Privacy Policy

1) General Information on Personal Data Processing and Data Controller

1.1 Protecting your personal data is very important to us. Below you will find details about which data is collected when visiting our website and how it is processed. Personal data includes any information relating to an identified or identifiable natural person.

1.2 The data controller responsible for processing data on this website under the GDPR is:

Anselm Skogstad
Lychener Strasse 41
10437 Berlin
Germany
Phone: +49 89 2152 7852
Email: info@derduft.com

The data controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

1.3 To protect data transmission, our website uses SSL/TLS encryption, which you can recognize by the “https://” in the browser address bar and the padlock icon.

2) Data Collection During Website Visits

If you use our website for informational purposes only, without actively submitting data, only technical data automatically sent by your browser to our server (server log files) is collected. This includes:

  • Visited pages and content

  • Date and time of access

  • Data volume transferred

  • Referrer URL

  • Browser type and operating system

  • IP address (anonymized)

This data is processed based on our legitimate interest in ensuring a technically error-free and optimized website (Art. 6(1)(f) GDPR). Data is not shared with third parties unless there is justified suspicion of illegal use.

3) Use of Cookies

Our website uses cookies—small text files stored on your device—to provide functionality and improve your user experience. We use both session cookies (deleted after closing the browser) and persistent cookies (stored on your device).

Cookies may store information such as browser type, IP address, location, or user settings, helping us enable features like shopping carts or recognizing returning users.

If cookies process personal data, this is based on Art. 6(1)(b) (contract fulfillment) or Art. 6(1)(f) (legitimate interest) GDPR.

Third-party cookies may also be used, about which we inform separately.

You can manage or disable cookies in your browser settings at any time; however, this may limit website functionality.

4) Contacting Us

If you contact us via a form or email, your data is used solely to process your inquiry. Required fields are marked accordingly.

Processing is based on legitimate interest (Art. 6(1)(f)) or contract fulfillment (Art. 6(1)(b)) depending on the context.

Once communication ends and no legal retention obligations remain, your data will be deleted.

5) Processing Personal Data for Orders and Customer Accounts

When you provide personal data during orders or when creating an account, we process it for contract fulfillment under Art. 6(1)(b) GDPR. Required information is indicated in the input fields.

You may request deletion of your account anytime by contacting us. After contract completion or deletion, data is blocked and deleted after legal retention periods unless you consent to further use or legal reasons allow otherwise.

6) Use of Customer Data for Marketing

6.1 Newsletter Subscription
Your email address is used to send you newsletters after double opt-in consent (Art. 6(1)(a)). We record the IP and timestamp of your subscription for proof.

You can unsubscribe anytime via the link in the newsletter or by contacting us. After unsubscribing, your email is removed unless other legal grounds apply.

6.2 Email Advertising
If you provide your email when purchasing, we may send offers for similar products based on legitimate interest in direct marketing (Art. 6(1)(f)). You can object at any time.

6.3 Newsletter via Mailchimp
We use Mailchimp (The Rocket Science Group LLC, USA) for newsletter delivery. Your data is shared for this purpose.

Mailchimp uses tracking pixels to generate anonymous statistics on email openings and clicks. You may opt-out by unsubscribing.

A data processing agreement compliant with EU standards is in place. More info:
https://mailchimp.com/legal/data-processing-addendum
Privacy policy: https://mailchimp.com/legal/privacy/

7) Data Processing for Order Fulfillment

7.1 Transfer to Shipping and Payment Providers
We share necessary personal data with shipping and payment partners for contract fulfillment (Art. 6(1)(b)).

7.2 Shipping Partners
Delivery addresses are only shared to ensure shipment.

7.3 Payment Providers

8) Web Analytics Services

8.1 Use of Google Analytics (Universal)

Our website uses Google Analytics (Universal), a web analytics service provided by Google Ireland Limited, located at Gordon House, 4 Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies—small text files stored on your device—to help us understand how visitors interact with our website. The information generated by these cookies, including your shortened IP address, may be transmitted to and stored on Google servers, which may be located in the USA.

We have implemented Google Analytics with the "_anonymizeIp()" function, which anonymizes your IP address by truncating it within EU member states and EEA countries before further processing. Only in exceptional cases is the full IP address sent to a U.S. server and anonymized there.

Google uses this data on our behalf to evaluate website usage, generate reports, and provide other related services. Your IP address will not be combined with other Google data.

Google Analytics may also collect demographic information such as age, gender, and interests, based on users’ interactions with Google advertising and third-party data. This allows us to better segment user groups for targeted marketing, but individuals cannot be identified.

Use of Google Analytics and data collection occurs only with your explicit consent in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent at any time by changing your preferences in the cookie settings on our website.

We have a data processing agreement with Google that ensures compliance with EU data protection laws. For data transfers to the USA, Google relies on standard contractual clauses approved by the European Commission.

More details about Google Analytics privacy can be found here:
https://policies.google.com/privacy?hl=en

8.2 Use of Squarespace Analytics

Our website also uses analytics services provided by Squarespace, headquartered at Le Pole House, Ship Street Great, Dublin 8, Ireland. Squarespace collects and analyzes pseudonymized visitor data to help us understand user behavior and improve our services, based on our legitimate interest under Art. 6(1)(f) GDPR.

Cookies are used to recognize returning visitors and provide more accurate metrics. While IP addresses are collected, they are immediately pseudonymized and not stored in personally identifiable form.

Data may be transferred to Squarespace servers in the USA. However, pseudonymized data is not used to personally identify visitors or combined with other personal data.

If you prefer not to be tracked by cookies, you can disable cookies in your browser settings or opt out via the EU preference management platform:
http://www.youronlinechoices.com/en/preferences/

For more information, please see Squarespace’s privacy policy:
https://www.squarespace.com/privacy/

Where legally required, your consent for analytics use is obtained in advance and can be withdrawn at any time via the cookie settings on our site.

9) Data Subject Rights

Under applicable data protection laws, you have the following rights regarding the processing of your personal data:

  • Right of Access (Art. 15 GDPR): You can request information about the personal data we process, purposes, categories, recipients, and retention periods.

  • Right to Rectification (Art. 16 GDPR): You can request correction or completion of your personal data.

  • Right to Erasure (Art. 17 GDPR): You can request deletion of your data under certain conditions, unless legal obligations require retention.

  • Right to Restriction of Processing (Art. 18 GDPR): You can request limitation of processing under specific circumstances.

  • Notification Obligation (Art. 19 GDPR): You will be informed about recipients to whom corrections, deletions, or restrictions have been communicated.

  • Right to Data Portability (Art. 20 GDPR): You can receive your data in a structured, machine-readable format or request transfer to another controller.

  • Right to Withdraw Consent (Art. 7(3) GDPR): You can withdraw any previously given consent with future effect.

  • Right to Lodge a Complaint (Art. 77 GDPR): You can file a complaint with a supervisory authority if you believe your data is processed unlawfully.

9.2 Right to Object

If your personal data is processed based on our legitimate interests (Art. 6(1)(f) GDPR), you may object at any time for reasons related to your particular situation. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds.

You may also object to the use of your data for direct marketing purposes at any time. In such cases, we will immediately cease processing for these purposes.

10) Data Retention Periods

The retention period for personal data depends on the legal basis, processing purpose, and statutory storage requirements (e.g., tax or commercial law).

  • If processing is based on consent (Art. 6(1)(a) GDPR), data is stored until consent is withdrawn.

  • If processing is based on a contract or legal obligation (Art. 6(1)(b) GDPR), data is retained until the contract purpose is fulfilled or retention periods expire.

  • If processing is based on legitimate interest (Art. 6(1)(f) GDPR), data is stored until you object or overriding legitimate grounds no longer exist.

  • For direct marketing, data is kept until you object as per Art. 21(2) GDPR.

Unless otherwise stated, data will be deleted when no longer needed for the original purpose.

Last updated: July 1, 2025