Privacy Policy
Lilly’s Wardrobe
1. GENERAL INFORMATION AND DATA CONTROLLER
1.1 Introduction
We are happy that you are visiting our website and appreciate your interest. Below we explain how we handle your personal data when you use our website. Personal data refers to any information that can directly or indirectly identify you as a person.
1.2 Responsible party
The data controller responsible for processing data on this website under the General Data Protection Regulation (GDPR) is Lilly’s Wardrobe.
A data controller is any natural or legal person who determines the purposes and means of processing personal data, alone or together with others.
1.3 Secure data transmission
For your safety, this website uses SSL or TLS encryption. This ensures that personal data and other confidential information (such as orders or inquiries) are transmitted securely. You can recognize an encrypted connection by “https://” in your browser and the lock icon.
We do not use automated decision-making or profiling that produces legal or similarly significant effects within the meaning of Article 22 GDPR.
2. DATA COLLECTED WHEN VISITING OUR WEBSITE
If you visit our website without registering or submitting information, we only collect data transmitted automatically by your browser to our server (server log files).
This may include:
-
Visited page
-
Date and time of access
-
Amount of data transferred
-
Referrer URL (previous page visited)
-
Browser type and version
-
Operating system
-
IP address (possibly anonymized)
Processing is based on Article 6(1)(f) GDPR, as we have a legitimate interest in ensuring the proper functioning, stability, and improvement of our website.
This data is not merged with other data sources and is not used for personal identification. We reserve the right to review log files if there are indications of misuse.
3. COOKIES
Our website uses cookies to improve user experience and enable certain functions. Cookies are small text files stored on your device.
Some cookies are deleted after your session ends (session cookies), while others remain stored to recognize your browser on future visits (persistent cookies).
Cookies may store information such as:
-
Browser settings
-
Location data (in some cases)
-
IP address (where applicable)
We use cookies based on:
-
Article 6(1)(b) GDPR (contract performance)
-
Article 6(1)(f) GDPR (legitimate interest in usability and functionality)
Where applicable, cookies may also be used by third-party partners for analytics or advertising purposes. These will only be activated with your consent where legally required.
Cookie settings
You can configure your browser to:
-
notify you about cookies
-
accept or reject them individually
-
block cookies completely or partially
Disabling cookies may limit website functionality.
When you first visit our site, you may be asked to accept or manage non-essential cookies via a cookie banner.
4. CONTACTING US
If you contact us via email or contact form, we process the personal data you provide solely to handle your inquiry.
The legal basis is:
-
Article 6(1)(f) GDPR (legitimate interest in responding to inquiries)
-
Article 6(1)(b) GDPR (if your request relates to a contract)
Once your request has been fully processed, your data will be deleted unless legal retention obligations apply.
5. CUSTOMER ACCOUNT AND CONTRACT PROCESSING
When you create a customer account or place an order, we collect and process personal data necessary for contract execution.
This may include:
-
Name
-
Address
-
Email address
-
Payment details (if applicable)
You may request deletion of your customer account at any time. After completion of the contract and expiration of legal retention periods (tax and commercial law), your data will be deleted or restricted for further processing unless legally required otherwise.
6. DIRECT MARKETING
6.1 Newsletter subscription
If you subscribe to our newsletter, we will send you regular updates about our offers.
Required data:
-
Email address
Optional information may be used for personalization.
We use a double opt-in process: you will only receive newsletters after confirming your subscription via a verification email.
Legal basis: Article 6(1)(a) GDPR (consent)
We store your registration data (including IP address and timestamp) to prevent misuse.
You may unsubscribe at any time using the link in the email or by contacting us. After unsubscribing, your email address will be removed unless legally required retention applies.
6.2 Email marketing for existing customers
If you have purchased from us, we may send you offers for similar products or services via email.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in direct marketing)
You may object to this at any time by contacting us. Upon objection, we will stop all marketing emails immediately.
7. ORDER PROCESSING AND PAYMENT PROVIDERS
7.1 Order processing
To fulfill orders, your data may be shared with:
-
Shipping providers
-
Payment service providers
Legal basis: Article 6(1)(b) GDPR
7.2 Payment services
We may use third-party payment providers:
PayPal
When paying via PayPal, your payment data is transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg for processing. PayPal may perform credit checks depending on the payment method.
More information is available in PayPal’s privacy policy.
SOFORT (Klarna Group)
If you choose SOFORT, payment processing is handled by SOFORT GmbH (part of Klarna Bank AB, Sweden). Required transaction data is transmitted for payment execution.
8. REVIEW REMINDER EMAILS
If you have given explicit consent, we may send a one-time email requesting a review of your order.
Legal basis: Article 6(1)(a) GDPR
You may withdraw consent at any time.
9. SOCIAL MEDIA PLUGINS
Our website may include links to social networks such as Facebook, Instagram, and others.
These are implemented as simple links rather than embedded plugins. This ensures no direct connection to external servers is made when you visit our site.
When you click a social media button, you are redirected to the respective platform, where their privacy policies apply.
10. ONLINE MARKETING AND ADVERTISING
We may use online advertising tools such as Google Ads, DoubleClick, and similar services.
These tools may use cookies to:
-
measure ad performance
-
show relevant ads
-
prevent repeated display of the same ads
Such processing is based on Article 6(1)(f) GDPR.
You may disable personalized advertising via browser settings or third-party opt-out tools.
11. ANALYTICS SERVICES
We may use analytics tools such as Google Analytics to understand website usage and improve performance.
These tools may:
-
collect anonymized usage data
-
store cookies
-
process IP addresses in shortened form
Legal basis: Article 6(1)(f) GDPR
You may opt out via browser settings or official opt-out plugins provided by the analytics provider.
12. RETARGETING / REMARKETING
We may use remarketing technologies (e.g., Facebook Pixel or Google Ads remarketing) to show relevant ads to users who previously visited our website.
These tools may associate browsing behavior with advertising profiles, but we do not directly identify individuals.
Processing only takes place with consent where required (Article 6(1)(a) GDPR).
You can disable tracking via browser settings or platform-specific opt-out tools.
13. RIGHTS OF USERS
You have the following rights under GDPR:
-
Right of access (Art. 15)
-
Right to rectification (Art. 16)
-
Right to erasure (Art. 17)
-
Right to restriction of processing (Art. 18)
-
Right to data portability (Art. 20)
-
Right to withdraw consent (Art. 7(3))
-
Right to lodge a complaint with a supervisory authority (Art. 77)
You may also object to processing based on legitimate interest at any time (Art. 21 GDPR), especially for direct marketing purposes.
14. STORAGE PERIOD
We store personal data only as long as necessary for the intended purpose or as required by law (e.g., tax and commercial retention obligations). After expiry, data is routinely deleted or restricted.
15. CONTACT
For questions about data protection or to exercise your rights, you can contact us at: