, statistical analysis, reach measurement and personalised advertising. With the help of "consentmanager", you can give or refuse your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed by you at a later date. The purpose of the integration of "consentmanager" is to leave the decision on the aforementioned matters to the users of our Website and, in the course of the further use of our Website, to offer the possibility of changing settings already made. In the course of using "consentmanager", personal data and information of the end devices used, such as the IP address, are processed.

The legal basis for the processing is Art. 6 (1) sentence 1 lit. c in conjunction with Art. 6 (3) sentence 1 lit. a in conjunction with Art. 7 (1) GDPR.

5. Social plug-ins, integration of third-party content

(a) General

Our Website may also contain offers from third parties. If you click on such an offer, data will be transferred to the respective provider to the extent required (e.g. the information that you found this offer with us and, where applicable, further information that you have already provided for this purpose on our Website).

(b) Social plug-ins

If we use so-called "social plug-ins" of social networks such as Meta Platforms Ireland Limited or Twitter on our Website, we integrate them as follows:

When you visit our Website, the social plug-ins are deactivated, i.e. no data is transferred to the operators of these networks. If you wish to use one of the networks, click on the respective social plug-in to establish a direct connection to the server of the respective network.

If you have a user account with the network and are logged in there at the moment of activating the social plug-in, the network can assign your visit to our Website to your user account. If you wish to avoid this, please log out of the network before activating the social plug-in.

When you activate a social plug-in, the network transmits the content thus made available directly to your browser, which integrates it into our Website. In this situation, data transfers may also take place that are initiated and controlled by the respective social network. The data protection provisions of the respective network apply exclusively to your connection to a social network, the data transfers taking place between the network and your system, and your interactions on this platform.

When you click on the link to an offer or activate a social plug-in, it may be the case that personal data reaches providers in countries outside the European Economic Area which, from the point of view of the European Union ("EU"), do not guarantee an "adequate level of protection" for the processing of personal data corresponding to EU standards. Please bear this in mind before clicking on a link or activating a social plug-in and thereby triggering a transfer of your data.

The social plug-in remains active until you deactivate it or delete your cookies.

(c) Vimeo videos

The videos on our Website are partly embedded from the Vimeo platform (Vimeo LLC, based in New York City, USA). This means that the video is played directly on vimeo.com but displayed on our page. In doing so, Vimeo cookies are set, via which personal data concerning you are transmitted to Vimeo if you are logged in to Vimeo via your end device. This is necessary to enable you to save the videos in your "Watch later" playlist in order to watch them at a later time. You can prevent such a data transfer by logging out of Vimeo beforehand. The cookies are used on the basis of your consent (Art. 6 (1) lit. a GDPR). Further information on the processing of personal data by Vimeo can be found in Vimeo's privacy policy at https://vimeo.com/privacy.

(d) Google Maps

On our websites, we use the offering of Google Maps on the basis of our legitimate interests (i.e. interest in the optimisation of our online offering within the meaning of Art. 6 (1) sentence 1 lit. f GDPR). This allows us to display interactive maps directly on the Website and enables you to conveniently use the map function, e.g. when using our store finder.

By visiting the Website, Google receives your IP address and the information that you have called up the corresponding subpage of our Website. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, personal data concerning you will be assigned directly to your account. If you do not wish to be associated with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to inform other users of the social network about your activities on our Website. You have a right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options for the protection of your privacy: http://www.google.de/intl/de/policies/privacy

(e) Use of Google reCAPTCHA

On this Website we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is used to protect our Website against attacks according to the state of the art, in particular to distinguish whether an entry is made by a natural person or abusively by mechanical and automated processing. The service includes the processing of the web request, the IP address, the browser type, the browser language, the date and time of your request, and one or more cookies that may identify your browser. The processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in determining individual personal responsibility on the internet, avoiding abuse and spam, and protecting our Website against attacks. In the course of the use of Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. in the USA and other companies of the Google Group worldwide.

Further information on Google reCAPTCHA as well as Google's privacy policy can be accessed at: https://www.google.com/intl/de/policies/privacy/ and https://policies.google.com/?gl=de;hl=de. You can contact Google's data protection officer via: data-access-requests@google.com.

(f) Social plugins of Meta Platforms Ireland Limited and Google Ireland Limited

Social plugins of Meta Platforms Ireland Limited may be used on our websites.

If you visit a page that contains such a plugin and the plugin is activated, your browser establishes a connection to the provider of the respective plugin and the content is loaded from these pages. Your visit to this Website may thereby be tracked by Meta Platforms Ireland Limited or by Google Ireland Limited, even if you do not actively use the function of the social plugin. If you have an account with Facebook or Google, you can use such a social plugin and can thus share information with your friends. We have no influence on the content of the plugins or the transmission of information.

Meta Platforms Ireland Limited provides detailed information on the scope, type, purpose and further processing of your data at https://www.facebook.com/about/privacy. Here you will also find further information on your rights and setting options for the protection of your privacy.

(g) Instagram

This Website also includes plugins of the social network Instagram ("Instagram"). Instagram is an offering of Meta Platforms Ireland Limited (Ireland). You can recognise the Instagram plugin by the "Instagram button" on our page. If you click on the "Instagram button" while logged in to your Instagram account, you can link the contents of our pages to your Instagram profile. As a result, Instagram can assign the visit to our pages to your user account. We point out that we receive no knowledge of the content of the data transmitted or its use by Instagram. Further information can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy.

(h) Yotpo

We cooperate with Yotpo Ltd. Yotpo is a business-to-business software-as-a-service platform that enables us to conduct, optimise and analyse customer loyalty campaigns. Yotpo processes the public IP address, device and browser data and the website from which you use the review platform. Your name, your email address and order information are collected. The legal basis for data processing by Yotpo is Art. 6 (1) lit. f GDPR. Further information on this can be found in Yotpo's privacy policy at www.yotpo.com/privacypolicy.

(i) OpenStreetMap

We use the map service of OpenStreetMap (OSM). The provider is Open-Street-Map Foundation (OSMF), St John Innovation Centre, Cowley Road, Cambridge, CB4 OWS, United Kingdom.

If you visit a website on which OpenStreetMap is integrated, your IP address and other information about your behaviour on this Website will be forwarded to OSMF. For this purpose, OpenStreetMap may store cookies in your browser. You can prevent the storage of cookies by setting your browser accordingly; however, we point out that in this case you may not be able to fully use all functions of this Website.

Furthermore, your location can be recorded if you have allowed this in your device settings – e.g. on your mobile phone. We have no influence on this data transfer. Further information on this can be found in OpenStreetMap's privacy policy at the following link: https://osmfoundation.org/wiki/Privacy_Policy.

The use of OpenStreetMap is in the interest of an appealing presentation of our online offerings and the easy locatability of the places indicated by us on the Website. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.

(j) Microsoft Clarity

On this Website we use Microsoft Clarity, a service of the provider Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (hereinafter "Clarity"). Clarity is a tool for analysing user behaviour on this Website. In doing so, Clarity records in particular mouse movements and creates a graphical representation of which part of the Website users scroll on particularly frequently (heatmaps). Clarity can also record sessions so that we can view page usage in the form of videos. We also receive information about general user behaviour within our Website. Clarity uses cookies and other technologies that enable the recognition of the user for the purpose of analysing user behaviour, in particular the IP address of the device (recorded and stored exclusively in anonymised form), screen size, device type, information on the browser used, location (country only). The information is not used by Clarity or by us to identify individual website visitors or merged with further data on individual website visitors.

This data processing affects all users of our Website who have consented to the corresponding use via a cookie consent. The data processing therefore takes place solely on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR.

The data is deleted when the purpose of its collection no longer applies, at the latest after 1 year.

Data subjects can revoke their consent at any time with effect for the future, e.g. by contacting us using the contact details provided in this Privacy Policy. In addition, you can exercise your right to object at https://choice.microsoft.com/de-DE/opt-out.

Further information on how your data is processed by Clarity can be found at https://privacy.microsoft.com/de-de/privacystatement.

(k) Qualtrics

On our website we use the services of Qualtrics LLC, 333 W. River Park Drive, Provo UT 84604, USA, for conducting customer, product and brand satisfaction surveys. We carry out the surveys in order to continuously develop and improve our products and services. If you take part in a survey, only so-called "log data" (date and timestamp / information on your browser and your browser settings / information on your end device / usage data) are processed. Participation in a survey is voluntary. If you do not wish to take part in a survey, you can simply close the survey pop-up. The legal basis for the data processing is your consent, Art. 6 (1) lit. a GDPR.

Further information on Qualtrics LLC and on the processing of personal data by Qualtrics can be found at https://www.qualtrics.com/privacy-statement/.

(m) Pisano

With your consent, we use services on this Website from Pisano Limited, 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN, which enable us to obtain feedback through surveys and similar means and to collect data on the use of our websites and/or services, e.g. which pages are visited, when they are visited, which advertisement or email or web page brought you to our Website, how you interact with and use our services and pages.

6. Analysis of usage data ("tracking") and usage-based information ("(re-)targeting")

(a) General

We would like to tailor the contents of our Website as precisely as possible to your interests and thereby improve our offering for you. In order to identify usage preferences and particularly popular areas of the Website, we use so-called tracking technologies.

In order to be able to tailor our online marketing (e.g. banner advertising) more specifically to your usage-based interests, we use so-called (re-)targeting technologies. These are read out and used when you visit other websites that cooperate with the providers of these (re-)targeting technologies in order to be able to inform you in as interest-based a manner as possible.

When using the above technologies, your interest in our products and services is recorded via cookies on our Website and (in the case of retargeting) on third-party websites. In doing so, random identifiers (so-called cookie IDs) and comparable technologies are used, which we do not associate with your name, your address or similar information, even if these details are known to us (e.g. from an existing contractual relationship), unless you have consented to this.

(b) Google Analytics (basic version)

For the purpose of needs-based design and continuous optimisation of the Website, we use the basic version of Google Analytics on the basis of Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest), a web analysis service of Google Ireland Limited ("Google"). Google Analytics uses cookies (text files) that are stored on your computer and that enable an analysis of the use of the Website by you. On our behalf, Google will use this information to evaluate your use of the Website and to compile reports on Website activities. Google processes the data collected via the use of the "basic version" of Google Analytics exclusively on our instructions and for our purposes. Insofar as data collected via Google Analytics is used for advertising technologies of Google (e.g. Google remarketing) and in this case is also processed by Google for its own purposes and / or purposes of third parties, such processing only takes place after you have given consent to the use of such advertising technology on the Website.

This Website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are processed in shortened form, and any reference to a person can be excluded for the shortened addresses. You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to fully use all functions of this Website. You can also prevent the collection of the data generated by the cookie and related to your use of the Website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

For the exceptional cases in which personal data is transferred to the USA, Google Ireland Limited has agreed the so-called standard data protection clauses. The legal basis for the use of Google Analytics is Art. 6 (1) sentence 1 lit. f GDPR.

(c) Google Marketing

We only use Google marketing products (e.g. Search Ad, Display & Video 360) with your consent, which you can declare by clicking the "Agree" button in the cookie banner of the Website. We store your consent on your end device in a cookie so that you are not asked again for your consent each time you visit our Website, as well as for legal reasons together with the IP address and the time on our servers; we delete this information or restrict its processing if you withdraw your consent. Google uses personal data to personalise advertising, and cookies can be used for both personalised and non-personalised advertising. Further information can be found at https://policies.google.com/technologies/partner-sites?hl=de.

You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to fully use all functions of our services.

(g) Snapchat

On our Website we use the "Snapchat Pixel" of Snap Inc., 63 Market Street, Venice, CA 90291, USA ("Snapchat"). If you have consented via the cookie banner, the behaviour of users can be tracked by this for statistical and market research purposes in order to evaluate the effectiveness of Snapchat advertisements and to optimise advertising measures. The data is stored and processed by Snapchat, so that a connection to the respective user profile is possible if applicable, and Snapchat can use the data for its own advertising purposes in accordance with the Snapchat data use policy. You can enable Snapchat and its partners to display advertisements on and outside Snapchat. These processing operations take place exclusively on the granting of consent in accordance with Art. 6 (1) lit. a GDPR. Further information can be found in Snapchat's privacy policy at https://www.snap.com/de-DE/privacy/privacy-policy/.

(h) Facebook Business Tools and Facebook Ads Manager, transmission of event data

We use the Facebook Business Tools and the Facebook Ads Manager provided by Meta Platforms Ireland Limited (Ireland). These allow us to determine when and where advertisements are to be placed on Facebook, Instagram and on websites, and to track how successful our advertising campaigns are. In doing so, with your consent given via our cookie banner, Art. 6 (1) sentence 1 lit. f GDPR, we transmit so-called "event data" for the targeting of our advertising campaigns. This is done exclusively in hashed form. This data includes in particular email address, postal code and city.

Via the Facebook Business Tools, third parties, including Meta Platforms Ireland Limited, may use cookies, web beacons and other storage technologies to collect or receive information from our websites and other places on the internet, and then use this information to provide measurement solutions and ad targeting.

(i) Meta Platforms Ireland Limited Retargeting (Website Custom Audience)

A pixel of Meta Platforms Ireland Limited is integrated into this Website (Website Custom Audience pixel). Provided you have given your consent, this pixel is used by us and Meta Platforms Ireland Limited under joint controllership to collect information about the use of this Website (e.g. information about articles viewed) and transmit it to Meta Platforms Ireland Limited. This information can be assigned to your person with the help of further information that Meta Platforms Ireland Limited has stored about you, e.g. due to your account on the social network "Facebook". On the basis of the information collected via the pixel, interest-based advertisements about our offers can be displayed to you in your Facebook account (retargeting). The information collected via the pixel can also be aggregated by Meta Platforms Ireland Limited and the aggregated information can be used by Meta Platforms Ireland Limited for its own advertising purposes and for advertising purposes of third parties. For example, Meta Platforms Ireland Limited can deduce certain interests from your surfing behaviour on this Website and also use this information to advertise offers of third parties. Meta Platforms Ireland Limited can also combine the information collected via the pixel with further information that Meta Platforms Ireland Limited has collected about you via other websites and/or in connection with the use of the social network "Facebook", so that a profile about you can be stored at Meta Platforms Ireland Limited. This profile can be used for advertising purposes. Meta Platforms Ireland Limited is solely responsible for the permanent storage and the further processing described of the tracking data collected via the Website Custom Audience pixel used on this Website. The legal basis for this data processing is Art. 6 (1) sentence 1 lit. a GDPR.

You can find more information on data protection at Meta Platforms Ireland Limited here: https://www.facebook.com/policy.php. Here you will also find the option to assert your data subject rights (e.g. right to erasure) towards Meta Platforms Ireland Limited. You can withdraw consent to the transmission of data to Meta Platforms Ireland Limited through the use of the pixel on this Website at https://www.youronlinechoices.com/de/praferenzmanagement/.

(j) X

This Website includes functions of the X service. These functions are offered by X International Limited (Ireland) ("X"). Through the use of X and the "Retweet" function, the websites you visit are linked to your X account and disclosed to other users. In doing so, data is also transmitted to X. Your internet browser establishes a direct connection to the servers of X for this purpose and transmits data to X. We point out that we receive no knowledge of the content of the data transmitted or its use by X.

Further information on this can be found in X's privacy policy: https://X.com/privacy. You can change your privacy settings on X at https://x.com/account/settings.

(k) TikTok

On this website we use a pixel of the provider TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, jointly with TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn, London, WC2B 6NH, United Kingdom). This is a code which we have implemented on our page. With the help of this code, provided you consent, a connection with the TikTok servers is established when you visit our website in order to track your behaviour on our website. Personal data such as the IP address and other information such as device ID, device type and operating system can also be transmitted to TikTok. TikTok uses email addresses or other login or device information to identify the users of our website and to assign their actions to a TikTok user account.

TikTok uses this data to display targeted and personalised advertising to its users and to create interest-based user profiles. The data collected is only usable for us within the scope of measuring the effectiveness of advertisement placements.

In principle, your data is processed within the EU or the EEA. For this purpose, a corresponding data protection agreement has been concluded with TikTok. If personal data is transferred to countries outside the EU or the EEA, TikTok uses the so-called standard contractual clauses, provided that the personal data is not transferred to countries for which an adequacy decision of the European Commission exists.

You can find TikTok's privacy policy here: https://www.tiktok.com/legal/privacy-policy-eea.

(l) TikTok Business Tools and TikTok Ads Manager, transmission of event data

We also use the TikTok Business Tools and the TikTok Ads Manager of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. These allow us to determine when and where advertisements are to be placed and to track how successful our advertising campaigns are. In doing so, with your consent given via our cookie banner, Art. 6 (1) sentence 1 lit. f GDPR, we transmit so-called "event data" for the targeting of our advertising campaigns. This is done exclusively in hashed form. This data includes in particular email address, postal code and city.

Via the TikTok Business Tools, third parties, including TikTok Technology Limited (Ireland), may use cookies, web beacons and other storage technologies to collect or receive information from our websites and other places on the internet, and then use this information to provide measurement solutions and ad targeting.

(m) Google Enhanced Conversions

With your consent, Art. 6 (1) sentence 1 lit. a GDPR, hash values of first-party data available to us (in particular names or email addresses) are sent to Google for the use of "Google Enhanced Conversions", which enables us to determine how successful our advertising measures and other online activities are. The recipient of the personal data is Google Ireland Limited, whose data protection provisions are available at https://policies.google.com/privacy?hl=en and https://policies.google.com/technologies/cookies?hl=de. Further settings can be accessed at https://safety.google/privacy/privacy-controls/.

(o) Klaviyo

With your consent, Art. 6 (1) sentence 1 lit. a GDPR, and our legitimate interest, we transmit the data available to us (in particular names and email addresses) and your activities on our Website to Klaviyo for the purpose of automated marketing communication. The recipient of the personal data is Klaviyo, whose data protection provisions are available at https://www.klaviyo.com/legal/privacy/privacy-notice.

7. Use of our online shop

(a) General

You can order via our online shop as a guest, i.e. without registering. Optionally, you can also create a customer account ("Account"). This has the advantage that, in the event of a future order, you can log in directly to your account by entering your email address and a password without having to re-enter your contact data. You also enjoy further advantages, e.g. you can call up your order history at any time. In the following, we inform you about the data processing in connection with an order as a guest as well as about the data processing in connection with an account.

(b) Ordering as a guest

If you wish to order in our online shop as a "guest", it is necessary for the conclusion of the contract that you provide the data we need to process your order. The mandatory information is marked separately; in detail, this concerns:

  • Salutation, first name, surname,
  • Email address,
  • Address.

Further details, such as your telephone number, are voluntary. Voluntary information can help us to improve our customer service, e.g. by enabling us to contact you at short notice in the event of queries about your order.

(c) Creating an account

You can also voluntarily create a user account ("Account") through which we can store personal data concerning you for further later purchases. When creating an account, we also ask for the data we need for ordering as a guest (see above under (b)). In order to be able to identify you, you must also store a password of your own choice. The accounts are not public and cannot be indexed by search engines. If you have created an account, you can delete it at any time.

(d) Data processing in the case of an order

When you place an order, we will process not only the personal data requested from you but also the contract data (e.g. goods ordered, payment information, etc.).

We may also offer the option of personalising products ordered in the online shop. Insofar as you use personal data for this personalisation, we process this on the basis of Art. 6 (1) sentence 1 lit. b GDPR. If you use personal data of third parties for this purpose, please ensure that they have no objection to the use.

We process the data provided by you and the contract data only on your order or – in the case of an account – on your registration, and for the purpose of the proper processing of your order and for the bilateral fulfilment of obligations from the purchase contract. The legal basis for this is Art. 6 (1) sentence 1 lit. b GDPR.

In the course of processing your order, we send you emails. These contain technologies such as pixels that enable us to determine whether you have opened these emails. In particular, we can detect delivery problems for these emails. If you do not wish this, you can set your email software so that graphics are not loaded automatically. The legal basis for our processing is Art. 6 (1) sentence 1 lit. f GDPR.

(e) Storage of personal data

Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years; the legal basis is Art. 6 (1) sentence 1 lit. c GDPR. However, after two years we restrict the processing, i.e. personal data concerning you is only used to comply with the legal obligations. If you have terminated your account, its data will be deleted with regard to the account, subject to its retention for commercial or tax law reasons in accordance with Art. 6 (1) sentence 1 lit. c GDPR.

(f) Disclosure of personal data to third parties

A disclosure of your personal data by us to third parties takes place on the basis of Art. 6 (1) sentence 1 lit. b GDPR and exclusively to the service partners involved in the processing of the contract, such as the logistics company commissioned with the delivery and the credit institution commissioned with payment matters or external payment service providers via whose service you and we can carry out payment transactions. This concerns, for example:

  • Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full),
  • Klarna (https://www.klarna.com/de/datenschutz/),
  • Visa (https://www.visa.de/bedingungen/visa-privacy-center.html),
  • Mastercard (https://www.mastercard.de/de-de/datenschutz.html),
  • Amex (https://www.americanexpress.com/de/legal/datenschutzrichtlinien.html),
  • Apple Pay (https://www.apple.com/de/legal/privacy/data/de/apple-pay/),
  • Google Pay (https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=de),
  • Maestro (https://www.mastercard.de/de-de/datenschutz.html),
  • Sofort (https://www.sofort.com/datenschutzhinweise/), and Shop Pay (https://www.shopify.com/de/legal/datenschutz).

In the cases of disclosure of your personal data to third parties, however, the scope of the data transmitted is limited to the necessary minimum.

(g) Option for social login

The so-called "social login" represents a supplement to the conventional login on our online offerings. Instead of your username and password, you can choose your favourite network from a list of various social networks with which you can identify yourself to us.

When you click on one of the buttons, a window of the selected network opens to ask you for your consent to access your personal profile by us. Depending on the network, you will also be informed which information of your profile we receive access to as soon as you grant the permission.

On our website, with this so-called two-click solution, we use the following social media plugins:

– Meta Platforms Ireland Limited (https://www.facebook.com/policy.php) – YouTube (Google Ireland Limited) (https://www.google.de/intl/de/policies/privacy) – PayPal (Europe) S.à r.l. et Cie, S.C.A. (https://www.paypal.com/webapps/mpp/ua/privacy-full)

For international data transfers in the course of these offerings, the so-called EU standard data protection clauses apply, which by decision of the European Commission provide appropriate safeguards (available at: Standard Contractual Clauses (SCC) (europa.eu)). Please contact us for further details, such as the text of the EU standard data protection clauses.

8. Information on the newsletter (email)

(a) General information on the email newsletter

We send newsletters as emails with promotional information about our products, offers, promotions and our company (hereinafter "Newsletter") only with your consent or a statutory permission, Art. 6 (1) sentence 1 lit. a and Art. 7 GDPR, Art. 6 (1) sentence 1 lit. f GDPR, as well as Section 7 (2) no. 3 or (3) of the German Act Against Unfair Competition (UWG). With the following information we inform you about the registration, dispatch and analysis procedures as well as your rights of objection.

(b) Registration for the email newsletter

To register for the email newsletter, it is sufficient if you provide your email address.

The registration takes place in a so-called double opt-in procedure. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with another person's email address.

The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes both the storage of the registration and confirmation time and the IP address. Likewise, changes to your data stored with us are logged.

(c) Analysis procedures for the email newsletter

On the basis of your consent, we can make the email newsletter even more relevant to you with personalised content. For this purpose, we process information collected through cookies on your user behaviour on the Website, which you reach via a link within the newsletters sent, and assign this information to your email address. The newsletter also contains pixels with which we receive receipt and read confirmations as well as information on the links you have clicked on. We use this information and our log files, also using artificial intelligence, to tailor the contents of our newsletter more precisely to your personal interests and preferences. The consent to the personalisation of the newsletter can be withdrawn at any time (e.g. by email to service@merme.de or to the contact details indicated in the legal notice or via a link in each newsletter that takes you to your preference centre). The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

(d) Termination of the email newsletter

You can terminate the receipt of our email newsletter at any time, i.e. withdraw your consent. The withdrawal of consent does not affect the lawfulness of the newsletter dispatch carried out on the basis of the consent until the withdrawal. A link for terminating the newsletter can be found at the end of each newsletter.

Upon unsubscribing from the newsletter, the personal data is deleted, unless its retention is legally required or justified, in which case its processing is limited to these exceptional purposes only. In particular, we can store the unsubscribed email addresses for up to three years on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR before deleting them for the purposes of newsletter dispatch in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

(e) Klaviyo

Klaviyo is a marketing automation service for online retailers of the provider Klaviyo, Inc., 125 Summer St, Boston, MA 02110, USA. We use the service for the design and dispatch of our email newsletter. In doing so, personal data (including IP address, email address) is processed on the basis of consent in accordance with Art. 6 (1) lit. a GDPR and is also transferred to third countries outside the EU/EEA (USA).

To ensure compliance with data protection requirements, we have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR. Klaviyo is certified under the EU-U.S. Data Privacy Framework (DPF) and has thus committed to comply with the data protection principles set out therein and assessed as adequate by the EU Commission when transferring personal data from the EU/EEA to the USA.

The provider's privacy notice can be viewed here: https://www.klaviyo.com/privacy/policy.

9. Our presences in social media, influencers

We also maintain corporate presences in social networks, such as Facebook and Instagram, to which we link on our Website. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of the respective operators apply, on which we have no influence. In this context, data may also be processed outside the European Union. For certain processing operations on Facebook, Meta Platforms Ireland Limited and we are so-called "joint controllers". Our data protection notices in the respective social networks provide you with further information on this.

For the activity of corporate influencers of MERME, the data protection notices in the respective networks apply.

10. Your rights as a data subject

(a) Right of access

You have the right to obtain information from us at any time upon request about the personal data concerning you that we process, to the extent of Art. 15 GDPR. To do so, you can submit a request by post or by email to the contact address indicated.

(b) Right to rectification of inaccurate data

You have the right to demand from us the immediate rectification of personal data concerning you in accordance with Art. 16 GDPR, if it is inaccurate. To do so, please contact the contact address indicated.

(c) Right to erasure

You have the right, under the conditions described in Art. 17 GDPR, to demand from us the erasure of personal data concerning you. These conditions provide in particular for a right to erasure if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erasure under Union law or the law of the Member State to which we are subject. To assert your right to erasure, please contact the contact address indicated.

(d) Right to restriction of processing

You have the right to demand from us the restriction of processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the case that the user, in the case of an existing right to erasure, demands restricted processing instead of erasure; furthermore, in the case that the data is no longer required for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection between us and the user is still in dispute. To assert your right to restriction of processing, please contact the contact address indicated.

(e) Right to data portability

You have the right to receive from us the personal data concerning you that you have provided to us, in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR. To assert your right to data portability, please contact the contact address indicated.

(f) Right to object

You have the right, on grounds relating to your particular situation, to object at any time, pursuant to Art. 21 GDPR, to the processing of personal data concerning you, which is carried out, among other things, on the basis of Art. 6 (1) sentence 1 lit. e or lit. f GDPR. We will cease the processing of your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing serves the assertion, exercise or defence of legal claims.

(g) Right of withdrawal (in the case of consent given)

You have the right to withdraw consent given pursuant to Art. 7 (3) GDPR with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

(h) Right to lodge a complaint

You also have the right to lodge a complaint with a supervisory authority for data protection. The supervisory authority responsible for us is:

Der Hessische Datenschutzbeauftragte (The Hessian Data Protection Commissioner) Gustav-Stresemann-Ring 1, 65189 Wiesbaden Postfach 31 63, 65021 Wiesbaden Telephone: +49 611 14080 Fax: +49 611 1408 – 900 Email: poststelle@datenschutz.hessen.de Internet: http://www.datenschutz.hessen.de

11. Update of the Privacy Policy

This Privacy Policy is dated July 2023. Changes to our offering may make it necessary to also amend this Privacy Policy. Please therefore inform yourself regularly about the contents of our Privacy Policy. We will also inform you as soon as the changes require an action on your part (e.g. consent) or other individual notification.