Privacy Policy

The entity responsible for data processing is:
tutto passa UG
Schonensche Str. 37
13189 Berlin
Email: contact@tutto-passa.com

We are pleased about your interest in our online shop. The protection of your privacy is very important to us. Below, we provide detailed information about how we handle your data.

This Privacy Policy describes how tuttø passa (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from tutto-passa.com (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

Please read this Privacy Policy carefully.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date and take any other steps required by applicable law.

How We Collect and Use Your Personal Information

To provide the Services, we collect personal information about you from a variety of sources, as set out below. The information that we collect and use varies depending on how you interact with us.

In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide or improve or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we obtain about you depends on how you interact with our Site and use our Services. When we use the term "personal information", we are referring to information that identifies, relates to, describes or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

Information that you directly submit to us through our Services may include:

  • Contact details including your name, address, phone number, and email.
  • Order information including your name, billing address, shipping address, payment confirmation, email address, and phone number.
  • Account information including your username, password, security questions and other information used for account security purposes.
  • Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services.

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

Information We Collect about Your Usage

We may also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Services.

Information We Obtain from Third Parties

Finally, we may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:

  • Companies who support our Site and Services, such as Shopify.
  • Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfill your orders and provide you with products or services you have requested, in order to perform our contract with you.
  • When you visit our Site, open or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. Also see the section below, Third Party Websites and Links.

How We Use Your Personal Information

  • Providing Products and Services. We use your personal information to provide you with the Services in order to perform our contract with you, including to process your payments, fulfill your orders, to send notifications to you related to your account, purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, facilitate any returns and exchanges and other features and functionalities related to your account.
  • Marketing and Advertising. We may use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you advertisements for products or services. This may include using your personal information to better tailor the Services and advertising on our Site and other websites. If you are an EEA resident, the legal basis for these data processing activities is our legitimate interest in selling our products, according to Art. 6 (1) (f) GDPR.
  • Security and Fraud Prevention. We use your personal information to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately. If you are an EEA resident, the legal basis for these data processing activities is our legitimate interest in keeping our website secure for you and other customers, according to Art. 6 (1) (f) GDPR.
  • Communicating with You and Service Improvement. We use your personal information to provide you with customer support and improve our Services. This is in our legitimate interests in order to be responsive to you, to provide effective services to you, and to maintain our business relationship with you according to Art. 6 (1) (f) GDPR.

Cookies

Like many websites, we use Cookies on our Site. For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.

To make your visit to our website more attractive and to enable the use of certain functions, we use technologies on various pages, including cookies. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the browser session ends, meaning after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser during your next visit (persistent cookies).

Protection of Privacy on Devices
When using our online services, we use technologies that are absolutely necessary to provide the telemedia service you expressly requested. The storage of information on your device or access to information already stored on your device does not require your consent in this case.
For non-essential functions, storing information on your device or accessing information already stored on your device requires your consent. Please note that if you do not grant consent, some parts of the website may not be fully usable. Any consents you give will remain in effect until you adjust or reset your device settings.

Subsequent Data Processing through Cookies and Other Technologies
We use technologies that are essential for the functioning of certain features on our website (e.g., shopping cart functionality). These technologies collect and process your IP address, the time of your visit, device and browser information, and details about your use of our website (e.g., shopping cart contents). This is necessary to ensure an optimal presentation of our services, according to our legitimate interests in balancing interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
We also use technologies to fulfill legal obligations (e.g., to demonstrate consent to the processing of your personal data) and for web analysis and online marketing. More information, including the legal basis for data processing, can be found in the following sections of this privacy policy.
You can find cookie settings for your browser at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™.
If you have consented to the use of these technologies, in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact information in the privacy policy. Alternatively, you can visit the following link: www.xxx.de. If cookies are not accepted, the functionality of our website may be limited.

Use of Cookies and Other Technologies by Third Parties
If you have given your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR, we use the following third-party cookies and other technologies on our website. Once the purpose for which these technologies are used has been achieved and their use has ended, the data collected in connection with these technologies will be deleted. You can revoke your consent at any time with future effect. For more information on how to revoke your consent, please see the section "Cookies and Other Technologies". For more information, including the legal basis for our collaboration with the individual providers, please refer to the respective sections below. If you have any questions about the providers and the basis of our cooperation with them, please contact us using the information provided in this privacy policy.

Use of Google Services
We use the following technologies provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by the Google technologies about your use of our website is generally transmitted to and stored on a Google LLC server, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. There is no adequacy decision by the European Commission for the USA. Our cooperation with Google is based on standard contractual clauses of the European Commission.
Where your IP address is collected via Google technologies, it will be anonymized before storage on Google’s servers by activating IP anonymization. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise stated, data processing is carried out based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy notices.

Google Analytics
For the purpose of website analytics, data (IP address, time of visit, device and browser information, and information about your use of our website) is automatically collected and stored using Google Analytics, from which user profiles are created using pseudonyms. Cookies may be used for this purpose. Your IP address will not be merged with other Google data. Data processing is based on an agreement for data processing by Google.
For optimized marketing of our website, we have enabled the data-sharing settings for "Google Products and Services". This allows Google to access and use the data collected and processed by Google Analytics for the improvement of Google services. Data sharing with Google under these data-sharing settings is based on an additional agreement between controllers. We have no control over the subsequent data processing by Google.
We also use Google Analytics' extension function, Google Optimize, to create and run tests.
For optimized marketing, we use Google's User-ID function to assign a unique, permanent ID to your interaction data across multiple sessions on our online services and analyze your user behavior across devices and sessions.
Through the Google Signals extension function of Google Analytics, a cross-device tracking system is enabled. If your internet-enabled devices are linked to your Google account and you have activated "personalized advertising" in your Google account, Google can generate reports on your usage behavior (particularly cross-device user counts). We do not process any personal data in this regard, but we receive only statistics created based on Google Signals.
For web analytics and advertising purposes, the DoubleClick cookie enables your browser to be recognized when visiting other websites. Google will use this information to compile reports on website activities and to provide further services related to website usage.

Google Ads
For advertising purposes in Google search results and on third-party websites, the Google Remarketing cookie is set when you visit our website, automatically collecting and processing data (IP address, time of visit, device and browser information, and information about your use of our website) via a pseudonymous cookie ID based on the pages you visit to enable interest-based advertising. Further data processing only takes place if you have enabled personalized advertising in your Google account. In this case, if you are logged into your Google account during your visit to our website, Google uses your data in combination with Google Analytics data to create and define audience lists for cross-device remarketing.
We use Google Ads Conversion Tracking to measure and track user behavior after interacting with an ad to determine the effectiveness of ads and optimize future campaigns.

Google Tag Manager
With Google Tag Manager, we can manage various codes and services on our website. When implementing the individual tags, Google may process personal data (e.g., IP address, online identifiers such as cookies). Data processing occurs based on a data processing agreement with Google.
Through the use of Google Tag Manager, we can implement various services/technologies. If you do not wish for tracking services to be used, these remain deactivated for all relevant tracking tags implemented by Google Tag Manager.

YouTube Video Plugin
For embedding third-party content, we use the YouTube video plugin in enhanced privacy mode. When playing a video, data (IP address, time of visit, device, and browser information) is transmitted to Google, and further data processing is initiated. This data is processed by Google only if you play a video.

Use of Microsoft Services
We use the following technologies provided by Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft"). Data processing is based on an agreement between joint controllers according to Art. 26 GDPR. The information automatically collected by Microsoft's technologies about your use of our website is generally transmitted to and stored on a server of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. There is no adequacy decision by the European Commission for the USA. Our cooperation with Microsoft is based on standard contractual clauses of the European Commission. Further information about data processing by Microsoft can be found in Microsoft’s privacy notices.
To analyze and track events on our website, we use Microsoft Advertising Universal Event Tracking (UET). If you arrived on our website via a Microsoft ad, data (IP address, time of visit, device and browser information, and information about your use of our website based on events we specified) will be collected using cookies, and pseudonymous usage profiles will be created. If your internet-enabled devices are linked to your Microsoft account and you have not deactivated the "interest-based advertising" setting in your Microsoft account, Microsoft can create reports on user behavior (including cross-device user counts). We do not process personal data in this case, but we receive only statistical data based on UET.

Use of Facebook Services
We use the Facebook Pixel in the following technologies provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook (by Meta)" or "Meta Platforms Ireland"). With the Facebook Pixel, data (IP address, time of visit, device, and browser information, and information about your use of our website) is automatically collected based on events we define (e.g., visit to a website or newsletter registration), and pseudonymous user profiles are created. A cookie is set through the Facebook Pixel when you visit our website, which automatically recognizes your browser when visiting other websites using a pseudonymous cookie ID. Facebook (by Meta) will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide additional services related to website usage, especially personalized and group-based advertising.
The information automatically collected by Facebook (by Meta) technologies about your use of our website is generally transmitted to and stored on a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA. There is no adequacy decision by the European Commission for the USA. If the data transfer to the USA is within our responsibility, our cooperation with Meta Platforms, Inc. is based on standard contractual clauses of the European Commission. Further information about data processing by Facebook can be found in Facebook’s privacy notices.

Facebook Analytics
As part of the Facebook Business Tools, we use the data collected via the Facebook Pixel to generate visitor activity statistics on our website. Data processing is based on an agreement for data processing with Facebook (by Meta). This analysis helps us optimize the display and marketing of our website.

Facebook Ads (Ad Manager)
We use Facebook Ads to advertise this website on Facebook (by Meta) as well as on other platforms. We define the parameters of each advertising campaign, but Facebook (by Meta) is responsible for the precise implementation, particularly the placement of ads with individual users. Unless stated otherwise for individual technologies, data processing is based on an agreement between joint controllers according to Art. 26 GDPR. Joint responsibility is limited to the collection of data and its transmission to Meta Platforms Ireland. Further processing by Meta Platforms Ireland is not covered by this.
Based on the statistics created from the data collected by the Facebook Pixel about visitor activities on our website, we run group-based advertising through Facebook (by Meta) using Facebook Custom Audience, in which we define the characteristics of the respective target group.
Based on the pseudonymous cookie ID set by the Facebook Pixel and the collected data about your use of our website, we use Facebook Pixel for remarketing to display personalized advertisements to you.
With Facebook Pixel Conversions, we measure and track your behavior after interacting with an ad on Facebook Ads to analyze your subsequent actions on our website and improve our campaigns. Data processing is based on an agreement for data processing with Facebook (by Meta).

Other Providers of Web Analytics and Online Marketing Services
We use the following services for online marketing and web analysis, based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Once the purpose of their use has been fulfilled, the data collected in this context is deleted. You can revoke your consent at any time with future effect. For more information about your revocation options, refer to the section "Cookies and Other Technologies." Further details about the providers and the legal basis of our cooperation can be found below. If you have any questions about our service providers and the basis of our collaboration with them, please contact us as described in this privacy policy.

Use of AWIN for Online Marketing
We collaborate with AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany ("AWIN"), to market ad space to third parties on our website. These ads may be displayed to you at various locations on the website. AWIN can track whether you click on the ad and subsequently make a purchase, using cookies for this purpose. The collected data (IP address, time of visit, device and browser information, and information about your use of our website) is transmitted to AWIN and processed by them. We have no influence over this data processing. Data processing is based on an agreement between joint controllers according to Art. 26 GDPR.

Use of Klaviyo
We use the services of Klaviyo, Inc. ("Klaviyo"), 125 Summer Street, Boston MA, 02111, USA, to analyze user behavior in our online shop for our own advertising and market research purposes. Klaviyo also uses cookies and can link your behavior in our webshop with your personal data, provided you have subscribed to our newsletter, created a customer account, or completed an order process in our webshop. Klaviyo's privacy policy can be found at https://www.klaviyo.com/privacy.
When using Klaviyo's services, personal data is transmitted to and processed by Klaviyo:

  • Contact details and demographic data, purchase history, and details on consumer interactions with marketing communications,
  • Details regarding the devices used to access our website (such as IP address and operating system/browser type),
  • Dates and times of visits to and usage of our website,
  • Information about how our website is used (such as content viewed and user navigation),
  • How individuals interact with our emails (e.g., whether the email is opened and which links are clicked),
  • URLs referring visitors to our website.

To provide its services, Klaviyo may share personal data with partner companies. In such cases, Klaviyo enters into agreements with those partners to ensure that the level of protection is at least as high as that set out in Klaviyo's data processing agreement with us. A list of Klaviyo's affiliated companies can be found here: https://www.klaviyo.com/legal/subprocessors.
Klaviyo retains personal data until we instruct Klaviyo to delete it, which must occur no later than 180 days after we request Klaviyo to use the data.
To protect your data in the USA, we have entered into a data processing agreement with Klaviyo ("Data Protection Addendum") based on the European Commission's Standard Contractual Clauses, enabling the transfer of your personal data to Klaviyo. This data processing agreement can be viewed at: https://www.klaviyo.com/privacy/dpa.
Klaviyo Inc. is a company based in the USA. Data transfers to and the processing and/or storage of personal data by Klaviyo are based on the European Commission's Standard Contractual Clauses, which can be found in the data processing agreement between us and Klaviyo: https://www.klaviyo.com/privacy/dpa.

Social Media


We maintain online presences on Facebook (by Meta), Instagram (by Meta), and YouTube. If you have given your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR to the respective social media provider, your data will be collected for market research and advertising purposes when you visit our profiles on these platforms. This data is then used to create user profiles under pseudonyms. These profiles can be used to display advertisements that are tailored to your interests, both within and outside the respective platform. Cookies are generally used for this purpose. Detailed information on data processing and usage by the respective social media provider, as well as your rights and settings to protect your privacy, can be found in the privacy policies of the respective providers, linked below. If you need assistance, you can also contact us.

Facebook (by Meta)
Facebook (by Meta) is an offering of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The information automatically collected by Meta Platforms Ireland when you visit our online presence on Facebook is typically transmitted to and stored on a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA. There is no adequacy decision by the European Commission for the USA. Our collaboration with Meta Platforms, Inc. is based on the Standard Contractual Clauses of the European Commission. The data processing for visitors of a Facebook (by Meta) fan page is based on an agreement between joint controllers according to Art. 26 GDPR. More information (including details on Insights data) can be found here.

Instagram (by Meta)
Instagram (by Meta) is an offering of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The information automatically collected by Meta Platforms Ireland when you visit our online presence on Instagram is typically transmitted to and stored on a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA. There is no adequacy decision by the European Commission for the USA. Our collaboration with Meta Platforms, Inc. is based on the Standard Contractual Clauses of the European Commission. The data processing for visitors of an Instagram (by Meta) fan page is based on an agreement between joint controllers according to Art. 26 GDPR. More information (including details on Insights data) can be found here.

YouTube
YouTube is an offering of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The information automatically collected by Google when you visit our online presence on YouTube is typically transmitted to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. There is no adequacy decision by the European Commission for the USA. Our collaboration with Google LLC is based on the Standard Contractual Clauses of the European Commission.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for contract fulfillment purposes, legitimate purposes and other reasons subject to this Privacy Policy. Such circumstances may include:

  • With vendors or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
  • With business and marketing partners to provide services and advertise to you. Our business and marketing partners will use your information in accordance with their own privacy notices.
  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations, with your consent.
  • With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

We disclose the following categories of personal information and sensitive personal information about users for the purposes set out above in "How we Collect and Use your Personal Information" and "How we Disclose Personal Information":

CategoryCategories of Recipients

  • Identifiers such as basic contact details and certain order and account information
  • Commercial information such as order information, shopping information and customer support information
  • Internet or other similar network activity, such as Usage Data
  • Geolocation data such as locations determined by an IP address or other technical measures
  • Vendors and third parties who perform services on our behalf (such as Internet service providers, payment processors, fulfillment partners, customer support partners and data analytics providers)
  • Business and marketing partners
  • Affiliates

We do not use or disclose sensitive personal information without your consent or for the purposes of inferring characteristics about you.

With your consent we share personal information for the purpose of engaging in advertising and marketing activities, as follows.

Data Processing for Shipping Purposes
In order to fulfill the contract according to Art. 6 para. 1 sentence 1 lit. b GDPR, we share your data with the shipping service provider responsible for delivering the goods, as far as it is necessary for the delivery of ordered goods.

Data Sharing with Shipping Providers for Shipping Notifications
If you have given your explicit consent during or after your order, we will share your email address with the selected shipping provider based on this consent, according to Art. 6 para. 1 sentence 1 lit. a GDPR, so that the provider can contact you for delivery notifications or coordination before the shipment.
You can revoke this consent at any time by sending a message to the contact details provided in this privacy policy or directly to the shipping provider at the address below. After revocation, we will delete your data unless you have expressly consented to further use of your data, or we reserve the right to use it beyond this, as legally permitted and explained in this statement.
DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany
DPD Deutschland GmbH
Wailandtstraße 1
63741 Aschaffenburg
Germany

Data Processing for Payment Purposes
For the processing of payments in our online shop, we cooperate with the following partners: technical service providers, banks, and payment service providers.

Data Processing for Transaction Handling
Depending on the selected payment method, we share the necessary data for processing the payment transaction with our technical service providers, acting as data processors on our behalf, or with the assigned banks or selected payment service providers, as required for the transaction. This is necessary for contract fulfillment according to Art. 6 para. 1 sentence 1 lit. b GDPR.
In some cases, payment service providers collect the necessary data themselves, e.g., on their own website or through a technical integration in the ordering process. The respective payment service provider’s privacy policy applies in these cases.
If you have any questions about our payment partners and the basis of our cooperation with them, please contact us using the contact information provided in this privacy policy.

Data Processing for Fraud Prevention and Optimization of Payment Processes
We may provide additional data to our service providers, which they use in conjunction with the necessary payment data as our processors for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, handling disputed payments, supporting accounting). This serves our legitimate interest in fraud protection and efficient payment management, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Third Party Websites and Links

Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.


Advertising via Email


Email Newsletter Subscription and Newsletter Tracking
If you subscribe to our newsletter, we will use the necessary data or the data you separately provide to regularly send you our email newsletter based on your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time, either by sending a message to the contact information below or through a link provided in the newsletter. After unsubscribing, we will delete your email address from our mailing list, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use it beyond this, as legally permitted and explained in this statement.
Please note that when sending the newsletter, we analyze your user behavior. This includes tracking the opening and click rates to optimize future campaigns ("newsletter tracking").
For this purpose, the emails we send may contain one-pixel technologies (e.g., web beacons, tracking pixels) stored on our website. We link the following "newsletter data" to your email address or IP address, and possibly an individual ID:

  • The page from which the page was requested (so-called referrer URL),
  • The date and time of the request,
  • The description of the type of browser used,
  • The IP address of the requesting device,
  • The email address,
  • The date and time of registration and confirmation,
  • The one-pixel technologies.
    Links in the newsletter may also contain this ID.
    If you do not want newsletter tracking, you can unsubscribe from the newsletter as described above.
    This information is stored for as long as you are subscribed to the newsletter.

Email Newsletter without Subscription and Right to Object
If we receive your email address in connection with the sale of a product or service and you have not objected, we reserve the right to regularly send you offers for similar products from our range by email, based on § 7 para. 3 UWG (German Unfair Competition Act). This serves our legitimate interest in advertising to our customers.
You can object to this use of your email address at any time by sending a message to the contact information in this privacy policy or through a link in the advertising email, without incurring any costs other than the transmission costs according to the base rates.
After you unsubscribe, we will delete your email address from the mailing list unless you have expressly consented to further use of your data according to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use it beyond this, as legally permitted and explained in this statement.

Newsletter Delivery
The newsletter and the aforementioned newsletter tracking may also be sent by our service providers (particularly Klaviyo, see below) as part of a data processing agreement on our behalf.
If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact information provided in this privacy policy.
Our service providers are located in or use servers in countries where the European Commission has determined an adequate level of data protection: the United Kingdom.
Our service providers are located in or use servers in countries where the European Commission has determined an adequate level of data protection: Canada.
Our service providers are located in these countries: USA, Australia. For these countries, there is no adequacy decision from the European Commission. Our cooperation with them is based on the European Commission's standard contractual clauses.
Our service providers are located in these countries: USA, India. For these countries, there is no adequacy decision from the European Commission. Our cooperation with them is based on the European Commission's standard contractual clauses.

Sending Review Requests via Email
If you have given us your express consent during or after your order, according to Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your email address to request a review of your order through our review system. You can revoke this consent at any time by sending a message to the contact information provided in this privacy policy or through a link in the review request.
Review requests may also be sent by our service providers as part of a data processing agreement on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact information provided in this privacy policy.

Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” In addition, any information you send to us may not be secure while in transit. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide the Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

Your Rights

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

  • Right to Access / Know: You may have a right to request access to personal information that we hold about you, including details relating to the ways in which we use and share your information.
  • Right to Delete: You may have a right to request that we delete personal information we maintain about you.
  • Right to Correct: You may have a right to request that we correct inaccurate personal information we maintain about you.
  • Right of Portability: You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
  • Right to Opt out of Sale or Sharing or Targeted Advertising: You may have a right to direct us not to "sell" or "share" your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. Please note that if you visit our Site with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out of the "sale" or "sharing" of information for the device and browser that you use to visit the Site.
  • Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal information.
  • Withdrawal of Consent: Where we rely on consent to process your personal information, you may have the right to withdraw this consent.
  • Appeal: You may have a right to appeal our decision if we decline to process your request. You can do so by replying directly to our denial.
  • Managing Communication Preferences: We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.

You may exercise any of these rights where indicated on our Site or by contacting us using the contact details provided below.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here.

International Users

Please note that we may transfer, store and process your personal information outside the country you live in. Your personal information is also processed by staff and third party service providers and partners in these countries.

If we transfer your personal information out of Europe, we will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at contact@tutto-passa.com.

For the purpose of applicable data protection laws and if not explicitly stated otherwise, we are the data controller of your personal information.


Last updated: September 6, 2024