Privacy policy

1) Information on the Collection of Personal Data and the Contact Details of the Responsible Party

1.1
We welcome your visit to our website and thank you for your interest. Below we explain how personal data is handled when using our website. Personal data means all data that can be used to identify an individual.

1.2
In accordance with the General Data Protection Regulation (GDPR), the person responsible for the processing of personal data on this website is Snug Nest. The responsible party is a natural person or legal entity that determines the purposes and means of personal data processing alone or together with others.

1.3
For security reasons and to protect the transmission of personal data and other confidential information (such as orders or inquiries to the responsible party), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the character string "https://" and the padlock symbol in your browser's address bar.

2) Data Collection When Visiting Our Website

When you use our website for information purposes only, i.e. if you do not register or transmit information to our site, we only collect the data that your browser transmits to the server (so-called "server log files"). When accessing our website, the following data is technically collected to display the website correctly:

- Website visited
- Date and time of access
- Bytes of data transferred
- Source/referrer to the page
- Browser used
- Operating system used
- IP address used (which may be anonymised)

Processing is carried out in accordance with GDPR Article 6(1)(f) based on our legitimate interest in improving the stability and functionality of our website. Data is not disclosed or used in any other way. However, we reserve the right to inspect server log files at a later date if there are specific indications of unlawful use.

3) Cookies

To make visiting our website more attractive and to enable the use of certain functions, we use small text files called "cookies" on various pages of our site. These are files stored on your device. Some of the cookies we use are deleted after the browser session ends (called session cookies). Other cookies remain on your device and allow our site or partner companies (third-party cookies) to recognise your browser on later visits (persistent cookies). When cookies are set, user information such as browser and localisation data and IP address values are collected and processed individually. Persistent cookies are automatically deleted after a set period, which may vary depending on the cookie.

Some cookies help simplify the ordering process by storing settings (for example, remembering the contents of your virtual shopping cart for later visits). If personal data is also processed through some of the cookies we implement, this processing is carried out in accordance with GDPR Article 6(1)(b) to fulfil a contract or in accordance with GDPR Article 6(1)(f) to achieve our legitimate interest in optimal functionality of our site and a visitor experience that is advantageous and efficient for customers.

Our site may cooperate with advertising partners to make our online offering more interesting. For this purpose, cookies from partner companies (third-party cookies) may also be stored on your hard drive when you visit our website. When cooperating with the above-mentioned advertising partners, you will be notified separately and individually about the use of such cookies and the scope of information collected within the sections below.

Please note that you can set your browser to notify you about the use of cookies and to accept them individually, or to exclude the acceptance of cookies in certain cases or generally. Each browser manages cookie settings in different ways. This is described in the help section of each browser and explains how to change your cookie settings. These can be found in each browser at the following links:

Internet Explorer:
https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://support.mozilla.org/en/kb/cookies-allow-disable

Chrome: https://support.google.com/chrome/answer/95647?hl=en

Safari: https://support.apple.com/en/guide/safari/manage-cookies-sfri11471/

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if cookies are not accepted, the functionality of our website may be limited.

4) Enquiries

As part of enquiries to our site (for example, via contact form or email), personal data is collected. The data collected in the case of a contact form is shown in the corresponding contact form. This data is stored and used only to answer your question or to process your enquiry and related technical administration. The legal basis for data processing is our legitimate interest in responding to your enquiry in accordance with GDPR Article 6(1)(f). If the purpose of the enquiry is to conclude a contract, the additional legal basis for data processing is GDPR Article 6(1)(b). If it can be assumed from the context that the enquiry has been finally resolved and there is no obligation to store the session during the session, the data is deleted after the final processing of the enquiry.

5) Data Processing When Creating a Customer Account and Fulfilling Contracts

In accordance with GDPR Article 6(1)(b), personal data is collected and processed if you provide it to us to fulfil a contract or to create a customer account. The data collected is shown in the respective entry form. You can delete your customer account at any time by notifying the responsible party at the address given above. The data you provide is stored and used to fulfil the contract. After complete fulfilment of the contract or deletion of the customer account, the data is blocked taking into account the retention periods under tax and commercial law and deleted after the end of these periods. However, this does not apply if you have explicitly consented to further use of the data by our site or if further lawful use of the data is reserved. In this case, we will notify you accordingly.

6) Data Use for Direct Marketing

6.1 Registration for Email Newsletter

When you register for our email newsletter, we will send you regular information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of additional data is voluntary and is used to allow us to address you personally. We use a so-called double opt-in procedure for newsletter dispatch. This means that we only send the email newsletter if you have explicitly confirmed receipt of the email newsletter. We will then send you a confirmation email and ask you to confirm that you wish to receive the newsletter in future by clicking the corresponding link.

By activating the confirmation link, you consent to the use of personal data in accordance with GDPR Article 6(1)(a). During newsletter registration, we save the IP address registered by your Internet service provider (ISP) and the date and time of registration so that we can later track the possibility of misuse of your email address. The data collected during newsletter registration is used only for advertising purposes via the newsletter. You can unsubscribe from the newsletter at any time by using the link in the newsletter or by sending a corresponding notification to the responsible party mentioned above. Your email address will be immediately removed from our newsletter mailing list after unsubscribing. However, this does not apply if you have explicitly consented to further use of the data or if further data processing permitted by law is reserved.

6.2 Sending Email Newsletter to Existing Customers

If you have provided an email address when purchasing a product or service, our site reserves the right to regularly send you offers for similar products or services that you have already purchased via our newsletter. You do not need to give us special consent for this. Data processing is only carried out in accordance with GDPR Article 6(1)(f) based on our legitimate interest in direct marketing. If you have previously objected to the use of your email address for this purpose, we will not send you emails. You can object to the use of your email address for the above marketing purposes at any time by sending a notification to the responsible party mentioned above. Costs are limited to the transmission costs in accordance with the applicable basic tariff. After we receive your objection, your email address will immediately cease to be used for marketing purposes.

7) Data Processing Related to Order Processing

7.1

The personal data we collect is transferred to the shipping company responsible for dispatch as part of contract fulfilment, to the extent necessary for the delivery of the goods. Payment data is transferred to the relevant credit institutions as part of payment processing, to the extent necessary for processing payments. If payment service providers are used, we will explicitly notify you of this below. The legal basis for data transfer is GDPR Article 6(1)(b).

7.2 Use of Payment Service Providers

– PayPal

If you pay via PayPal, PayPal credit card via PayPal, PayPal payment services, or "purchase on invoice" or "instalments" (via PayPal) provided to you, we transfer your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., Boulevard Royal 22-24, L-2449 Luxembourg (hereinafter "PayPal") as part of payment processing. The transfer is only made to the extent necessary for payment processing in accordance with GDPR Article 6(1)(b).

PayPal reserves the right to conduct credit checks for credit card (via PayPal), payment services (via PayPal), or "purchase on invoice" or "instalment" payment methods (where provided) (via PayPal). For this purpose, your payment data may be transferred to credit information agencies in accordance with GDPR Article 6(1)(f) based on PayPal's legitimate interest in assessing creditworthiness. The results of credit checks regarding the statistical probability of payment default are used by PayPal to make decisions about the provision of each payment method. Credit checks may include probability values (called score values). Where score values are included in the credit check results, these are based on scientifically recognised mathematical statistical methods. The calculation of score values includes address information in particular. Further data protection information (including the credit information agencies used) can be found in PayPal's privacy policy:
https://www.paypal.com/en/webapps/mpp/ua/privacy-full

You can object to this processing of data at any time by sending a notification to PayPal. However, PayPal reserves the right to continue processing personal data if this is necessary for correct contractual payment processing.

– SOFORT

If you select the "SOFORT" payment method, payment processing is carried out through the payment service provider Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"). We transfer the data you specified during the ordering process and data relating to your order in accordance with GDPR Article 6(1)(b). Sofort GmbH is part of the Klarna group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of data is only for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary. Further information regarding SOFORT's data protection provisions can be found at the following internet address:
https://www.klarna.com/sofort/datenschutz

8) Communication Related to Rating Reminders

Own rating reminders (not sent via customer review system)

Our site only uses your email address for one reminder related to our rating system, provided you have given explicit consent in accordance with GDPR Article 6(1)(a), in connection with or after your order.

You can revoke your consent at any time by sending a notification to the person responsible for data processing.

9) Use of Social Media: Social Plugins

9.1 Facebook Plugin with Shariff Solution

Our website uses so-called social plugins (the "Plugin") from the social network Facebook operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (the "Facebook").

To improve data protection when visiting our website, these buttons are not fully integrated plugins but are only embedded via HTML links. This type of integration ensures that a connection to Facebook's servers is not established when a page containing such buttons is opened. When you click on a button or a new browser window opens and Facebook's page opens, you can (after entering your login credentials, if necessary) interact with the plugin.

Facebook Inc., based in the United States, is certified under the US-European data protection agreement "Privacy Shield", which guarantees compliance with the level of data protection applicable in the EU.

Information about the purpose and scope of data collection and further processing and use of data by Facebook, as well as your rights and setting options relating to privacy protection, can be found in Facebook's data protection notice:
https://www.facebook.com/policy.php

9.2 Google+ Plugin with Shariff Solution

Our website uses so-called social plugins (the "Plugin") from the social network Google+ operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (the "Google").

To improve data protection when visiting our website, these buttons are not fully integrated plugins but are only embedded via HTML links. This type of integration ensures that a connection to Google's servers is not established when a page containing such buttons is opened. When you click on a button or a new browser window opens and Google+'s page opens, you can (after entering your login credentials, if necessary) interact with the plugin.

Google LLC., based in the United States, is certified under the US-European data protection agreement "Privacy Shield", which guarantees compliance with the level of data protection applicable in the EU.

Information about the purpose and scope of data collection and further processing and use of data by Google, as well as your rights and setting options relating to privacy protection, can be found in Google's data protection notice:
https://www.google.com/intl/en/policies/privacy/

9.3 Instagram Plugin with Shariff Solution

Our website uses so-called social plugins (the "Plugin") from the online service Instagram operated by Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA (the "Instagram").

To improve data protection when visiting our website, these buttons are not fully integrated plugins but are only embedded via HTML links. This type of integration ensures that a connection to Instagram's servers is not established when a page containing such buttons is opened. When you click on a button or a new browser window opens and Instagram's page opens, you can (after entering your login credentials, if necessary) interact with the plugin.

Instagram LLC., based in the United States, is certified under the US-European data protection agreement "Privacy Shield", which guarantees compliance with the level of data protection applicable in the EU.

Information about the purpose and scope of data collection and further processing and use of data by Instagram, as well as your rights and setting options relating to privacy protection, can be found in Instagram's data protection notice:
https://help.instagram.com/155833707900388/

10) Online Marketing

10.1 Google's DoubleClick

This website uses the online marketing tool DoubleClick by Google from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (the "DoubleClick").

DoubleClick uses cookies to display relevant advertisements to users, improve reports on campaign effectiveness, or prevent users from seeing the same advertisement multiple times. Through the cookie ID, Google can register which advertisements are shown to which browser and thus prevent duplicate display. Processing is carried out in accordance with GDPR Article 6(1)(f) based on our legitimate interest in optimal marketing of our site.

Furthermore, DoubleClick can use the cookie ID to register so-called conversions related to ad requests. This occurs, for example, when a user sees a DoubleClick advertisement and later visits the advertiser's website via the same browser and makes a purchase. According to Google, DoubleClick cookies do not contain any personal data.

For the marketing tool used, your browser automatically creates a direct connection to Google's servers. We have no influence over the scope of data collected by Google through the use of this tool and the impact on continued use. We accordingly notify you in accordance with our level of knowledge. Through the integration of DoubleClick, Google knows whether you have visited the relevant section of our site or clicked on an advertisement from our site. If you are registered with Google services, Google can associate your visit with your account. Even if you are not registered with Google or are not logged in, the provider may be able to register and store your IP address.

If you wish to object to participation in this tracking procedure, you can disable the conversion tracking cookie by setting your browser to block cookies from the domain www.googleadservices.com.
https://www.google.com/settings/ads
This setting is deleted when you delete cookies. Alternatively, you can obtain information about the use of cookies and make settings through the internet address www.aboutads.info of the Digital Advertising Alliance. Finally, you can set your browser to notify you about the use of cookies and to accept them individually or to exclude the acceptance of cookies in certain cases or generally. Please note that if cookies are not accepted, the functionality of our site may be limited.

Further information regarding DoubleClick by Google's data protection provisions can be found at the following internet address:
https://www.google.com/policies/privacy/

10.2 Use of Google AdWords Conversion Tracking

This website uses the online advertising programme "Google AdWords" from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (the "Google") and the associated conversion tracking. We use Google AdWords to draw attention to our site through advertising measures (so-called Google AdWords) on external websites. With regard to the data from our advertising campaigns, we can determine to what extent we can judge the success of individual advertising measures. This allows us to pursue the interest in displaying relevant advertisements, making our site more interesting and achieving fair advertising cost calculation.

A conversion tracking cookie is set when a user clicks on an advertisement placed by Google. Cookies are small text files stored on your computer system. These cookies typically expire after 30 days and do not serve personal identification. If a user visits a specific page on our website and the cookie has not yet expired, Google and our site can recognise that the user clicked on the advertisement and was redirected to this page. Each Google AdWords customer receives a different cookie. Therefore, the cookie cannot be tracked across Google AdWords customers' websites. The information collected by the conversion cookie is used to create conversion statistics for AdWords customers who have selected conversion tracking. The customer learns the total number of users who clicked on an advertisement and were redirected to a page with the conversion tracking tag. However, you do not receive information that would allow you to identify users personally. If you do not wish to participate in tracking, you can disable this use by disabling the Google Conversion Tracking cookie in your user settings through your Internet browser. You will then no longer be included in conversion tracking statistics. Our site uses Google AdWords in accordance with GDPR Article 6(1)(f) based on our legitimate interest in targeted advertising.

Detailed data protection information regarding Google and advertisements can be found at:
https://www.google.com/policies/technologies/ads/

You can permanently disable advertising setting cookies by downloading and installing the browser plugin available at the following link:
https://www.google.com/settings/ads/plugin?hl=en

Please note that certain features of this website may not be available or may only be available to a limited extent if you have disabled the use of cookies.

11) Web Analytics Services

Google (Universal) Analytics

– Google Universal Analytics

This website uses the web analytics service Google Analytics from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (the "Google"). Google Analytics uses "cookies", which are text files stored on your computer, to enable the analysis of website usage. The information generated by the cookie about your use of our website (including your shortened IP address) is normally transmitted to and stored on Google servers in the United States.

This website uses Google Analytics only with the "_anonymizeIp()" extension, which ensures anonymisation of IP addresses through truncation and excludes direct personal references. Through this extension, Google shortens IP addresses within EU member states or other states parties to the European Economic Area Agreement. Only in exceptional cases is the complete IP address transmitted to Google servers in the United States and then shortened. In these exceptional cases, processing is carried out in accordance with GDPR Article 6(1)(f) based on our legitimate interest in statistical analysis of user behaviour for optimisation and marketing purposes.

On behalf of our site, Google uses this information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet usage. The IP address transmitted by your browser will not be merged with other data from Google as part of Google Analytics.

You can prevent cookies from being stored by configuring your browser software accordingly. However, please note that in this case you may not be able to use all functions of our site in full. Furthermore, you can prevent the registration of data generated by cookies and relating to your website usage (including your IP address) to Google and prevent our site's processing of this data by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=en

Or, on mobile devices, you can click on the following link instead of using the browser to set an opt-out cookie and prevent Google Analytics from recording this website in the future (this opt-out cookie only works in this browser and only on this domain; if you delete cookies in this browser, you will need to click the link again): Disable Google Analytics

This website also uses Google Analytics to analyse the flow of visits across devices executed through User ID. On your first page visit, you are assigned a unique persistent and anonymised ID that is set across devices. This allows interaction data and different sessions from different devices to be associated with a single user. The User ID does not contain any personal data and is not transmitted to Google.

The collection and storage of data via User ID can be objected to at any time. For this purpose, you must disable Google Analytics on all systems you use (for example, on a different browser or mobile device). Disabling can be done using Google's browser plugin
(https://tools.google.com/dlpage/gaoptout?hl=en
). Or you can click on the following link to set an opt-out cookie and prevent Google Analytics from being recorded on this website in the future (this opt-out cookie only works in this browser and only on this domain; if you delete cookies in this browser, you will need to click the link again): Disable Google Analytics

Further information about Universal Analytics can be found here:
https://support.google.com/analytics/answer/2838718?hl=en

12) Retargeting/Remarketing/Recommended Advertisements

Facebook Custom Audience (Pixel Method)

This website uses the "Facebook Pixel" from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (the "Facebook"). With explicit consent, we can track user behaviour after they have seen or clicked on a Facebook advertisement. This method can help us assess the effectiveness of Facebook advertisements, evaluate statistical and marketing research purposes, and optimise future advertising measures.

The data collected is anonymous on our site and provides no opportunity to draw conclusions about the user's identity. However, because the data is stored and processed by Facebook, a connection to the corresponding user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with Facebook's data use guidelines (https://www.facebook.com/about/privacy/
).

You can consent to advertisements displayed by Facebook and its partners being shown within Facebook and beyond. Cookies may also be stored on your computer for this purpose. These processing processes only occur in accordance with GDPR Article 6(1)(a) after explicit consent. Consent to use the Facebook Pixel can only be given by users aged 13 and over. If you are younger, please ask your parent or guardian for permission.

To disable the use of cookies on your computer, you can configure your Internet browser to prevent cookies from being stored on your computer in the future or delete cookies that are already stored. Disabling all cookies may result in certain functions of our site not being available. You can also disable the use of cookies from third-party providers such as Facebook through the following website from the Digital Advertising Alliance:
https://www.aboutads.info/choices/

Google AdWords Remarketing

Our website uses Google AdWords remarketing functionality to display advertisements for our website in Google search results and on third-party websites. The provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (the "Google"). For this purpose, Google uses cookies in your browser to automatically display pseudo-cookie IDs and interest-based advertisements based on pages you have visited. Processing is carried out in accordance with GDPR Article 6(1)(f) based on our legitimate interest in optimal marketing of our site.

Further data processing only occurs if you have consented to Google's linking of your internet and app browsing history to your Google account, and your Google account information is used to personalise advertisements you see online. In this case, if you are logged into Google when visiting our site, Google will use the data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, Google temporarily merges personal data with Google Analytics data to form audiences for cross-device remarketing.

You can permanently disable advertising setting cookies by downloading and installing the browser plugin available at the following link:
https://www.google.com/settings/ads/onweb/

Or you can obtain information about the use of cookies and make settings through the internet address www.aboutads.info of the Digital Advertising Alliance. Finally, you can set your browser to notify you about the use of cookies and to accept them individually or to exclude the acceptance of cookies in certain cases or generally. Please note that if cookies are not accepted, the functionality of our site may be limited.

Detailed data protection information regarding advertising and Google can be found at:
https://www.google.com/policies/technologies/ads/

13) Rights of Registered Users

13.1

Current data protection law provides registered users with comprehensive rights (rights to information and intervention) against the responsible party. Below, our site informs you of these:

Right to information pursuant to GDPR Article 15:
In particular, you have the right to receive information about the personal data being processed by our site, the purposes of processing, the categories of data processed, the recipients or categories of recipients to whom the data is disclosed, the planned retention period or decision criteria, the right to rectification, deletion, restriction of processing, objection to processing, the right to lodge a complaint with a supervisory authority, information about data sources if it was not obtained from you, including meaningful information about the existence of automated decision-making and profiling, if any, and the logic involved and the significance and expected consequences thereof, as well as information about what safeguards exist if your data is transferred to third countries in accordance with GDPR Article 46;

Right to rectification pursuant to GDPR Article 16:
The right to request immediate rectification of inaccurate personal data and to request completion of incomplete personal data stored with our site;

Right to erasure pursuant to GDPR Article 17:
The right to request deletion of personal data if the conditions of GDPR Article 17(1) are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, if it is necessary for the performance of a legal obligation, if it is necessary for reasons of public interest, or if it is necessary for the establishment, exercise or defence of legal claims;

Right to restrict processing pursuant to GDPR Article 18:
The right to request restriction of processing. If you contest the accuracy of the alleged data while our site examines it, if our site contests that deletion is unlawful while we have a reason, if our site no longer needs the data but you need it for the establishment, exercise or defence of legal claims, or if you have objected to processing for reasons relating to your particular circumstances while it has not yet been decided whether our site's legitimate reasons outweigh your objection;

Right to notification pursuant to GDPR Article 19:
If you exercise your right to rectification, erasure or restriction of processing against the responsible party, that responsible party has an obligation to notify all recipients to whom the personal data has been disclosed of this rectification, erasure or restriction of processing, unless this is impossible or involves a disproportionate effort. You have the right to be informed about these recipients;

Right to data portability pursuant to GDPR Article 20:
The right to receive the personal data you have provided in a structured, commonly used, machine-readable format or to request its transfer to another responsible party;

Right to withdraw consent pursuant to GDPR Article 7(3):
The right to withdraw your consent to data processing at any time for the future. In the event of withdrawal of consent, our site will immediately delete the corresponding data, unless further processing is based on another legal basis. Withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal;

Right to lodge a complaint pursuant to GDPR Article 77:
If you believe that the processing of personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular with the supervisory authority in the member state in which you reside, work, or where the alleged violation occurs, without prejudice to other administrative or judicial remedies.

13.2 Right to Object

If the processing of your data is based on our overwhelming legitimate interest based on interest balancing, you have the right to object to our site's processing of your data at any time for reasons relating to your particular circumstances.

If you exercise your right to object, our site will cease processing your data. Further processing is reserved, however, if our site can prove compelling reasons for the processing that merit protection, or if the data serves to establish, exercise or defend legal claims.

If data is processed for direct marketing purposes, you have the right to object to the processing of your data for this marketing purpose at any time. The right to object can be exercised in the manner described above.

If you exercise your right to object, our site will cease processing your data for direct marketing purposes.

14) Retention Period for Personal Data

The retention period for personal data is determined based on the applicable statutory retention periods (such as commercial and tax law retention periods). After the end of the period, the corresponding data is normally deleted. However, this only applies if the data is no longer necessary for the performance or fulfilment of a contract and our site has no legitimate interest in further retention of data.