Privacy policy

1. Information about the Collection of Personal Data and Contact Details of the Responsible Party
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we will inform you about how we handle your personal data when using our website. Personal data refers to all data that can be used to personally identify you.

1.2 The entity responsible for the data processing on this website, as per the General Data Protection Regulation (GDPR), is Olivia & Roses. The responsible party for processing personal data is the natural or legal person who, alone or in collaboration with others, decides the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the lock symbol in your browser’s address bar.

2. Data Collection During the Visit to Our Website
When you use our website purely for informational purposes, i.e., when you do not register or provide us with any other information, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically required to display the website:

• The website you visited

• Date and time of access

• Amount of data sent in bytes

• Source/referral from which you accessed the page

• Browser used

• Operating system used

• IP address used (possibly anonymized)

The processing takes place in accordance with Article 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. There will be no transfer or other use of the data. However, we reserve the right to review the server log files later if there are concrete indications of illegal use.

3. Cookies
To make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of your browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data, as well as IP address values. Persistent cookies are automatically deleted after a set period, which can vary depending on the cookie.

Some cookies serve the purpose of simplifying the order process by saving settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is processed through individual cookies we implement, the processing is carried out in accordance with Article 6(1)(b) GDPR, either for the performance of the contract or in accordance with Article 6(1)(f) GDPR to protect our legitimate interests in the best possible functionality of the website and a user-friendly and efficient website design.

We may collaborate with advertising partners who help us make our online offering more interesting for you. For this purpose, cookies from partner companies (third-party cookies) may be stored on your device when you visit our website. If we work with these advertising partners, you will be individually and separately informed about the use of such cookies and the extent of the information collected in the following sections.

Please note that you can configure your browser to inform you about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for specific cases or generally. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. For each browser, you can find the relevant instructions at the following links:

• Internet Explorer: Link

• Firefox: Link

• Chrome: Link

• Safari: Link

• Opera: Link

Please note that if you do not accept cookies, the functionality of our website may be limited.

4. Contacting Us
When you contact us (e.g., via contact form or email), personal data is collected. The data collected in the case of a contact form can be seen in the respective contact form. This data will be stored and used exclusively for the purpose of responding to your inquiry or for contacting you, along with the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your inquiry as per Article 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR. Your data will be deleted after your request has been fully processed, which is the case when it can be inferred from the circumstances that the issue has been resolved and no legal retention obligations are in place.

5. Data Processing when Opening a Customer Account and for Contract Processing
In accordance with Article 6(1)(b) GDPR, personal data is also collected and processed if you provide us with this data for the purpose of executing a contract or when opening a customer account. The data collected can be seen in the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the contact address of the responsible party mentioned above. We store and use the data you provide for contract processing. After the contract has been fully processed or your customer account has been deleted, your data will be blocked with respect to tax and commercial law retention periods and deleted after these periods expire, unless you have explicitly consented to further use of your data or if further data usage is legally permitted, in which case we will inform you below.

6. Use of Your Data for Direct Marketing
6.1 Subscription to Our Email Newsletter
When you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called "double opt-in" procedure. This means that we will only send you the newsletter once you have explicitly confirmed your consent to receive it. We will send you a confirmation email, asking you to confirm by clicking a link that you want to receive newsletters in the future.

By activating the confirmation link, you give us your consent to use your personal data according to Article 6(1)(a) GDPR. When subscribing to the newsletter, we store the IP address registered by your Internet Service Provider (ISP) as well as the date and time of your subscription in order to track any potential misuse of your email address later on. The data collected during your subscription to the newsletter will only be used for promotional purposes through the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending an appropriate message to the responsible party mentioned at the beginning. After unsubscribing, your email address will be immediately removed from our newsletter distribution list, unless you have explicitly agreed to further use of your data or we have reserved the right to further use your data as permitted by law, which we will inform you about in this statement.

6.2 Sending Email Newsletters to Existing Customers
If you provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services, similar to those you have already purchased, from our range via email. For this, we do not need to obtain separate consent from you. The data processing is carried out solely based on our legitimate interest in personalized direct marketing in accordance with Article 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send any marketing emails. You have the right to object to the use of your email address for the above-mentioned advertising purposes at any time with effect for the future by notifying the responsible party mentioned above. For this, you will only incur transmission costs according to basic rates. Once we receive your objection, we will immediately cease using your email address for advertising purposes.

7. Data Processing for Order Processing
7.1 The personal data we collect will be passed on to the transport company commissioned with the delivery as far as necessary to deliver the goods. Your payment data will be passed on to the bank commissioned with the payment processing, as far as necessary for the payment transaction. If payment service providers are used, we will specifically inform you about this below. The legal basis for passing on the data is Article 6(1)(b) GDPR.

7.2 Use of Payment Service Providers (Payment Providers)

• PayPal
  When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” or "installment payments" via PayPal, we will transmit your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") for payment processing. The transmission is carried out in accordance with Article 6(1)(b) GDPR and only to the extent necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods of credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” or "installment payments" via PayPal. For this, PayPal may transmit your payment data, in accordance with Article 6(1)(f) GDPR, based on PayPal's legitimate interest in assessing your ability to pay, to credit reporting agencies. The result of the credit check, with regard to the statistical probability of payment default, will be used by PayPal to decide whether to offer you the respective payment method. The credit report may include probability values (so-called score values). If score values are included in the credit check result, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data. Further data protection information, including the credit reporting agencies used, can be found in PayPal's privacy policy: PayPal Privacy Policy
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if necessary for the contractual payment processing.

• SOFORT
  If you choose the payment method “SOFORT,” the payment processing is handled by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SOFORT”), to whom we transmit the information you provided during the ordering process, along with information about your order, in accordance with Article 6(1)(b) GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transmission of your data occurs exclusively for the purpose of payment processing with SOFORT and only to the extent necessary for this purpose.
  You can find further information about SOFORT’s data protection regulations here: SOFORT Privacy Policy

8. CONTACT FOR REVIEW REMINDER
Own Review Reminder (No Dispatch via a Customer Review System)
We use your email address for a one-time reminder to submit a review of your order for the review system we use, provided that you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR during or after your order.
You can revoke your consent at any time by sending a message to the data controller.

9. USE OF SOCIAL MEDIA: SOCIAL PLUGINS
9.1 Facebook Plugins with Shariff Solution
Special additional customs clearance costs and/or import duties are not included in the price and are the responsibility of the customer.

Our website uses so-called social plugins ("Plugins") of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

To enhance the protection of your data when visiting our website, these buttons are not fully integrated as plugins but are embedded in the site using an HTML link. This method ensures that when you access a page on our website containing such buttons, no connection is established with Facebook's servers. When you click on the button, a new browser window opens and loads Facebook's page, where you can interact with the plugins (if necessary, after logging in).

Facebook Inc., based in the USA, is certified under the US-European "Privacy Shield" agreement, which ensures compliance with the data protection level applicable in the EU.

For information on the purpose and scope of data collection, further processing and use of the data by Facebook, and your rights and settings options to protect your privacy, please refer to Facebook's privacy policy: https://www.facebook.com/policy.php

9.2 Google+ Plugins with Shariff Solution
Our website uses so-called social plugins ("Plugins") of the social network Google+, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

To enhance the protection of your data when visiting our website, these buttons are not fully integrated as plugins but are embedded in the site using an HTML link. This method ensures that when you access a page on our website containing such buttons, no connection is established with Google+ servers. When you click on the button, a new browser window opens and loads the Google+ page, where you can interact with the plugins (if necessary, after logging in).

Google LLC, based in the USA, is certified under the US-European "Privacy Shield" agreement, which ensures compliance with the data protection level applicable in the EU.

For information on the purpose and scope of data collection, further processing and use of the data by Google, and your rights and settings options to protect your privacy, please refer to Google's privacy policy: https://www.google.com/intl/de/policies/privacy/

9.3 Instagram Plugin with Shariff Solution
Our website uses so-called social plugins ("Plugins") of the online service Instagram, which is operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram").

To enhance the protection of your data when visiting our website, these buttons are not fully integrated as plugins but are embedded in the site using an HTML link. This method ensures that when you access a page on our website containing such buttons, no connection is established with Instagram's servers. When you click on the button, a new browser window opens and loads the Instagram page, where you can interact with the plugins (if necessary, after logging in).

Instagram LLC, based in the USA, is certified under the US-European "Privacy Shield" agreement, which ensures compliance with the data protection level applicable in the EU.

For information on the purpose and scope of data collection, further processing and use of the data by Instagram, and your rights and settings options to protect your privacy, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/

10. ONLINE MARKETING
10.1 DoubleClick by Google
This website uses the online marketing tool DoubleClick by Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick").

DoubleClick uses cookies to display relevant ads to users, improve campaign performance reports, and prevent users from seeing the same ad multiple times. Google assigns a cookie ID to track which ads are displayed in which browser and to avoid duplicate displays. The processing is based on our legitimate interest in optimizing the marketing of our website in accordance with Art. 6 para. 1 lit. f GDPR.

Additionally, DoubleClick can track conversions using cookie IDs, linking ad interactions to subsequent actions, such as when a user views a DoubleClick ad and later visits the advertiser’s website to make a purchase. According to Google, DoubleClick cookies do not contain personally identifiable information.

Because these marketing tools are used, your browser automatically establishes a direct connection to Google’s servers. We have no control over the extent and further use of the data collected by Google through this tool. Based on our knowledge, Google receives information that you have visited a particular section of our website or clicked on an ad. If you are registered with a Google service, Google can associate this visit with your account. Even if you are not registered or logged in, Google may collect and store your IP address.

Opt-out options:
If you do not wish to participate in this tracking process, you can disable conversion tracking cookies by adjusting your browser settings to block cookies from www.googleadservices.com (Google Ads Settings). Please note that these settings will be reset if you delete your cookies. Alternatively, you can manage cookies via the Digital Advertising Alliance at www.aboutads.info.

Google LLC is certified under the US-European "Privacy Shield" framework, ensuring compliance with EU data protection standards.

For more details, see Google's DoubleClick privacy policy:
https://www.google.de/policies/privacy/

10.2 Use of Google AdWords Conversion Tracking
This website uses the online advertising program Google AdWords and Google AdWords Conversion Tracking, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

We use Google AdWords to display targeted advertisements (Google Ads) on external websites. This allows us to track how successful individual ad campaigns are. Our aim is to show you advertisements that are relevant to you, make our website more engaging, and optimize our advertising costs.

When a user clicks on a Google AdWords ad, a conversion tracking cookie is placed on their system. These cookies are small text files that typically expire after 30 days and do not allow personal identification. If the user visits specific pages on our website before the cookie expires, Google and we can track that the user clicked on the ad and was redirected to our site.

Each Google AdWords customer receives a different cookie, meaning cookies cannot be tracked across multiple AdWords client websites. The information collected by these cookies is used to generate conversion statistics for AdWords customers who have opted into conversion tracking. These reports include the total number of users who clicked on an ad and were redirected to a conversion-tracking-enabled page. However, no information is shared that personally identifies users.

Opt-out options:
If you do not wish to participate in tracking, you can disable Google AdWords conversion tracking cookies in your browser settings. This prevents you from being included in conversion tracking statistics. Our use of Google AdWords is based on our legitimate interest in targeted advertising in accordance with Art. 6 para. 1 lit. f GDPR.

Google LLC is certified under the US-European "Privacy Shield" framework, ensuring compliance with EU data protection standards.

For more details, see Google’s privacy policy:
https://www.google.de/policies/privacy/

To permanently disable cookies for ad targeting, you can:

• Adjust your browser settings to block cookies.

• Download and install the Google Ads opt-out browser plugin:
  https://www.google.com/settings/ads/plugin?hl=de

Note: If you disable cookies, some features of this website may not function properly.

11. WEB ANALYTICS SERVICES
11.1 Google (Universal) Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").**

Google Analytics uses cookies—small text files stored on your computer—to analyze your use of the website. The information generated by these cookies (including a shortened IP address) is typically transmitted to and stored on a Google server in the USA.

This website uses Google Analytics with the "_anonymizeIp()" extension, which ensures IP anonymization by shortening the IP address before processing, preventing direct personal identification. Google shortens your IP address within the EU or the European Economic Area (EEA). In rare cases, the full IP address may be sent to Google’s servers in the USA and then shortened.

This data processing is based on our legitimate interest in statistical user behavior analysis to improve our website and marketing strategies, in accordance with Art. 6 para. 1 lit. f GDPR.

On our behalf, Google uses this information to:

• Evaluate your website usage

• Generate reports on website activity

• Provide additional internet-related services

The IP address collected by Google Analytics is not merged with other Google data.

Opt-out options:

You can prevent cookies from being stored by adjusting your browser settings. However, this may limit some website functionalities.

To prevent Google from collecting and processing data (including your IP address), you can:

• Download and install the Google Analytics Opt-Out Browser Plugin:
  https://tools.google.com/dlpage/gaoptout?hl=de

• Click on the following link to set an opt-out cookie, preventing Google Analytics tracking on this website in the future: Google Analytics deactivate.
  (Note: This opt-out cookie only works for this browser and domain. If you delete cookies, you must click the link again.)

Cross-device tracking with Google Analytic
This website also uses Google Analytics for cross-device visitor analysis using a User-ID.

• When visiting for the first time, users receive a unique, anonymous User-ID, which allows interactions across multiple devices and sessions to be assigned to the same user.

• The User-ID does not contain personal data and is not shared with Google.

• You can opt-out of User-ID tracking at any time, but you must disable Google Analytics on all devices you use.

To disable cross-device tracking, use:

• The Google Analytics Opt-Out Plugin:
  https://tools.google.com/dlpage/gaoptout?hl=de

• The opt-out cookie link: Google Analytics deactivate
  (If you delete your cookies, you must reactivate the opt-out.)

For more details on Universal Analytics, visit:
https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376

Data protection compliance

Google LLC is certified under the US-European "Privacy Shield" framework, ensuring compliance with EU data protection regulations.

12. RETARGETING/ REMARKETING/ REFERRAL ADVERTISING
12.1 Facebook Custom Audience via Pixel Method

This website uses the "Facebook Pixel" from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). If explicit consent is given, this allows the tracking of user behaviour after they have seen or clicked on a Facebook advertisement.

This method is used to analyze the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising efforts. The data collected is anonymous to us, meaning we cannot draw any conclusions about the identity of users. However, Facebook stores and processes this data, allowing it to be linked to the respective user profile.

Facebook may use this data for its own advertising purposes in accordance with the Facebook Data Policy (https://www.facebook.com/about/privacy/). This enables Facebook and its partners to display ads both on and outside of Facebook. Additionally, a cookie may be stored on your computer for these purposes.

These processing operations only occur with explicit consent under Article 6(1)(a) of the GDPR. Consent to the use of the Facebook Pixel may only be given by users who are at least 13 years old. If you are younger, please ask your legal guardian for permission.

Facebook Inc., based in the USA, is certified under the EU-U.S. Privacy Shield framework, which ensures compliance with European data protection standards.

To disable the use of cookies on your computer, you can configure your internet browser to prevent cookies from being stored in the future or to delete already stored cookies. However, disabling all cookies may limit the functionality of our website. You can also disable the use of cookies by third-party providers such as Facebook via the Digital Advertising Alliance at: https://www.aboutads.info/choices/.

12.2 Google AdWords Remarketing
Our website uses the functions of Google AdWords Remarketing, allowing us to advertise this website in Google search results and on third-party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

For this purpose, Google places a cookie in your browser, which automatically enables interest-based advertising based on a pseudonymous cookie ID and the pages you have visited. Processing is based on our legitimate interest in the optimal marketing of our website under Article 6(1)(f) of the GDPR.

Further data processing only occurs if you have given Google consent to link your browsing history and app usage to your Google account and to use this information for personalized ads. If you are logged into Google during your visit to our website, Google uses your data along with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked with Google Analytics data to form target groups.

You can permanently disable cookies for ad preferences by downloading and installing the browser plugin available at: https://www.google.com/settings/ads/onweb/.

Alternatively, you can learn more about setting cookies and make preferences at the Digital Advertising Alliance website: www.aboutads.info. Finally, you can configure your browser to notify you when cookies are set and decide whether to accept them individually or disable cookies for specific cases or in general. If you do not accept cookies, the functionality of our website may be limited.

Google LLC, based in the USA, is certified under the EU-U.S. Privacy Shield framework, ensuring compliance with European data protection standards.

Further information on Google's advertising and privacy policies can be found at: https://www.google.com/policies/technologies/ads/.

13. RIGHTS OF THE DATA SUBJECT
13.1 The applicable data protection law grants you comprehensive rights as a data subject with respect to the processing of your personal data by the data controller (right to information and intervention), which we inform you about below:

• Right of Access (Article 15 GDPR): You have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of processed personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage duration or criteria for determining it, the existence of rights to rectification, deletion, restriction of processing, objection to processing, the right to lodge a complaint with a supervisory authority, the source of your data if it was not collected by us, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the significance and intended effects of such processing, as well as your right to be informed about the safeguards pursuant to Article 46 GDPR regarding data transfers to third countries.
  
  

• Right to Rectification (Article 16 GDPR): You have the right to request the immediate correction of inaccurate personal data concerning you and/or the completion of your incomplete data stored by us.
  
  

• Right to Erasure (Article 17 GDPR): You have the right to request the deletion of your personal data if the conditions of Article 17(1) GDPR are met. However, this right does not exist in particular if processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.
  
  

• Right to Restriction of Processing (Article 18 GDPR): You have the right to request the restriction of processing of your personal data if:
  
  

• You contest the accuracy of your data for a period enabling us to verify its accuracy.

• You oppose the deletion of your data due to unlawful processing and instead request the restriction of its use.

• We no longer need your data for processing purposes, but you require it to assert, exercise, or defend legal claims.

• You have objected to processing based on your specific situation, pending verification of whether our legitimate grounds override yours.

• Right to Notification (Article 19 GDPR): If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to notify all recipients to whom your personal data has been disclosed, unless this is impossible or involves disproportionate effort. You also have the right to be informed about these recipients.
  
  

• Right to Data Portability (Article 20 GDPR): You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, where technically feasible.
  
  

• Right to Withdraw Consent (Article 7(3) GDPR): You have the right to withdraw consent given for data processing at any time with effect for the future. Upon withdrawal, we will immediately delete the affected data unless further processing can be legally justified without consent. The withdrawal of consent does not affect the legality of processing carried out before the withdrawal.
  
  

• Right to Lodge a Complaint (Article 77 GDPR): If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, workplace, or the location of the alleged infringement, without prejudice to any other administrative or judicial remedy.
  
  

13.2 Right to Object
If we process your personal data based on our overriding legitimate interest as part of a balancing of interests, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future.

If you exercise your right to object, we will cease processing the affected data. However, further processing may still be permitted if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.

If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising. You can exercise your right to object as described above.

If you exercise your right to object, we will immediately stop processing your data for direct marketing purposes.

14. Duration of Storage of Personal Data
The storage duration of personal data is determined based on the applicable legal retention periods (e.g., commercial and tax retention periods). Once the respective retention period expires, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or initiation and/or there is no legitimate interest on our part in continuing the storage.