Privacy Policy

Protecting your personal data is particularly important to us at Mellow-Interior GmbH & Co. KG. You can generally visit our website without providing personal data. However, if you wish to use certain services—such as placing an order or registering—processing personal data may be required. In such cases, we process your data solely on a legal basis or obtain your explicit consent when necessary.

The processing of personal data—such as the name, address, email address, or telephone number of a data subject—is always carried out in compliance with the General Data Protection Regulation (GDPR) and in accordance with the national data protection regulations applicable to Mellow-Interior GmbH & Co. KG. This privacy policy aims to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, affected individuals are informed about their rights through this privacy policy.

As the data controller, Mellow-Interior GmbH & Co. KG has implemented numerous technical and organizational measures to ensure the most comprehensive protection possible for the personal data processed via this website. However, internet-based data transmissions may generally have security vulnerabilities, making absolute protection impossible. For this reason, every affected person is free to transmit personal data to us via alternative means—such as by telephone.

1. Definitions of Terms

The privacy policy of Mellow-Interior GmbH & Co. KG is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms in this privacy policy:

a) Personal Data

Personal data refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). A natural person is considered identifiable if they can be directly or indirectly identified, particularly through assignment to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics. These characteristics are an expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing

Processing is any operation or set of operations performed on personal data, whether by automated means or not. This includes the collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction of data.

d) Restriction of Processing

Restriction of processing refers to marking stored personal data to limit its future processing.

e) Profiling

Profiling is any form of automated processing of personal data used to evaluate certain personal aspects of a natural person, particularly to assess aspects related to work performance, economic status, health, personal preferences, interests, reliability, behavior, location, or movement patterns.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information. This additional information is stored separately and is subject to technical and organizational measures ensuring that the personal data is not assigned to an identified or identifiable natural person.

g) Controller or Data Controller

The controller or data controller is the natural or legal person, authority, institution, or other body that alone or jointly with others determines the purposes and means of processing personal data. If the purposes and means of this processing are specified by European Union law or the law of the Member States, the controller may be designated based on that law.

h) Processor

A processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller.

i) Recipient

A recipient is a natural or legal person, authority, institution, or other body to whom personal data is disclosed, regardless of whether it is a third party. However, authorities that may receive personal data under a specific investigation mandate under EU or Member State law are not considered recipients.

j) Third Party

A third party is a natural or legal person, authority, institution, or other body other than the data subject, the controller, the processor, and the persons authorized under the direct responsibility of the controller or processor to process personal data.

k) Consent

Consent is any voluntary, informed, and unambiguous expression of will by the data subject, given in the form of a statement or other clear affirmative action, by which the data subject indicates that they agree to the processing of their personal data.

2. Cookies

The websites of Mellow-Interior GmbH & Co. KG use cookies. Cookies are text files stored on a computer system via an internet browser. Many websites and servers use cookies. Many cookies contain a unique cookie ID—a string of characters that allows websites and servers to assign the specific internet browser where the cookie was stored.

By using cookies, Mellow-Interior GmbH & Co. KG can provide users with more user-friendly services that would not be possible without cookies. Cookies allow us to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, a website user who accepts cookies does not have to re-enter login details each time they visit, as this is handled by the cookie.

Users can prevent the setting of cookies at any time through their internet browser settings and thus permanently object to the setting of cookies. Already set cookies can be deleted at any time through the internet browser or other software programs. However, disabling cookies may result in some features of our website not functioning fully.

3. Collection of General Data and Information

Each time the website of Mellow-Interior GmbH & Co. KG is accessed by a data subject or an automated system, a range of general data and information is collected and stored in the server’s log files. This may include:

1. The browser types and versions used
2. The operating system used by the accessing system
3. The website from which an accessing system reaches our website (the "referrer")
4. The sub-websites accessed via an accessing system on our website
5. The date and time of access
6. An Internet Protocol (IP) address
7. The Internet Service Provider (ISP) of the accessing system
8. Other similar data and information used to prevent cyberattacks

This information does not allow Mellow-Interior GmbH & Co. KG to draw conclusions about the data subject. Instead, the information is required to:

1. Deliver the contents of our website correctly
2. Optimize our website and its advertising
3. Ensure the long-term functionality of our IT systems and website technology
4. Provide law enforcement authorities with the necessary information in the event of a cyberattack

This anonymously collected data is statistically evaluated to increase data protection and security within our company and to ensure an optimal level of security for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

4. Registration on Our Website

The data subject has the option to register on the website of the data controller (Mellow-Interior GmbH & Co. KG) by providing personal data. The specific personal data that is transmitted depends on the respective input fields used for registration. The personal data entered by the data subject is collected and stored exclusively for internal use and for the data controller’s own purposes. The data controller may arrange for the transfer to one or more processors, such as a parcel service provider, who also uses the personal data exclusively for internal purposes attributable to the controller (e.g., for shipping goods).

By registering on the website of Mellow-Interior GmbH & Co. KG, the IP address assigned by the Internet Service Provider (ISP) of the data subject, along with the date and time of registration, are also stored. The storage of this data is necessary to prevent the misuse of our services and to enable us, if required, to investigate potential offenses. Therefore, storing this data is necessary to protect the data controller.

The registration of the data subject by voluntarily providing personal data allows Mellow-Interior GmbH & Co. KG to offer content or services that, due to their nature, can only be provided to registered users (e.g., access to order history, faster checkout processes, the use of a wishlist, etc.). Registered persons are free to modify the personal data they provided during registration at any time or have it deleted entirely, provided that no statutory retention obligations prevent this.

The data controller provides information upon request to each data subject regarding which personal data is stored about them. Additionally, the data controller will correct or delete personal data upon request or notice from the data subject, provided that no statutory retention obligations prevent this. All employees of our company are available as contact persons for this purpose.

5. Subscription to Our Newsletter

Users on the website of Mellow-Interior GmbH & Co. KG are given the opportunity to subscribe to our company’s newsletter. The personal data transmitted when subscribing to the newsletter is determined by the input field used for this purpose (usually just the email address).

When signing up for our newsletter, we use the so-called double opt-in procedure: A confirmation email is first sent to the data subject's initially registered email address for legal reasons. This confirmation email serves to verify whether the owner of the email address has authorized receipt of the newsletter. The email address will only be added to our distribution list after this confirmation.

Mellow-Interior GmbH & Co. KG regularly informs customers and business partners about offers through a newsletter. The company’s newsletter can only be received by the data subject if:

1. The data subject has a valid email address, and
2. The data subject has registered to receive the newsletter and consented to receive it.

When signing up for the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP) to the computer system used by the data subject at the time of registration, along with the date and time of registration. The collection of this data is necessary to trace any potential misuse of an email address at a later time and serves our legal protection.

The personal data collected when signing up for the newsletter is used exclusively for sending our newsletter. Additionally, newsletter subscribers may be informed via email if this is necessary for the operation of the newsletter service or a related registration (e.g., in case of changes to the newsletter service or changes to technical conditions).

No transfer of personal data collected for the newsletter service to third parties takes place.

Newsletter subscriptions can be canceled by the data subject at any time. Consent to the storage of personal data for the newsletter subscription can also be revoked at any time. Each newsletter contains an unsubscribe link for this purpose. Furthermore, there is an option to unsubscribe directly via our website or by notifying us in another way.

6. Newsletter Distribution via Shopify Email

The distribution of our newsletter is carried out using Shopify Email, an email sending platform provided by Shopify International Ltd. (Ireland) and Shopify Inc. (Canada). The data stored when signing up for the newsletter (email address, if applicable, name, registration time, and IP address) is stored on Shopify's servers. Shopify processes this information for the purpose of sending and analyzing the newsletters on our behalf.

Further information on Shopify's data protection can be found in the Shopify Privacy Policy (available at: https://www.shopify.com/legal/privacy).

We have signed a Data Processing Agreement (DPA) with Shopify, which obliges Shopify to protect our newsletter subscribers’ data and process it exclusively on our behalf in compliance with applicable data protection regulations. Shopify does not share this data with third parties.

7. Newsletter Tracking

The newsletters sent by Mellow-Interior GmbH & Co. KG contain tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format that enables log file recording and analysis. This allows for statistical analysis of the success or failure of online marketing campaigns.

Using the embedded tracking pixel, Mellow-Interior GmbH & Co. KG can detect:

• Whether and when an email was opened by a data subject, and
• Which links in the email were clicked by the data subject.

The personal data collected via the tracking pixels in our newsletters is stored and analyzed by Mellow-Interior GmbH & Co. KG to optimize newsletter distribution and better tailor future newsletters to the interests of the data subject. This data is not shared with third parties.

Data subjects are entitled to withdraw their consent to newsletter tracking at any time. If consent is revoked, this tracking data will be deleted.

A newsletter unsubscribe request is automatically interpreted as a withdrawal of consent for tracking.

8. Contact via the Website

The website of Mellow-Interior GmbH & Co. KG contains legal provisions requiring the inclusion of information that enables quick electronic contact with our company and direct communication with us. This includes a general email address.

If a data subject contacts the data controller via email or a contact form, the personal data voluntarily provided by the data subject is automatically stored. Such personal data (e.g., name, email address, telephone number, and message content), transmitted on a voluntary basis, is stored for the purposes of processing the request or contacting the data subject.

No transfer of this personal data to third parties occurs unless required for processing the request and legally justified.

If the contact request is related to pre-contractual measures (e.g., inquiries about our products before making a purchase) or an existing contract, the processing is based on Art. 6(1)(b) GDPR (fulfillment of a contract or pre-contractual measures).

For other inquiries, the processing is based on Art. 6(1)(f) GDPR (our legitimate interest in efficiently handling customer inquiries). The data subject has the right to object to the processing of their data at any time (see "Rights of the Data Subject" below).

9. Routine Deletion and Blocking of Personal Data

Mellow-Interior GmbH & Co. KG processes and stores personal data of data subjects only for the period necessary to achieve the purpose of storage or as required by European regulations or other applicable laws.

If the purpose for storage ceases to apply or a legally mandated storage period expires, the personal data is routinely blocked or deleted in accordance with legal requirements.

10. Rights of the Data Subject

Under the General Data Protection Regulation (GDPR), data subjects have various rights. If a data subject wishes to exercise any of the following rights, they can contact us at any time.

a) Right to Confirmation

Each data subject has the right to request confirmation from the data controller as to whether their personal data is being processed.

b) Right of Access

Each data subject has the right to obtain free information about the personal data stored about them, as well as a copy of this information. Additionally, data subjects have the right to request information about:

• The purposes of the processing
• The categories of personal data processed
• The recipients or categories of recipients to whom the personal data has been or will be disclosed, especially recipients in third countries or international organizations
• If possible, the intended storage duration of personal data or, if not possible, the criteria for determining this duration
• The existence of a right to rectification, erasure, restriction of processing, or objection to processing
• The right to lodge a complaint with a supervisory authority
• If the personal data was not collected directly from the data subject: all available information about the source of the data
• The existence of automated decision-making, including profiling under Art. 22(1) and (4) GDPR, and—at least in these cases—meaningful information about the logic involved, as well as the significance and intended consequences of such processing for the data subject

Furthermore, if personal data is transferred to a third country or international organization, the data subject has the right to be informed about the appropriate safeguards related to the transfer.

Requests to exercise this right can be directed to Mellow-Interior GmbH & Co. KG at any time.

c) Right to Rectification

Each data subject has the right to request the immediate correction of inaccurate personal data concerning them. Additionally, they have the right to request the completion of incomplete personal data, considering the purpose of processing—including through a supplementary statement.

d) Right to Erasure ("Right to Be Forgotten")

Each data subject has the right to request that the data controller immediately delete their personal data, provided one of the following reasons applies and further processing is not necessary:

• The personal data is no longer required for the purposes for which it was collected or otherwise processed.
• The data subject withdraws their consent on which the processing was based under Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and no other legal basis for processing exists.
• The data subject objects to processing under Art. 21(1) GDPR, and there are no overriding legitimate grounds for processing, or the data subject objects to processing for direct marketing purposes under Art. 21(2) GDPR.
• The personal data was unlawfully processed.
• The deletion of personal data is necessary to comply with a legal obligation under EU law or the law of the Member States.
• The personal data was collected in relation to services offered by an information society under Art. 8(1) GDPR (e.g., data collected from minors).

If Mellow-Interior GmbH & Co. KG has made personal data public and is obliged under Art. 17(1) GDPR to delete the personal data, we will take reasonable technical measures to inform other data controllers processing the data that the data subject has requested deletion of all links to, copies, or replications of this data, unless further processing is required.

e) Right to Restriction of Processing

Each data subject has the right to request that the data controller restrict the processing of their personal data if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject for a period allowing the controller to verify its accuracy.
• The processing is unlawful, but the data subject opposes erasure and instead requests restriction of use.
• The controller no longer needs the personal data for processing purposes, but the data subject requires it to establish, exercise, or defend legal claims.
• The data subject has objected to processing under Art. 21(1) GDPR, and it is not yet clear whether the controller's legitimate grounds override those of the data subject.

f) Right to Data Portability

Each data subject has the right to receive the personal data they provided to the controller in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance, provided the processing is based on consent under Art. 6(1)(a) GDPR or a contract under Art. 6(1)(b) GDPR and is carried out by automated means.

Upon request, the data subject can have their personal data transferred directly from one controller to another, where technically feasible.

g) Right to Object

Each data subject has the right to object to the processing of their personal data at any time for reasons related to their particular situation, when the processing is based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

If a data subject objects to processing for direct marketing purposes, Mellow-Interior GmbH & Co. KG will immediately cease processing the data for this purpose.

h) Right to Withdraw Consent

Each data subject has the right to withdraw their consent to data processing at any time. The withdrawal of consent does not affect the legality of processing carried out before the withdrawal.

11. Privacy Policy on the Use and Application of the Shopify Online Store Platform

Our online shop is operated via the Shopify e-commerce platform. This means that personal data collected on our website is stored on Shopify’s servers and processed by Shopify on our behalf. Shopify is offered by Shopify International Ltd., Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland. For users in the European Economic Area, this Irish company is responsible for data protection matters. Additionally, Shopify Inc., 151 O’Connor Street, Ground Floor, Ottawa, Ontario K2P 2L8, Canada, may also be involved as the parent company.

As a Canadian company, Shopify Inc. is subject to a level of data protection recognized as adequate by the EU (adequate protection under Canadian data protection laws based on an adequacy decision by the EU Commission). Where data processing occurs in the USA or other third countries, Shopify or its affiliates ensure compliance with European data protection standards via standard contractual clauses or participation in appropriate agreements.

Further information on Shopify’s data protection can be found in the Shopify Privacy Policy (link in section 6 above).

Shopify processes, on our behalf, all data you provide via the online shop or that arises during the ordering process. This includes, in particular:

• Contact data (name, address, email address, phone number)
• Order data (products ordered, sizes, prices, payment details)
• Technical data (IP address, browser details, device information)

The processing of this data via Shopify serves the purpose of contract fulfillment (operation of the online store, order and payment processing, shipping of goods) and the technical provision of our website. Shopify may also use cookies and similar technologies to provide its services (e.g., to store your cart or maintain your login session). These cookies are typically essential for the functionality of the shop (see section 2 on cookies).

We have signed a data processing agreement with Shopify in accordance with Art. 28 GDPR, which obliges Shopify to protect customer data and only process it according to our instructions. Shopify is contractually required to implement appropriate technical and organizational measures to protect your data.

By using our online store, you agree to the processing of your personal data within the Shopify platform as described. The operation of our online store would not be possible without using Shopify as a technical service provider.

12. Privacy Policy on the Use and Application of Lexware Office (Lexoffice)

We use Lexware Office software (also known as Lexoffice) from Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany for our accounting, invoicing, and financial management. In this context, personal data from your orders is processed and stored by the Lexware software. This includes, in particular:

• Billing and contact information (name, address, if necessary, date of birth in legally required cases, email address)
• Details about purchased products, prices, payment, and delivery information

Your data is processed in Lexware Office for the purpose of contract execution (creating invoices, managing payments) and to fulfill our legal obligations (especially commercial and tax-related retention and documentation under Art. 6(1)(c) GDPR).

Your data is stored in high-security data centers in Germany, certified according to ISO 27001 and other relevant security standards. This ensures the protection of your data according to modern security standards.

We have entered into a data processing agreement with Haufe-Lexware under Art. 28 GDPR (as far as the software is used as a cloud service). This ensures that your data is processed solely in compliance with European data protection laws.

Your accounting data is not shared with third parties, except when legally required (e.g., to tax authorities or our tax advisors).

More information on data protection and security at Lexware Office can be found on the Lexware or Lexoffice websites (e.g., https://www.lexoffice.de/auftragsverarbeitung/ and https://office.lexware.de).

13. Privacy Policy on the Transfer of Data to Shipping Service Providers (Post & DHL)

To deliver orders and goods, we cooperate with logistics companies, particularly with the Deutsche Post DHL Group. If you place an order in our shop, your name and delivery address, and—if necessary—email address and phone number for delivery purposes, are shared with the respective shipping provider.

The primary shipping provider is:

DHL Paket GmbH
Sträßchenweg 10,
53113 Bonn,
Germany

(A company of Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany)

DHL or Deutsche Post uses this data exclusively to fulfill the delivery agreement—i.e., to deliver the shipment to you and, if necessary, to coordinate delivery times or provide tracking information.

The legal basis for this data transfer is Art. 6(1)(b) GDPR (contract fulfillment), as providing the shipping provider with your address is essential for delivering the goods you ordered.

DHL may send shipment notifications or package tracking information to your email address, provided this is necessary for contract performance or with your consent.

Your data will not be used for other purposes by the shipping providers and will be deleted after delivery and the expiration of any applicable legal retention periods.

More information on data protection at Deutsche Post DHL can be found on their respective websites (e.g., data privacy notices on the DHL site).

14. Privacy Policy on the Use and Application of the AccessPro Accessibility Tool

We have integrated the AccessPro Accessibility Widget on this website to improve the accessibility of our online shop in accordance with applicable guidelines (e.g., WCAG, ADA). This tool is provided as an app via the Shopify platform (developed by Entangle Commerce). It enables users with disabilities or specific needs to use our website more easily (e.g., by adjusting font sizes, contrast, keyboard navigation, etc.).

Each time one of our web pages with the AccessPro Accessibility Widget is accessed, the browser you use is instructed to load the relevant components of the accessibility tool from the provider’s server. In doing so, the provider may obtain certain technical information, especially your IP address (since this is necessary for transmitting the content).

Additionally, the AccessPro tool may store settings you make (such as selected contrast levels or font sizes) in the form of cookies or in your browser’s local storage, in order to restore those settings during your next visit.

To our knowledge, AccessPro does not collect or transmit any personal data in the sense of identifiable information about you as a user. The use is limited to providing the described functions on your device. Should the tool collect data in individual cases, this is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, namely to make our website accessible and usable for all users and to meet any legal accessibility requirements.

The AccessPro Accessibility Tool is used solely for user-friendliness and accessibility purposes. Your data is not used for advertising or analytics within the scope of this service. Further information about the tool's functionality may be found in the developer's privacy policy or on the Shopify App Store page of the tool.

15. Privacy Policy on the Use and Application of NA Age Verification

Our website uses the NA Age Verification feature (provided as an app by Northern Apps) to ensure that only adults can access certain content or products. This age verification component displays a pop-up window when you enter our site asking you to confirm your age (e.g., by clicking "Yes, I am 18 or older").

When you confirm your age, NA Age Verification sets a cookie in your browser that stores the information that access has been granted for a user in your browser. This cookie does not contain any personal data like names or birth dates, but merely a technical confirmation (e.g., a token or a true/false value). This prevents you from having to reconfirm your age on every visit.

If you decline the age confirmation (or are underage), access to age-restricted areas will be blocked.

In the context of the age query itself, no data is permanently transmitted to our servers, apart from the fact of whether a visitor confirmed the age positively or not. The user’s IP address is transmitted as technically necessary during website use, but it is not stored or analyzed specifically in connection with age verification.

In some cases, the app developer Northern Apps may receive statistical data (e.g., how often the age check is used), but without reference to individual persons.

Age verification is conducted to protect minors and is based on Art. 6(1)(f) GDPR (our legitimate interest as a website operator to comply with legal youth protection regulations). If a legal obligation exists for age verification for specific products (e.g., alcohol, certain chemicals), the processing is also based on Art. 6(1)(c) GDPR (legal obligation).

The age verification cookie is stored for a limited time (typically for the duration of your session or a few days, depending on the settings) and can be deleted at any time via your browser settings.

16. Privacy Policy on the Use and Application of Judge.me Product Reviews

We have integrated the Judge.me Reviews system on our website. This allows customers to submit reviews for our products and view reviews from other customers. This service is provided by Judge.me Ltd., c/o Buckworths, 2nd Floor, 1–3 Worship Street, London EC2A 2AB, United Kingdom.

When you submit a product review on our site, the data you provide is transmitted to Judge.me and stored on their servers. Typically, Judge.me collects the following data for a review:

• Your name or a chosen display name (which may be pseudonymous)
• Your email address
• Possibly your order number or product information (to verify that you purchased the product)
• Your review (text, star ratings)
• Date and time of the review

Judge.me processes and publishes this data on our behalf on our product pages so that other customers can see your review. Your email address will not be publicly displayed, but may be used to link your review to a real purchase or to contact you with questions about your review.

Judge.me also receives information about your use of our website in connection with the review process, such as visiting a specific product page to leave a review. This can be done technically via JavaScript or cookies from Judge.me.

The data transfer to Judge.me is based on Art. 6(1)(a) GDPR (consent), if you actively leave a review and consent to the processing. Further processing operations related to the display of reviews may be based on Art. 6(1)(f) GDPR (legitimate interest in offering a transparent and informative review system to our customers).

The United Kingdom (UK) is considered a third country under data protection law. However, there is an adequacy decision by the EU Commission for the UK, meaning that personal data enjoys a level of protection comparable to EU law. Judge.me’s servers are typically located in the UK or other secure third countries.

We have signed a data processing agreement with Judge.me that obligates them to protect our customers’ data under the GDPR and process it only for the stated purposes. Judge.me uses the provided data exclusively to operate the review system (e.g., to send a review request after a purchase, if you consented, or to display your review). Judge.me does not use the data for its own purposes such as advertising.

Note: You have the right to object to the processing of your personal data related to the Judge.me review system at any time with effect for the future. If you do not want us to transmit your email address to Judge.me or have your review displayed on our website, please let us know. We will not use your data for the review system, or, if already published, we will delete or anonymize your review upon request.

Further information on data protection at Judge.me can be found in their privacy policy (available at https://judge.me/privacy).

17. Privacy Policy on the Use and Application of Google Analytics (with IP Anonymization)

The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics involves the collection, gathering, and evaluation of data about the behavior of website visitors. A web analysis service collects, among other things, data about which website a person came from (the so-called referrer), which subpages were accessed, or how often and for how long a subpage was viewed. Google Analytics is mainly used to optimize our website and conduct a cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses cookies (see section 2) that are stored on the data subject’s computer system. Through these cookies, Google can analyze how the website is used. We use the extension "_gat._anonymizeIp" for web analysis via Google Analytics. Through this extension, the IP address of the internet connection of the data subject is shortened and anonymized by Google when accessing our website from a member state of the European Union or another contracting state of the European Economic Area.

The purpose of using Google Analytics is to analyze visitor traffic on our website. Google uses the data and information obtained to, among other things, evaluate the use of our website, compile online reports for us showing activities on our pages, and provide other services related to website use.

Google Analytics sets multiple cookies in your browser during a visit to our website (also see section 2). Each time a single page of our site that contains a Google Analytics component is accessed, the browser on the data subject’s system is automatically prompted to transmit data to Google for online analysis. In this technical process, Google receives personal data—such as the IP address—which allows them to track the origin of visitors and clicks (e.g., whether someone came to us via a Google ad) and to process billing for commissions.

Cookies store, among other things, personal information, such as the time of access, location from which access originated, and the frequency of visits to our website. With each visit to our site, this data—including the shortened IP address—is transmitted to Google in the United States and stored there. Google may pass on this personal data collected via the technical procedure to third parties.

You can prevent cookies from being set by our website (and thus also by Google Analytics) at any time by changing your browser settings (see section 2). You can also delete already set cookies at any time via your browser or other software.

Additionally, you can object to and prevent the collection of data generated by Google Analytics that is related to the use of our website. For this purpose, you can download and install a browser add-on available from Google at: https://tools.google.com/dlpage/gaoptout. This add-on tells Google Analytics via JavaScript that no data about your visit to the website may be transmitted to Google Analytics. Installing the browser add-on is considered an objection. If your system is later deleted, formatted, or reinstalled, you must reinstall the add-on. If the add-on is uninstalled or disabled, you can reinstall or reactivate it.

Alternatively, instead of using the browser add-on—or when browsing on mobile devices—you can click here (opt-out link) to prevent Google Analytics from collecting data on this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you will need to click the link again. (Depending on implementation, an appropriate link or button is provided on our site.)

More information and the applicable privacy policy of Google can be found at:

• https://www.google.de/intl/de/policies/privacy/
• https://www.google.com/analytics/terms/de.html
  Details about Google Analytics are available at:
• https://marketingplatform.google.com/intl/de/about/analytics/

18. Privacy Policy on the Use and Application of Shopify Inbox (Chat Function)

We use Shopify Inbox on our website, a live chat and messaging service provided by Shopify. Through Shopify Inbox, you can chat with us in real-time or asynchronously, ask questions, and receive support.

When using the chat function, the data and messages you enter are processed by Shopify and forwarded to us.

The following data is typically processed when using Shopify Inbox:

• Your chat name (if provided)
• Your email address (if provided, e.g., to receive a copy of the chat or a response)
• The content of chat messages
• Date and time of communication
• Technical information such as your IP address, browser type, and possibly device data

This data is necessary to answer your inquiries and operate the chat service.

Communication via Shopify Inbox is encrypted. Shopify processes the chat data as our processor under Art. 28 GDPR, secured by our data processing agreement with Shopify (see section 11). Chat contents are stored in our Shopify admin area and on Shopify’s servers. We use chat logs solely for handling your inquiry and, if necessary, for internal training or quality assurance.

The legal basis for processing chat data depends on the content of your request:

• If the chat relates to initiating or executing a contract (e.g., product or order questions), the legal basis is Art. 6(1)(b) GDPR.
• In other cases, we rely on Art. 6(1)(f) GDPR—our legitimate interest in communicating with site visitors and answering their questions efficiently.

You have the right to object to processing in the latter case for reasons related to your particular situation (see your rights in section 10g).

Please do not enter sensitive data (e.g., credit card numbers or health data) in the chat. We do not request such data via chat. If personal data is required, we may refer you to more secure communication channels.

19. Privacy Policy on the Use and Application of YouTube Components

Mellow-Interior GmbH & Co. KG has integrated components from YouTube on this website to provide product videos or other multimedia content. YouTube is an online video platform that allows video publishers to upload video clips for free and for users to view, rate, and comment on them.

The operating company of YouTube is:
YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
(a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

As with other Google services, data may be transmitted to the USA. However, Google (and thus YouTube) has joined the EU-US Data Privacy Framework, ensuring an adequate level of data protection for transfers to the USA.

We have implemented video embeds as privacy-friendly as possible (usually in extended privacy mode, so YouTube only sets cookies once a video is played).

Each time a page containing a YouTube video is accessed, your browser loads the corresponding YouTube player component, and YouTube is informed about which specific page you are visiting. If you are logged in to YouTube at the same time, YouTube recognizes which video you are watching and assigns this information to your personal YouTube account—regardless of whether you click on the video or not.

When you play a video, your browser connects to YouTube’s servers, and additional data flows (such as video streaming) occur.

If you're logged into YouTube/Google while visiting our site, YouTube can directly associate your browsing activity with your account. To prevent this, log out before visiting our website.

YouTube receives information such as your IP address and page view, even if you're not logged in or don’t have a YouTube account. This data may be used for statistics, service improvement, or abuse prevention. It may also be used to personalize advertising across YouTube or other Google platforms.

We, as the site operator, have no control over how YouTube/Google processes this data. For more information, refer to their privacy policy:
https://www.google.de/intl/de/policies/privacy/
You can also control how your data is used via your Google account settings.

The legal basis for embedding YouTube is usually Art. 6(1)(f) GDPR (legitimate interest in appealing presentation and effective communication via video). Where consent is required (e.g., when loading an external video for the first time), the embed is done only after your consent under Art. 6(1)(a) GDPR. Consent can be withdrawn at any time (e.g., by reloading the page or deleting YouTube cookies).

20. Privacy Policy on the Use and Application of Shopify Flow (Automation Tool)

In our shop system, we use Shopify Flow, an automation tool provided by Shopify. It helps us automate certain processes in the online shop to improve efficiency. Shopify Flow allows us to set up automatic workflows, such as:

• Sending an email when an order status changes
• Managing stock
• Automatically tagging customer accounts
• Triggering internal notifications

These automations are performed within the Shopify system (see section 11). No external data recipients are involved. For example, based on your order data (name, product, date), Shopify Flow may automatically mark an order as "paid," tag an account, or notify staff.

Shopify Flow does not collect new personal data, but simply processes existing data based on predefined rules. There is no fully automated decision-making that has legal effects or significantly affects you (under Art. 22 GDPR). Shopify Flow does not decide on contract conclusions or cancellations—only actions like sending notifications.

The legal basis depends on the underlying process:

• If it serves contract fulfillment, it’s based on Art. 6(1)(b) GDPR.
• If it's about internal optimization, it relies on Art. 6(1)(f) GDPR (legitimate interest in efficient workflows).

For you, this means faster service and smoother operations. Your rights to information and transparency are not affected. Contact us if you want to know which automated processes affect your data.

 

21. Privacy Policy for the Use of Facebook and Instagram

We use plugins and services from the social networks Facebook and Instagram on our website to display relevant content, manage targeted advertising campaigns, and design our website attractively. These services are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as "Meta").

When you visit our website, which integrates elements from Facebook or Instagram (such as "Like" buttons, Instagram feeds, or Facebook Pixel), a connection to Meta's servers is automatically established. Data such as your IP address, device information, browser type and version, date and time of your visit, and the pages you visit on our website may be transmitted to Meta. If you are logged into Facebook or Instagram while visiting our website, Meta can associate this information with your user profile. If you interact with the plugins, for example by sharing a post or clicking "Like," this information will be transmitted directly to Meta and stored there.

We use the service "Facebook Pixel" to track your activities on our website, display personalized advertisements on Facebook and Instagram, and measure the effectiveness of our advertising campaigns. In doing so, Meta processes usage data from our website and may link this data to your Facebook or Instagram account if you are logged into these services.

Your data is processed based on your explicit consent (Article 6(1)(a) GDPR), which you can withdraw at any time. Consent is typically given through our cookie consent (consent banner). Further information on Meta's data processing practices and instructions on how to manage your privacy settings on Facebook and Instagram can be found in Meta's privacy policy at:

Facebook: https://www.facebook.com/privacy/explanation

Instagram: https://help.instagram.com/519522125107875

Meta may also transfer personal data to servers outside the EU, particularly in the USA. For this purpose, Meta has implemented suitable safeguards such as standard contractual clauses and participates in the EU-US Data Privacy Framework to ensure European data protection standards.

You can prevent the connection between your Facebook or Instagram profile and our website by logging out of Facebook and Instagram before visiting our website or by disabling the corresponding cookies in your browser.

22. Legal Basis for Processing

The processing of personal data at Mellow-Interior GmbH & Co.KG is based on various legal grounds pursuant to Art. 6 GDPR, depending on the type and purpose of processing:

Consent (Art. 6 (1)(a) GDPR): When we obtain your consent for specific processing activities (e.g., newsletter subscription, participation in marketing campaigns, non-essential cookies), this consent forms the legal basis. You have the right to withdraw your consent at any time with future effect (see section 10h).

Contract Performance or Pre-contractual Measures (Art. 6 (1)(b) GDPR): If the processing of personal data is necessary to fulfill a contract to which you are a party, we base our processing on this. This applies especially to orders in our online shop (processing purchase contracts, delivery, payment) or inquiries aimed at concluding a contract. Necessary processing related to the registration of your customer account also falls under this category.

Legal Obligation (Art. 6 (1)(c) GDPR): Mellow-Interior GmbH & Co.KG is subject to various legal obligations (e.g., commercial and tax-related retention obligations, product-specific statutory requirements). Where we must process personal data to comply with these legal obligations (e.g., storing invoice data for 10 years pursuant to §147 AO, §257 HGB), the processing is based on Art. 6 lit. c. Providing information to authorities within the framework of statutory disclosure obligations also falls under this.

Vital Interests (Art. 6 (1)(d) GDPR): In rare cases, processing personal data may be necessary to protect vital interests of the data subject or another natural person. This could be the case, for example, if a visitor is injured on our premises and we must provide their name or relevant medical information to doctors or hospitals.

Public Task (Art. 6 (1)(e) GDPR): This scenario typically does not apply to us as we are not a public authority. We do not process data to perform a task carried out in the public interest unless specifically required by law.

Legitimate Interests (Art. 6 (1)(f) GDPR): If none of the above legal bases apply, we may process data based on our legitimate interests or those of a third party. We only do this if your interests, fundamental rights, or freedoms requiring data protection do not override these interests. Such legitimate interests may include improving our services, ensuring IT security, enforcing legal claims, direct marketing to existing customers, or preventing fraud. Recital 47 sentence 2 GDPR explicitly mentions that legitimate interests may exist if you are a customer of our company.

23. Legitimate Interests Pursued by the Controller or Third Party

When processing personal data is based on Art. 6 (1)(f) GDPR, our legitimate interest lies in conducting our business activities for the benefit of the well-being of all our employees and shareholders, as well as customer satisfaction. This specifically includes economic interests (such as efficient operation of the online shop), security interests (protection against misuse, fraud, data security assurance), and providing customers with a secure and enjoyable shopping experience.

1. a) Duration for Which Personal Data Will Be Stored

The criteria for determining the duration of storage of personal data are the respective statutory retention periods. After expiration of these periods, the relevant data are routinely deleted unless still required for contract fulfillment or initiation. For example, purchase and invoice data relevant for tax purposes are retained for 6 or 10 years according to statutory requirements. Data processed based on your consent are stored only until consent is withdrawn. If you create a customer account, we store the necessary data as long as the account exists; upon deletion of your account, the stored data will also be deleted unless otherwise required. Chat logs via Shopify Inbox are generally stored only as long as necessary to handle inquiries; newsletter data until unsubscribed, etc. In cases without an obligation for long-term storage, we regularly review (at least every 2 years) whether personal data can be deleted or anonymized.

2. Statutory or Contractual Requirements to Provide Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Data; Possible Consequences of Non-Provision

We hereby inform you that providing personal data can sometimes be legally mandated (e.g., by tax regulations) or arise from contractual arrangements (e.g., details about the contracting party in a purchase agreement). Occasionally, providing personal data may be necessary for concluding a contract and subsequently processing it. For instance, you are required to provide your address if we need to ship goods to you. Failure to provide personal data would result in the inability to enter into or fulfill the contract. Before providing personal data, the individual concerned may contact us for clarification. We will inform you in each specific case whether the provision of personal data is legally or contractually required, necessary for contract conclusion, and the consequences of not providing the personal data (e.g., a service cannot be provided).

24. Existence of Automated Decision-making

As a responsible company, we do not engage in automated decision-making or profiling as defined by Art. 22 GDPR. This means we do not employ fully automated processing processes to assess specific personal aspects or to make decisions that legally affect or significantly impact you. Specifically, decisions regarding the establishment and execution of contractual relationships are not made solely through automated means.

Occasionally, our system may use automated processes for support purposes (see e.g., Shopify Flow in section 20); however, these are exclusively for internal process optimization and have no adverse effects on you. If we employ profiling techniques in the future, e.g., to display personalized advertisements, we will notify you separately and—where required—request your consent.

Version of this Privacy Policy: March 2025. We reserve the right to amend this privacy policy due to legal or operational changes. The current version is always available on our website. Please periodically review this information to stay informed about how we protect your data.