Privacy policy
PRIVACY POLICY
We, IVY OAK GmbH, Giesebrechtstraße 20, 10629 Berlin, Germany, Telephone: +49 (0) 30 220 564 20, Email: hello@ivyoak.com (Legal Notice), operate the website accessible at www.ivyoak.com. As such, we are responsible for collecting, processing, and using your personal data in accordance with data protection laws when you visit our website.
The Data Protection Officer of IVY OAK GmbH can be reached at the above address or via email at datenschutz@ivyoak.com.
Personal data refers to individual details about your personal or factual circumstances. This includes information such as your name, email address, postal address, and any other information related to you as a person and your identity.
We use your personal data in compliance with applicable data protection regulations. Below, we are pleased to explain which personal data we collect and store from you. You will also find information on how your data is used and what rights you have regarding its use:
I. Collection and Storage of Personal Data and the Type and Purpose of Their Use
1. When Visiting Our Website
When you visit our website, our servers temporarily store every access in a log file. The following information is collected without your involvement and stored until it is automatically deleted:
- IP address of the requesting computer;
- Date and time of access;
- Name and URL of the retrieved file;
- Website from which access is made (referrer URL);
- Operating system of the requesting computer and the browser used; and
- Access provider.
The collection and processing of this data are for the purposes of enabling the use of our website (establishing a connection), ensuring long-term system security and stability, and performing technical administration of the network infrastructure. This data does not allow us to draw any personal conclusions about you. The legal basis for this is Article 6(1) sentence 1(f) GDPR. The data will be deleted as soon as it is no longer necessary for the purpose of its collection.
In the case of data collection to provide the website, this occurs when the respective internet session has ended.
Additionally, we use cookies and web analysis services when you visit our website. You will find more detailed explanations under Sections III, IV, and V.
2. When Registering for Our Newsletter
The following information explains the content of our newsletter, the subscription process, how it is sent, and the statistical evaluation procedure, as well as your rights to object. By subscribing to our newsletter, you agree to receive it and to the described procedures.
Newsletter Content
We send newsletters, emails, and other electronic notifications containing promotional information (hereinafter referred to as "Newsletter") only with the recipient’s consent or legal permission. If the content of the newsletter is specifically described during the registration process, it is decisive for the user’s consent. Otherwise, our newsletters include information about regular offers and promotions.
Double-Opt-In and Logging
Subscription to our newsletter occurs through a double opt-in process. This means that after registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can register using someone else’s email address.
The registration for the newsletter is logged to meet legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored by Klaviyo are also logged.
Use of the Service Provider "Klaviyo"
We send our newsletters using Klaviyo, a tool provided by Klaviyo, Inc., 125 Summer St, Floor 6, Boston, MA 02111, USA (Privacy Policy: https://www.klaviyo.com/privacy/policy). Klaviyo processes content, usage, meta/communication data, and contact information in the USA.
Both the email addresses of our newsletter recipients and other data described in these notices are stored on Klaviyo's servers in the USA. Klaviyo uses this information to send and evaluate the newsletters on our behalf. Additionally, according to Klaviyo, the data may be used to optimize or improve their services, such as technical improvements for sending newsletters or determining the recipient’s location. However, Klaviyo does not use the data of our newsletter recipients to contact them or pass it on to third parties. Klaviyo stores the data only as long as necessary to fulfill the newsletter delivery or to meet legal retention obligations. The data is deleted after these periods unless other legal obligations exist.
Klaviyo is committed to protecting our users' data in accordance with EU Standard Contractual Clauses (SCC) to ensure a level of protection that complies with European data protection law. Additionally, we have signed a "Data Processing Agreement" with Klaviyo, under which Klaviyo agrees to protect our users' data, process it according to our privacy policies, and not share it with third parties. You can view Klaviyo’s privacy policy here.
Registration Data
To sign up for the newsletter, it is sufficient to provide your email address.
Optionally, we ask for your first and last name. These details are voluntary and serve only to personalize the newsletter.
Statistical Collection and Analysis
Our newsletters include a "web beacon," a pixel-sized file that is retrieved from Klaviyo’s server when the newsletter is opened. As part of this retrieval, technical information such as your browser, system, IP address, and the time of the retrieval are collected. This information is used to improve the technical aspects of services based on technical data or the target group’s reading habits, determined by their location (ascertainable through the IP address) or access times.
The statistical collection also determines whether newsletters are opened, when they are opened, and which links are clicked. Although this information can technically be associated with individual newsletter recipients, it is neither our intention nor Klaviyo’s to monitor individual users. These evaluations help us understand our readers’ habits and tailor content accordingly, or send different content based on users’ interests.
Online Access and Data Management
In certain cases, we may redirect newsletter recipients to Klaviyo’s website, such as when newsletters contain a link to access them online (e.g., in case of display problems in the email program). Newsletter recipients may also correct their data, such as email addresses, afterward. Klaviyo’s privacy policy is only available on their website.
Please note that cookies are used on Klaviyo’s websites, and personal data may be processed by Klaviyo, its partners, and service providers (e.g., Google Analytics). We have no control over this data collection. For more information, please refer to Klaviyo’s privacy policy. Additionally, you can opt out of data collection for advertising purposes at www.aboutads.info/choices or www.youronlinechoices.com (for Europe).
Revocation
You can withdraw your consent to receive the newsletter at any time and unsubscribe from it. By doing so, you also revoke your consent to its delivery via Klaviyo and the statistical analysis. Unfortunately, it is not possible to revoke only the delivery via Klaviyo or the statistical evaluation separately.
If you no longer wish to receive the newsletter, you can object at any time, either in whole or for specific measures, without incurring any costs other than the transmission costs according to the base rates. A notification in text form (e.g., email, letter) to our contact details provided at the beginning of our privacy policy is sufficient. Additionally, each newsletter contains a link for unsubscribing.
Individual Product Recommendations & Analyses
As a customer, you will receive free information about your order and product recommendations via email. These product recommendations are sent independently of whether you have subscribed to the newsletter. Our goal is to provide relevant information about products that may interest you based on your order history. We strictly comply with legal requirements in this regard. You can unsubscribe from these free product recommendations at any time, without incurring any costs other than the transmission costs according to the base rates. A notification in text form (e.g., email, letter) to our contact details provided at the beginning of our privacy policy is sufficient. Each email also contains an unsubscribe link.
Processing in this case is based on Art. 6(1)(f) GDPR. Our legitimate interest is to promote our products. We store your data for this purpose until you object to its use.
To protect you from unnecessary advertising, send you only relevant information, and continually improve your shopping experience, we use your order history and automatically generated information to create tailored advertisements for you. This is done exclusively with pseudonymized information, such as receipt and read confirmations of emails, your order history, the date and time of your website visits, and the product pages you have visited. By analyzing this information, we can avoid sending you irrelevant ads and, if any, send you content, such as newsletters or product recommendations, that match your interests. If you do not wish to receive personalized advertising, you can object at any time without incurring any costs other than the transmission costs according to the base rates. A notification in text form (e.g., email, letter) to our contact details provided at the beginning of our privacy policy is sufficient.
Processing here is based on Art. 6(1)(f) GDPR. Our legitimate interest is to promote our products. We store your data for this purpose until you object to its use.
Klaviyo stores the data as long as it is necessary to provide the newsletter or until it is deleted upon the user’s request. The data will then be deleted, unless legal retention periods apply.
Legal Bases Under the General Data Protection Regulation (GDPR)
In accordance with the provisions of the General Data Protection Regulation (GDPR) applicable as of May 25, 2018, we inform you that consent for sending email addresses is based on Article 6(1)(a), Article 7 of the GDPR, and § 7(2) No. 3 or § 7(3) of the German Unfair Competition Act (UWG). The use of the email service provider Klaviyo, the statistical collection and analysis, and the logging of the registration process are based on our legitimate interests according to Article 6(1)(f) of the GDPR. Our interest lies in using a user-friendly and secure newsletter system that serves both our business interests and meets user expectations.
We also point out that you can object to the future processing of your personal data at any time in accordance with legal requirements under Article 21 of the GDPR. This objection may particularly apply to the processing for direct marketing purposes.
3. Use of the Contact Form
You can send general inquiries to us using the contact form provided on our website. To do so, it is necessary to provide a name, a valid email address, and the reason for your inquiry. Additional information can be provided voluntarily.
The collection of this data is required to know who submitted the inquiry and to respond to it as effectively and personally as possible, in the method you prefer (mail, phone, or email).
4. Customer Account
When you open a customer account, we collect your personal data as specified. The purpose of this data processing is to enhance your shopping experience and simplify order processing. Processing is based on Article 6(1)(a) of the GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on the consent before the revocation. Your customer account will then be deleted.
II. Data Sharing
Your personal data will only be shared if you have explicitly consented to it, if there is a legal obligation, or if it is necessary to enforce rights, particularly to enforce claims from a legal relationship with you.
We will only share your personal data with third parties if it is necessary for fulfilling the contract between you and us. This may include:
For the processing of various payment methods, we collaborate with external companies. For example, for PayPal payments, we use PayPal Deutschland GmbH, Am Marktplatz 1, 14532 Europaparc Dreilinden. Other service partners that we need to process contractual relationships or service providers used for data processing include shipping service providers, merchandise management service providers, order processing service providers, and web hosts. In all cases, we strictly adhere to legal requirements, limiting the scope of data transmission to the minimum necessary.
No data will be shared with third parties for other purposes.
III. Cookies
We use cookies on our website. These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device and do not contain viruses, trojans, or other harmful software.
Cookies store information related to the specific device used to access our site. However, this does not mean that we obtain personal data from this.
Cookies serve various purposes:
Session Cookies: These are used to recognize that you have already visited certain pages of our website. For example, any inputs or settings made during your visit (e.g., language preferences) are recorded. These session cookies are automatically deleted when you leave our site.
Analytical and Marketing Cookies: We also use cookies to statistically track website usage and optimize our services for you (see Section IV), as well as to provide personalized information (see Section V). These cookies enable us to recognize that you have visited our site before. They are automatically deleted after a specific period (see table below).
Using cookies does not mean we receive new personal data about you. Most browsers automatically accept cookies. However, you can configure your browser to prevent cookies from being stored on your computer or to alert you before a new cookie is set.
Disabling cookies may result in you not being able to use all functions of our website.
The following cookies are set:
Cookie | Beschreibung | Gültigkeitsdauer |
GLBE_SESS_ID | Session cookie for managing user interactions | Session |
Global_Consent | Stores global user consent settings for cookie usage | Session |
lka_id | Session tracking ID | 292 |
bc_c_set | Stores user preferences for tag managers and scripts | 193 |
_cmp_a | Stores marketing and analytics data | 364 |
_ga |
Google Analytics user distinction Tracks page visits and sessions via Google Analytics |
364
52 |
_fp | ||
_ga_F9WTXZBf1M | Session tracking for user activity | 52 |
_ga_SCG4C21YRS8 | Stores shopping cart contents | 52 |
_gd_su | Session-Tracking-Cookie für Nutzeraktivitäten | 17 |
nSessionUser_5139956 | Session-Cookie zur Verwaltung von Benutzersessions | Session |
nJSession_513995 | JSessionID zur Identifizierung der Benutzersession | 166 |
nTSession_5139956 | Session-Tracking-Cookie zur Verwaltung der Session-Dauer | Session |
anding_page | Speichert die URL der Seite, von der der Benutzer auf die Website zugegriffen hat | Session |
_omappvs | Omniture Marketing-Cookie zur Verfolgung von Nutzeraktivitäten | 166 |
orig_referrer | Speichert den ursprünglichen Referrer des Benutzers | 166 |
pin_unauth | Pinterest Cookie zur Verfolgung von Benutzerinteraktionen | 81 |
_shopify_s | Shopify Session-Cookie zur Verwaltung von Benutzeraktivitäten | Session |
_shopify_sa_p | Shopify Cookie für Analyse und Marketing-Tracking | 364 |
_shopify_sa_t | Shopify Cookie zur Analyse des Nutzerverhaltens | 364 |
tracking_consent | Speichert die Zustimmung des Benutzers zur Nachverfolgung von Aktivitäten | 211 |
bookmarkitems | Speichert Lesezeichen-Daten des Benutzers auf der Website | 46 |
cart | Speichert den Inhalt des Warenkorbs | 103 |
cart_currency | Speichert die verwendete Währung im Warenkorb | Session |
cart_sig | Session-Signatur für die Validierung des Warenkorbs | 46 |
cjConsent | Speichert die Zustimmung zur Nutzung von CJ Affiliate-Cookies | Session |
forterToken | Sicherheitscookie zur Betrugsprävention | 364 |
keep_alive | Cookie zur Verwaltung der Session-Dauer | 72 |
receive-cookie- operation |
Cookie zur Verwaltung des Opt-ins/Opt-outs für Cookies | Session |
secure_customer_sig | Sicherheitssignatur für sichere Anmeldungen | 364 |
wishlist_id | Stores ID for managing wishlists | 364 |
Additionally, we use HTML local storage for functionalities such as:
Name | Funktionalität |
8f524c8c9 | Speichert benutzerdefinierte Tag-Manager Skripte für Google und Facebook |
BC_GDPR_CustomScrip tForShop |
Speichert benutzerdefinierte GDPR-Skripte zur Einbindung von Cookie-Einstellungen |
GDPR_LC_Ve | Speichert die Version der lokalen Datenschutzkonfiguration |
GDPR_legal | Speichert den aktuellen GDPR-Status und die Zustimmung des Nutzers |
_GDPR_VAL | Verwaltung von GDPR-Zustimmungen, Ablauf der Cookie-Zustimmung |
adws_mark | Tracking-Markierung für Google Tag Manager zur Analyse von Werbekampagnen |
bc_tagManagerData | Verwaltung der Google Tag Manager Daten, einschließlich benutzerdefinierter Skripte |
customCookies | Speichert benutzerdefinierte Cookie-Einstellungen |
feh-1789f | ID-bezogene Information zur Session-Verfolgung |
feh-19c44 | ID-bezogene Information zur Session-Verfolgung |
feh-1bda6 | ID-bezogene Information zur Session-Verfolgung |
feh-30cb83 | ID-bezogene Information zur Session-Verfolgung |
feh-330d5f | ID-bezogene Information zur Session-Verfolgung |
feh-6f2b28 | ID-bezogene Information zur Session-Verfolgung |
feh-c52 | ID-bezogene Information zur Session-Verfolgung |
feh-e3a67a0 | ID-bezogene Information zur Session-Verfolgung |
forterToken | Sicherheits-Token zur Betrugsprävention |
klaviyoOnsite | Konfigurationsdaten für Klaviyo-E-Mail-Marketing-Teaser |
lastExternalRef | Speichert die URL des letzten externen Referrers |
lastExternalRefTime | Speichert die Zeit des letzten externen Referrers |
omniListsFirst | Verfolgung von Omni-Listen, um Interaktionen und Abfragen zu tracken |
smartwishlist_config | Konfigurationsdaten zur Wunschlisten-Funktionalität, wie Farben und Symbole |
IV. Web Analysis
1. Google Analytics
For the purpose of tailoring and continuously optimizing our website, we use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. The information generated by the cookie about your use of our website (including your IP address) is transmitted to a Google server in the USA and stored there. IP addresses are anonymized (IP masking), making personal identification impossible. The information is used to evaluate website usage, compile reports on website activity, and provide additional services related to website and internet use. Your data will not be merged with other Google data.
Google will only share the information with third parties if legally required or if third parties process the data on Google's behalf.
You can prevent the installation of cookies by adjusting your browser settings; however, this may result in limited functionality of our website.
You can also prevent the collection of data generated by the cookie (including your IP address) and its processing by Google by downloading and installing a browser add-on.
Alternatively, especially for browsers on mobile devices, you can prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set, preventing future data collection when visiting this website. If you delete cookies, you will need to reset the opt-out cookie.
Further information about data privacy in relation to Google Analytics can be found in the Google Analytics Help section.
We trust Google for IT security and data protection. Google is certified under the EU-US Privacy Shield agreement, committing to comply with EU data protection requirements.
2. Pinterest Marketing (Online Marketing)
This website uses the marketing function of Pinterest, Inc. (808 Brannan Street, San Francisco, CA 94103, USA; “Pinterest”). This function displays interest-based advertisements to visitors within the Pinterest advertising network. The visitor’s browser stores cookies (text files) that allow recognition when visiting websites belonging to Pinterest's ad network. On these sites, ads related to content previously viewed on Pinterest-enabled sites may be displayed.
According to Pinterest, no personal data is collected during this process. If you do not want to use Pinterest Marketing, you can disable it in your Pinterest account settings or use the opt-out options.
Further information on Pinterest Marketing and its privacy policy can be found at: Pinterest Privacy Policy.
3. Criteo Privacy Notice
Our site uses Criteo technology (Criteo GmbH, Unterer Anger 3, 80331 Munich) to collect anonymous information on users' browsing behavior for marketing purposes through cookies.
Criteo analyzes browsing behavior and displays relevant product recommendations in banner ads when users visit other websites. The anonymous data cannot be used to personally identify visitors. Criteo uses the collected data solely to improve ad offerings. Every banner contains an "i" (for information) that explains the system and provides an opt-out option. Clicking on opt-out sets a cookie that prevents future banner displays. Criteo does not share data with third parties.
You can learn more about Criteo's privacy policy and opt-out options here.
4. Bing Ads
We use the online advertising program “Bing Ads” and its conversion tracking. This service is provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
When you click on a Bing ad, a cookie for conversion tracking is placed on your computer. This cookie expires after 30 days and does not contain personal data. It cannot be used for personal identification.
If you visit specific pages of our website before the cookie expires, Bing and we can track that you clicked on the ad and were redirected to that page. Each Bing Ads customer receives a different cookie, ensuring no tracking across different websites.
The information collected with the conversion cookie helps us compile statistics for Bing Ads customers who use conversion tracking. We learn the total number of users who clicked on an ad and were redirected to a conversion-tracked page but do not receive personal identification information.
If you do not wish to participate in tracking, you can opt out by adjusting your browser settings to block cookies. More information about Bing Ads and its privacy policy can be found at: Bing Privacy Statement.
5. Commission Junction (CJ) Marketing (Online Marketing)
This website uses the marketing function of Commission Junction (CJ), a service of CJ Affiliate by Conversant, Inc. (5901 West Century Boulevard, Suite 700, Los Angeles, CA 90045, USA). This function displays interest-based ads and affiliate offers to website visitors within the CJ ad network. The visitor's browser stores cookies to recognize them when visiting CJ-enabled websites, displaying relevant ads and affiliate links.
According to CJ, no personal data is collected. You can disable CJ Marketing by adjusting your browser settings or using opt-out options.
More information about CJ Marketing and its privacy policy can be found at: CJ Privacy Policy.
6. Google AdWords (Online Marketing und Conversion Tracking)
We use the “Google AdWords” online advertising program and Google AdWords conversion tracking, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on a Google ad, a conversion tracking cookie is placed on your computer. This cookie expires after 30 days, does not contain personal data, and cannot be used to identify you. If you visit certain pages of our website while the cookie is still active, Google and we can track that you clicked on the ad and were redirected to the page.
Each Google AdWords customer gets a different cookie, preventing tracking across websites. The information collected by the conversion cookie helps us create statistics for AdWords customers, showing the total number of users who clicked on an ad and were redirected to a conversion-tracked page, without personal identification.
If you do not want to participate in tracking, you can opt out by adjusting your browser settings. More information about Google AdWords and its privacy policy can be found here.
7. Google Remarketing (Online Marketing)
This website uses the remarketing function of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). This function displays interest-based ads to visitors within the Google advertising network. Visitors’ browsers store cookies that allow recognition when visiting Google network websites. Ads related to content previously viewed may be displayed.
According to Google, no personal data is collected. You can disable Google Remarketing by adjusting your ad settings at: Google Ad Settings.
Further information about Google Remarketing and its privacy policy can be found at: Google Privacy & Terms.
8. Facebook (Online Marketing / Re-Targeting)
We integrate Facebook pixels from Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”) on our site to make our online offering more engaging. This enables us to target users with personalized ads on our partners' websites. A cookie is set to collect interest data using pseudonyms. Based on this information, users will see interest-based ads related to our offers on partner sites. This also helps us track the effectiveness of Facebook ads for statistical purposes. No personal data is stored or combined with user profiles.
You can disable data collection for personalized ads here: Facebook Ads Preferences.
Collected data remains anonymous to us but is stored and processed by Facebook, which may link it to your Facebook account and use it for its advertising purposes according to Facebook’s privacy policy: Facebook Privacy.
If we transmit data to Facebook for matching purposes, it is encrypted on your browser and transmitted securely to Facebook, solely for comparison with encrypted Facebook data.
9. Hotjar
We use Hotjar to better understand user needs and optimize our website. Hotjar’s technology helps us gain insights into user behavior, such as time spent on pages, clicks, and preferences, allowing us to align our offerings with user feedback. Hotjar uses cookies and other technologies to collect data on user behavior and devices, including anonymized IP addresses, screen size, device type, browser information, location (country only), and preferred language.
Hotjar stores this information in a pseudonymized user profile on our behalf. It is prohibited from selling the data collected on our behalf.
More details can be found in the "About Hotjar" section on Hotjar's help page.
V. Hosting and Data Processing
Our website is hosted via the e-commerce platform Shopify Inc. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland). Shopify provides us with the online platform through which we offer our products and services.
We have entered into a data processing agreement (DPA) with Shopify in accordance with Art. 28 GDPR. Under this agreement, Shopify processes our customers’ personal data on our behalf. This data is collected for the purpose of processing orders, handling payments, and providing and operating the website. Shopify stores this data for as long as it is necessary to fulfill contractual obligations or due to legal retention requirements.
The processing of customer data is based on Art. 6(1)(c) GDPR, as we are legally obligated to process and store certain data (such as billing information). Additionally, the processing is necessary for fulfilling the contract with our customers in accordance with Art. 6(1)(b) GDPR.
Customers may object to the collection and processing of their data by Shopify at any time. However, this may result in certain features of our website, such as the ordering process, becoming unavailable.
For more information about Shopify's data protection practices, please refer to Shopify’s privacy policy: https://www.shopify.com/legal/privacy.
VI. Your Rights
You have the following rights concerning your personal data:
Right to access (Art. 15 GDPR),
Right to rectification and/or erasure (Art. 16 and Art. 17 GDPR),
Right to restrict processing (Art. 18 GDPR),
Right to data portability (Art. 20 GDPR),
Right to object to processing (Art. 21 GDPR).
According to Art. 7(3) GDPR, you have the right to withdraw your consent at any time. This means that we can no longer continue data processing based on that consent for the future. You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data (Art. 77 GDPR).
To request information about your personal data, to correct inaccurate data, or to request the blocking or deletion of your data, as well as for any other questions regarding the use of your personal data, please email us at hello@ivyoak.com.
VII. Data Security
Your connection to our website is encrypted via TLS (HTTPS). This is a widely used encryption protocol that securely transmits data between your browser and our website.
We also implement appropriate technical and organizational security measures to protect your personal data stored with us from manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continuously improved in line with technological advancements.
VIII. Current Validity and Changes to this Privacy Policy
This privacy policy is currently valid as of September 2024.
As our website evolves or due to changes in legal or regulatory requirements, it may become necessary to update this privacy policy. The current privacy policy can be accessed and printed from the website at any time under www.ivyoak.com.