Privacy policy

1) Information about the collection of personal data and contact details of the person responsible

1.1We are pleased that you are visiting our website and thank you for your interest. In the following we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2The huut is responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR). company GmbH, Wurzerstraße 16, 80539 Munich, Germany, phone: 08923044808, email: hello@huut-care.com. The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

1.3For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses an SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

2) Data collection when visiting our website

If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

• Our visited website
• Date and time at the time of access
• Amount of data sent in bytes
• Source/reference from which you came to the page
• Browser used
• Operating system used
• IP address used (if necessary: in anonymous form)

The processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) Hosting & Content-Delivery-Network

Hosting durch Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify") for the purpose of hosting and displaying the online shop on the basis of a processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned Shopify services, data may also be processed as part of further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc .or Shopify (USA) Inc. In the event that data is transmitted to Shopify Inc. in Canada, the European Commission’s adequacy decision ensures the appropriate level of data protection. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those of Shopify mentioned above only takes place within the framework communicated below.

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), some of these cookies remain on your end device for a longer period of time and enable page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of the cookie settings in your web browser.
If individual cookies used by us also process personal data, the processing takes place in accordance with Article 6 (1) (b) GDPR either for the execution of the contract, in accordance with Article 6 (1) (a) GDPR in the event that consent has been given or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be restricted.

5) Contact

When contacting us (e.g. via contact form or e-mail), personal data will be processed - exclusively for the purpose of processing and answering your request and only to the extent required for this. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the facts in question have been finally clarified and provided that there are no legal storage obligations to the contrary

6) Data processing when opening a customer account

In accordance with Article 6 Paragraph 1 Letter b GDPR, personal data will continue to be collected and processed to the extent required in each case if you provide it to us when opening a customer account. The data required for opening an account can be found in the input mask of the relevant form on our website. A deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After your customer account has been deleted, your data will be deleted provided that all contracts concluded have been completed, there are no legal retention periods to the contrary and we have no legitimate interest in further storage.

7) Use of Customer Data for Direct Marketing

7.1Sending the e-mail newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for goods or services from our range by e-mail that are similar to those you have already purchased. According to Section 7 (3) UWG, we do not have to obtain your separate consent for this. In this respect, data processing takes place solely on the basis of our legitimate interest in personalized direct advertising in accordance with Article 6 (1) (f) GDPR. If you initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the person responsible named at the beginning. For this, you only incur transmission costs according to the basic tariffs. After receipt of your objection, the use of your e-mail address for advertising purposes will be stopped immediately.

7.2Product availability notification via email

For temporarily unavailable items, you can opt-in to receive email notifications of stock availability. We will send you a one-time email message about the availability of the item you have selected. The only mandatory information for sending this notification is your e-mail address. Providing further data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure for sending e-mails, which ensures that you only receive a notification if you have expressly confirmed your consent to this by clicking on a verification link sent to the e-mail address provided.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6 (1) (a) GDPR. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later point in time. The data collected by us when registering for our email notification service for the availability of goods is used strictly for the intended purpose. You can unsubscribe from the availability notifications at any time by sending a message to the person responsible mentioned above. After you have unsubscribed, your e-mail address will be deleted immediately from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we will inform you in this declaration .

8) Data processing for order processing

8.1Insofar as it is necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned bank in accordance with Article 6 Paragraph 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data you provide when ordering (name, address, e-mail address) in order to inform you within the scope of our legal information obligations in accordance with Art. 6 Para 1 lit. c GDPR via a suitable communication channel (e.g. by post or e-mail) about upcoming updates in the period stipulated by law. Your contact details will be used strictly earmarked for notifications about updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the information in question.

In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

8.2Use of special service providers for order processing and processing

- DHL Fulfillment
The order is processed by the service provider DHL Home Delivery GmbH, Sträßchensweg 10, 53113 Bonn as part of "Shipping by DHL Fulfillment". Your personal data will only be passed on to DHL Fulfillment for the purpose of processing the online order in accordance with Article 6 (1) (b) GDPR.
- Shopify Digital Download
The order is processed via the "Digital Downloads" service of Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Mail address and, if applicable, first and last name of the customer are passed on to Shopify exclusively for the processing of online orders in accordance with Article 6 (1) (b) GDPR. Your data will only be passed on to the extent that this is actually necessary for the processing of the order can be viewed on the website at https://www.shopify.de/legal/datenschutz.
- Shopify Order Printer
For the accounting and logistical organization of orders, we use the "Order Printer" service of Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify") for automated creation of invoices, receipts, shipping labels and other business documents. If personal order data is processed via the service for the preparation of these documents, the processing takes place in accordance with Article 6 Paragraph 1 Letter b GDPR exclusively for the proper processing of online orders.

8.3Use of payment service providers (payment services)

- Google Pay
If you decide to use the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment will be processed using the “Google Pay” application on your device with at least Android 4.4 ("KitKat") operated mobile device with an NFC function by debiting a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To release a payment via Google Pay of more than €25, you must first unlock your mobile device using the verification measure set up (e.g. face recognition, password, fingerprint or pattern).
For the purpose of payment processing, the information you provide during the ordering process, along with the information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the source website, which is used to verify that the payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a uniquely valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment process. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment stored with Google Pay.
If personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
Google reserves the right to collect, store and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description provided by the merchant of the goods or services purchased, photographs you included with the transaction, the name and email addresses of the seller and buyer, or of the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing takes place exclusively in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and functional maintenance of the Google Pay service.
Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.
The Google Pay Terms of Use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection with Google Pay can be found at the following Internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna
If a Klarna payment service is selected, the payment will be processed by Klarna Bank AB (publ), https://www.klarna.com/de/, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). In order to enable the payment to be processed, your personal data (first and last name, street, house number, postal code, city, gender, e-mail address, telephone number and IP address) as well as data relating to the order will be processed (e.g. invoice amount, item, type of delivery) to Klarna for the purpose of identity and creditworthiness checks, provided that you have expressly consented to this in accordance with Art. 6 (1) (a) GDPR during the ordering process. You can see here which credit agencies your data can be forwarded to:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. Klarna uses the information received about the statistical probability of non-payment for a balanced decision on the establishment, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the person responsible for data processing or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.
Your personal information will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
treated.
- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by installments" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), further. The transfer takes place in accordance with Art. 6 Paragraph 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. Further data protection information, including information on the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment will be processed by the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we send the information you provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Article 6 (1) (b) GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this. For more information about Shopify Payments' privacy policy, visit the following web address: https://www.shopify.com/legal/privacy.
Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
- Stripe
If you choose a payment method from the payment service provider Stripe, the payment will be processed via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we will send the information you provided during the ordering process together with the information about your order (name, address, account number, sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Article 6 Paragraph 1 Letter b GDPR. You can find more information about Stripe's data protection at the URL https://stripe.com/de/privacy#translation.
Stripe reserves the right to carry out a credit check based on mathematical-statistical procedures in order to protect the legitimate interest in determining the user's solvency. Stripe may transmit the personal data required for a credit check and received as part of payment processing to selected credit agencies, which Stripe discloses to users upon request. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. Stripe uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to use the selected payment method.
You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies.
However, Stripe may still be entitled to process your personal data if this is necessary for contractual payment processing.

9) Site Functionalities

9.1 - Google Web Fonts
This site uses so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.
For this purpose, the browser you are using must connect to the Google servers. This can also result in the transmission of personal data to the servers of Google LLC. come in the US. In this way, Google becomes aware that our website has been accessed via your IP address. The processing of personal data in the course of establishing a connection with the provider of the fonts will only be carried out if you have given us your express consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website. If your browser does not support web fonts, a standard font will be used by your computer.
You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

9.2 Google reCAPTCHA

On this website we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is primarily used to distinguish whether an entry is made by a natural person or whether it is misused by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in determining individual personal responsibility on the Internet and avoiding abuse and spam. When using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. come in the US.

Further information on Google reCAPTCHA and Google's data protection declaration can be found at: https://www.google.com/intl/de/policies/privacy/

Insofar as this is legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR to process your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the above-described option to make an objection.

9.3Shopsync for Shopify

This website uses the Shopify app "Shopsync" from ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
With the help of ShopSync, the "Mailchimp" newsletter service is synchronized with our Shopify account in such a way that updates in Mailchimp email lists (such as a completed opt-out by a newsletter recipient) are also automatically stored on Shopify and on the other hand New contact data generated via contracts concluded on Shopify are automatically transferred to the Mailchimp email lists.

In the first case, data is processed in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in the effective and cross-system maintenance of the files of advertising addressees and the efficient observance of legally significant status changes.

In the second case, the user's first and last name, address and e-mail address together with transaction-related information are only used on the basis of the user's express consent in accordance with Article 6 (1) (a) GDPR after a contract has been concluded on Shopify for inclusion in the Mailchimp list (purchase amount, time and date of purchase) transferred to Mailchimp by ShopSync.

Data transferred in this way is not stored or retained by ShopSync after synchronization. All information synced between Shopify and Mailchimp is transmitted over Secure Socket Layer (SSL) technology, and all information transmitted remains encrypted during the sync process.

The synchronization process requires information to be transmitted over a secure connection to servers hosted by Amazon Web Services in the United States.

Further data protection information about ShopSync can be found here: https://shopsync.io/privacy-policy

10) Tools and Miscellaneous

- Google Maps
On our website we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Maps is a web service for displaying interactive (land) maps to visually display geographic information. Using this service will show you our location and make it easier to get there.
As soon as you call up the sub-pages in which the Google Maps map is integrated, information about your use of our website (e.g. your IP address) is transmitted to Google's servers and stored there. This can also result in transmission to the servers of Google LLC. come in the US. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and evaluation are carried out in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of Google's legitimate interest in the display of personalized advertising, market research and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website cannot then be used.
You can view Google's terms of use at https://www.google.de/intl/de/policies/terms/regional.html, the additional terms of use for Google Maps can be found at https://www.google.com/intl /de_US/help/terms_maps.html
Detailed information on data protection in connection with the use of Google Maps can be found on the Google website ("Google Privacy Policy"): https://www.google.de/intl/de/policies/privacy/
Insofar as this is legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR to process your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the above-described option to make an objection.

11) Rights of the data subject

11.1The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the person responsible with regard to the processing of your personal data, whereby reference is made to the legal basis given for the respective exercise requirements:

• Right to information according to Art. 15 GDPR;
• Right to rectification according to Art. 16 GDPR;
• Right to erasure according to Art. 17 GDPR;
• Right to restriction of processing in accordance with Art. 18 GDPR;
• Right to information according to Art. 19 GDPR;
• Right to data portability according to Art. 20 GDPR;
• Right to revoke granted consent in accordance with Art. 7 Para. 3 GDPR;
• Right to complain according to Art. 77 GDPR.

11.2RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS IN OUR PREVIOUS LEGITIMATE INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPREHENSIVE REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING IS FOR THE CERTIFICATION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. YOU MAY OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED FOR DIRECT MARKETING PURPOSES.

12) Duration of storage of personal data

The duration of the storage of personal data is based on the respective legal basis, the processing purpose and - if relevant - also based on the respective statutory retention period (e.g. commercial and tax retention periods).

If personal data is processed on the basis of an express consent in accordance with Article 6 Paragraph 1 lit. a GDPR, this data will be stored until the data subject revokes his consent.

If there are statutory retention periods for data that are processed as part of legal or similar obligations on the basis of Article 6 (1) (b) GDPR, this data will be routinely deleted after the retention period has expired, provided that it is no longer required to fulfill or initiate a contract and/or we have no legitimate interest in further storage.

When personal data is processed on the basis of Article 6 (1) (f) GDPR, this data is stored until the data subject exercises his or her right to object in accordance with Article 21 (1) GDPR, unless we have compelling reasons worthy of protection for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct advertising on the basis of Article 6 Paragraph 1 lit. f GDPR, this data is stored until the data subject exercises his right of objection under Article 21 Paragraph 2 GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.