Privacy Policy

Our Privacy Policy will inform you about the processing of personal data when using our website and online shop.

The term “personal data” means information that refers to an identified or identifiable person. This includes all details that permit the deduction of your identity, for instance is your name, telephone number, address or email address.

The term “personal data” does not include statistical data, for instance that we collect when you visit our website and that cannot be associated with you personally.

You can print out or save this Privacy Policy (e.g., as a PDF file) by using the standard functions of your browser.

1. Contact partner, controller and data protection officer

The contact partner and so-called “controller” for the processing of your personal data in the meaning of the EU General Data Protection Regulation (GDPR) when visiting this website is Lillydoo (Lillydoo GmbH, Hanauer Landstraße 147-149, 60314 Frankfurt am Main; telephone: +31 (0) 85 888 8043; email:

If you have any questions regarding the use of the website and the assertion of your rights against LILLYDOO, please contact:

For any data protection-related concerns please use the above mail address with the addition of "attn. data protection representative”.

2. Provision of the website and generation of log files

We collect data each time our website is used. Your browser automatically transmits this data to enable your visit to our website. In particular, this data is the

  • IP address of the requesting device;
  • date and time of the request;
  • address of the last visited and referring website; and
  • technical information about the browser and operating system used by the device.

Data processing is necessary to enable your visit to the website and to guarantee permanent functionality and security of our systems. In addition to the purposes described above, the aforementioned data is also stored for temporary periods in internal log files in order to prepare statistical information about the use of our website and to enhance our website to reflect visitor habits (e.g., if there is a rise in the proportion of page views using mobile devices) and to administrate our website in general. The legal grounds for this form of data processing are set out in Art. 6 paragraph 1 sentence 1 points b+f GDPR.

The information stored in the log files does not permit us to make any direct deductions as to identifiable persons. In particular, we only store IP addresses in a truncated form. The log files are stored for 30 days and then erased.


3.1 Link11

For IT security purposes (e.g. to increase the security of our website against fraud attacks, to ensure DDoS protection and to protect your customer experience against the consequence of malicious bots) we use the services of the German-based IT service provider Link11 GmbH, Lindleystraße 12, 60314 Frankfurt am Main. When you as a user access our website, several requests are sent to us for the respective page to be visited and we send back the content to be displayed. The request contains all the information we need to display the relevant content to you: Browser information, which page is to be called up, any forms submitted (e.g. in the checkout), passwords for login, etc. The requests are encrypted. Link11 can only access these requests in order to analyse them for bots. The following data is also transmitted: IP address, access time, access date, requested URL, user agent, referrer.

The legal basis is our legitimate interest (Art. 6 para. 1 lit. f DSGVO). We have concluded an order processing agreement with the IT service provider Link11, which acts as an order processor for us.

The functionality of the website cannot be guaranteed without the processing by the IT security service provider. Your personal data will be stored by the provider for as long as is necessary for the purposes described. IP addresses are generally stored for 96 hours. You can find more information about objection and removal options vis-à-vis the provider at:

3.2 Cloudflare

On our website, we also use content delivery network services from Cloudflare Inc., 701 Townsend St., San Francisco, CA 94107 (USA).

With the help of a content delivery network, the content of our website is stored on the server of the service. The server of the service provider distributes this content to you or your browser when you access our website. Cloudflare processes for example your IP address and DNS log data.

We use Cloudflare for the purpose of defending against attacks such as, e. g. so-called "DDoS or bot attacks" on our website. Furthermore, the aim of the data processing is to shorten the loading times of our website in order to make the content of our pages as quickly as possible available to you.

If necessary, personal data will be transferred to third countries. In order to comprehensively guarantee the protection of your data in such a case, there are sufficient guarantees or other instruments to ensure compliance with the European data protection principles.

The legal basis for the use of Cloudflare is Art. 6 para. 1 lit. f GDPR based on our legitimate interest in increasing the security and delivery speed of our website. We have concluded a data processing agreement with Cloudflare.

For more information, see Cloudflare's Privacy Policy.

4. Online shop, registration

You have the option to register on our online shop in order to use the full functionality of our website and to purchase our products. The mandatory data that you will be required to provide during registration or the order process is evident in the input fields (first and last name, email address and password, payment details, as well as billing and shipping address). Registration is not possible without this data, as the data is necessary for the performance of a contract. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 sentence 1 point b GDPR.

5. Terms of payment and payment services provider

We offer you standard forms of payment, such as iDEAL, credit card, PayPal, or payment on account for orders in our online shop. To do so, we collaborate with payment services providers from which we receive or to which we transfer your payment data. Settlement of payment and contractual performance are not possible without this payment data and the payment services provider. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 sentence 1 point b GDPR.

If you select payment on account as your payment method, our payment service providers will use payolution (payolution GmbH, Am Euro Platz 2, 1120 Vienna, Austria) in order to check your creditworthiness. You will find further information about payolution in its Privacy Policy.

6. Contact

6.1 Salesforce Service Cloud

We use the Service Cloud service of, inc. 415 Mission Street, 3rd Floor San Francisco, CA 94105 (hereinafter "Salesforce") for users within the European Economic Area.

It is a customer relationship management ("CRM") solution that we use to provide optimal support to existing customers, e.g., through live chat and community software, and to optimize sales processes. The joint CRM platform enables us to optimally manage customer relationships and support a perfect customer experience. In addition, Salesforce enables tracking measures with pixel tags and cookies (see Section 9.2) to collect statistical information (e.g., about the type, intensity and frequency of your website usage, history of your accessed pages, products and offers). We can thus optimize our operating processes based on the actual or perceived interests of users. By using the service, personal data such as device type, browser ID, contact ID, case ID, name of the customer and provided e-mail address of the customer are processed.

The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b, f DSGVO. The data is deleted as soon as it is no longer required for the processing purposes.

According to Salesforce, the data accruing in this context is only stored on servers within the EU. We have concluded an order processing agreement with Salesforce, which guarantees the rights of the data subjects and in which Salesforce undertakes to process data only in accordance with the DSGVO. In the event that personal data is transferred to the USA after all, we have concluded standard contractual clauses with Salesforce and Salesforce has integrated "Binding Corporate Rules".

You can also find more information about data processing by Salesforce in the Salesforce privacy policy.

7. Newsletter and advertising mails

You have the option to order our newsletter in which we will inform you regularly about new developments in our product range. We use the double opt-in procedure for ordering our newsletter; this means we will not send you our newsletter by email until you have confirmed that you wish to receive our newsletter by clicking on a link in our activation email. To do this, we store your email address, the time of registration and the IP address used for registration (“newsletter registration”) until such time as you unsubscribe to our newsletter. The exclusive purpose of this storage is to send you the newsletter and to provide evidence of your registration. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 point a GDPR

For certain newsletters (e.g., the #momlife newsletter), we store additional personal data (e.g., your calculated childbirth date and your week of pregnancy for the #momlife newsletter); this information, which we require to send you the newsletter, is evident in the input fields during registration. The legal grounds for this form of processing are also set out in Art. 6 paragraph 1 point a GDPR.

In addition, we send you advertising mails in which we request your feedback on orders and other information. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 point f GDPR.

In order to send you our newsletter and advertising mails, we collaborate with service providers to which we transfer your email address and your newsletter registration, among other things, in order to be able to send you the newsletter and advertising mails. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 sentence 1 point b, f GDPR.

You are entitled to unsubscribe to our newsletter and advertising mails at any time and without charge, or to object to their receipt. A corresponding unsubscribe link is contained in each newsletter and advertising mail. Alternatively, you may contact us at any time.

In our newsletters and advertising mails, we use industry-standard technologies that enable us to measure your interaction with the newsletter (e.g., opening the email, links that you click on). We use this data to optimise and develop our content and customer communication and to be able to send you individualised offers. Among the technologies used for this purpose are small graphic elements embedded in the messages (so-called pixels). We are able to associate the data and IDs with your personal data. The legal grounds for this are set out in the requirement for legitimate interest according to Art. 6 paragraph 1 sentence 1 point f GDPR. Where you do not wish us to analyse your usage habits, you are entitled at any time to unsubscribe to our newsletter and advertising mails without charge.

8. Loyalty and rewards programme (rewards shop) Antavo

You have the option of participating in our loyalty and rewards programme. We use the platform service provider Antavo by Antavo Limited, 107 Cheapside, 9th Floor, EC2V 6DN London, United Kingdom in order to implement the programme. Your data will be shared with Antavo for the purpose of receiving email notifications concerning your current points balance and current reward promotions. This data includes your customer number, order total, email address, name and date of birth (optional). Antavo processes this data for the purpose of operating the programme; the service provider makes the platform available, manages the points collected by you and operates the rewards shop. The rewards shop can only be used by customers with an active subscription. The following data is collected in particular when using the rewards shop: log-in data, browser data, location and the products purchased.

The legal basis for forwarding the data is the rewards programme contract pursuant to Art. 6 para. 1 sentence 1 point b) GDPR. We have concluded a data processing agreement with Antavo. Antavo stores your points balance and when you redeem your points. In view of the impending BREXIT, we have already concluded standard contractual clauses with Antavo in accordance with Article 46 para. 2 point c) GDPR for the event that personal data is transferred to Antavo in the UK. For further information, refer to Section 15 (“Data transfer to third countries”).

You can also obtain further information in this regard in Antavo’s Privacy Policy

9. Facebook Fan Page

We operate a Facebook fan page in joint responsibility on the social network by Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”), in order to communicate with interested persons and followers there, as well as to provide information about our products and services.

In this context, we may receive statistics from Facebook about the use of our fan page by Facebook or the fan page users, e.g. data about likes, comments or summarised information and statistics (e.g. about the age or locations of our followers) that help us to learn more about interaction on our page. To learn more about the type and scope of these statistics, visit the Facebook page statistics information, and the Facebook page insight supplement for information about the respective controller. The legal grounds for this data processing are set out in Art. 6 paragraph 1 sentence 1 point (b) GDPR, as well as in Art. 6 paragraph 1 sentence 1 point (f) GDPR, based on our legitimate interest as stated above.

We are unable to influence the data processed by Facebook on its own responsibility and based on the Facebook terms and conditions of use. Please be aware that data about your usage habits on Facebook and on the fan page is transferred to the Facebook servers when you visit the fan page. Facebook uses the aforementioned information to compile detailed statistics and for its own market research and advertising purposes, over which we have no influence. For further information, please refer to the Facebook privacy policies. Facebook is subject to the terms of the EU-US Privacy Shield for the event that personal data is transferred to the United States.

If we store the personal data of users during the operation of our fan page, the users will have the rights set out in this Privacy Policy. Users wishing to exercise additional rights towards Facebook should, as the simplest procedure, contact Facebook directly. Facebook is familiar with the technical operations of the platform and the associated data processing, as well as the actual purposes of data processing, and will be able on request to take the appropriate steps if users wish to exercise their rights. We will gladly support you in the exercise of your rights when possible and will pass on user enquiries to Facebook.

10. Cookies and equivalent technologies

It is necessary that we use cookies for some of our services. A cookie is a text file that is placed on your hard disk, either temporarily (“session cookies”) or for longer (“persistent cookies”). Cookies are not used to execute programs or to install viruses on your computer. Instead, the purpose of cookies is to provide you with a personalised offering and to make the use of our services as efficient as possible.

In their standard settings, most browsers will accept cookies. However, you can adjust the browser settings to reject cookies, or only to accept cookies with your prior consent. You will not be able to use the full functionality of our website if you reject cookies.

10.1. Proprietary cookies for a convenient user experience

We use cookies to individualise and optimise your user experience. Predominantly we use session cookies that are deleted when you close the browser. Here, session cookies are used to authenticate your login.

Among other things, we use persistent cookies to remember that information shown on our website was displayed to you, in order that we may display it to you again when you return to our website, or to ensure that our website recognises you and that you are not required to login again (“remember me”). Persistent cookies are automatically deleted after a set period that may differ individually for each cookie.

These services enable you to enjoy a convenient and individual use of our offerings and are based on our legitimate interests. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 sentence 1 point f GDPR.

10.2. Cookies and equivalent technologies by third-party providers for analysis and marketing purposes

We use a variety of technologies to analyse usage behaviour and evaluate the associated data, in order to improve our website. In particular, the collected data may include the IP address of the device, the date and the time of access, the cookie identifier, the device identifier for mobile devices, as well as technical data about the browser and operating system.

This data is processed for marketing purposes, for instance to display individualised advertising messages. Before using these cookies and comparable technologies, you will be given the opportunity to adjust the settings via our cookie banner in order to consent to the use of the respective cookies. You can change your consent at any time in the settings of the cookie banner and withdraw your consent. The legal grounds for this form of processing are set due to your consent after Art. 6 paragraph 1 sentence 1 point a GDPR. In the section below, we will describe these technologies and the providers used in this context.

10.2.1. Google Analytics, Ads conversion tracking and remarketing

Our website uses Google Analytics, a web analysis service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“). In addition, our website uses Google Ads conversion tracking and Ads remarketing and Google Signals, which are also services by Google.

Google Analytics uses cookies and similar technologies to analyse and improve our website based on your usage behaviour. Google Ads conversion tracking and Ads remarketing also use cookies and similar technologies in order to measure the performance of advertisements placed (so-called Ads campaigns) and to show you individualised advertising messages on websites that collaborate with Google. Google Signals compiles for us multi-platform data reports on Google users that have enabled personalised advertising in their Google accounts.

The data collected in this context may be transferred by Google to a server in the United States and stored there. For the event that personal data is transferred to the United States, Google has agreed to the conditions of the EU-US Privacy Shield.

Google will truncate your IP address before analysis of the usage statistics, which means that conclusions cannot be drawn as to your identity. For this purpose, the code “anonymizeIP” has been added to Google Analytics on our website to guarantee collection of anonymised IP addresses.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing the website operator with other services relating to website and Internet use.

The Google Ads conversion tracking cookies ordinarily remain enabled on your computer for around 30 days. If you visit our website during this period, both Google and we will be informed that you saw the displayed advertisement.

In case that you use a Google account, Google can, depending on the settings stored in your Google account, associate your Internet and browser cache with your Google account and use information from your Google account to personalise advertisements. You must sign out of your Google account before visiting our website if you do not want this association with your Google account.

If you have enabled personalised advertising in your Google account, Google will be able to prepare data models and reports on website habits, which show for instance on which device you first clicked on an advertisement and on which device any eventual purchase took place. These data models and reports are based on random samples and are pseudonymised to ensure anonymity, which means that we are unable to draw any conclusions as to the identities of the individual Google users.

For more information in this regard, refer to the Google Privacy Policy.

10.2.2. Facebook Pixel

In addition, our website uses remarketing tabs for marketing purposes (also the “Facebook Pixel”) by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”). This tag establishes a connection between your browser and a Facebook server when you visit our website. Facebook therefore receives information that you have accessed our website with your IP address.

For the event that personal data is transferred to the United States, Facebook has agreed to the conditions of the EU-US Privacy Shield Facebook uses this information to send a statistical and anonymous data about the general use of our website, as well as on the efficiency of our Facebook advertising (“Facebook Ads”).

If you are a member of Facebook and have made the appropriate privacy settings on your Facebook account, Facebook will also be able to associate the information stored with us about your visit with your personal account, which it can use for the targeted display of Facebook Ads.

You can access and change the Privacy Settings for your Facebook profile at any time.

For more information, visit the Facebook Privacy Policy.

10.2.3. Criteo

Our website also uses the remarketing technology by Criteo GmbH, Unterer Anger 3, 80331 Munich, Germany (“Criteo”). Criteo uses cookies and similar technologies to collect exclusively anonymised information on Internet usage habits among website visitors for marketing purposes.

Criteo is able to analyse Internet usage habits and on this basis to show relevant advertising banners as targeted product recommendations. On no accounts can the anonymous the data be used to personally identify website visitors.

The data collected by Criteo is used exclusively to improve the advertising service. Each banner pop-up contains a small “i” (for information) at the bottom right corner. Hovering with the mouse and clicking on this “i” will redirect users to a page that explains the system.

For more information on this regard, visit the Criteo Privacy Policy, where you can also object to the anonymous and analysis of your Internet usage habits.

10.2.4 ADTRIBA 

We use the services of Adtriba GmbH (Veilchenweg 26b, 22529 Hamburg) on ​​our website.  Adtriba is an analysis and tracking tool that helps us draw conclusions about the success of our online marketing campaigns. Using this information, we can evaluate our marketing campaigns and optimize them accordingly.  For this purpose, Adtriba uses cookies to identify your points of contact with our digital marketing campaigns. Your interactions with our advertising are also measured, e.g. your clicks on our advertising banners.  In addition, your cookie ID, your IP address (shortened to the last octet), technical information (browser type, operating system, device data), the marketing touchpoint (channel, source, campaign, time of interaction) and your visits on our website (visited page, referrer URL, interaction with the website and the time of your visit) are tracked. 
You can find more information on data processing in the  data protection regulations  of Adtriba. 


We use the "Spoteffects" service from XAD spoteffects GmbH (Saarstr. 7, 80797 Munich) on our website to measure the effectiveness of our TV advertising campaigns. Spoteffects uses the analysis tool  Matomo (formerly called "Piwik") to analyze the interactions. The data about the traffic and the number of orders are then combined with information about TV connections. This enables us to evaluate and optimize our TV campaigns. 

Matomo is an analysis tool from InnoCraft Ltd., 150 Willis St, 6011, Wellington, New Zealand (“Matomo”).  Matomo uses a cookie to analyze our website with regard to your user behavior. The cookie that is placed on your computer when you visit our website also stores and transmits your anonymized IP address. When data is transferred to our server, the IP address is shortened so that we can no longer identify you. In addition, the time of the website visit, page views, browser and browser settings used, operating system used, screen resolution of the end device used, referrer for accessing the website, search terms for website entry and cookie ID are recorded. The evaluation is only used to optimize and further develop our TV campaigns.

You can find more information in the data protection information   from Matomo. 

10.2.6 TRBO 

We use the service of trbo GmbH, Leopoldstr. On our website. 41, 80802 Munich ("Trbo").  Trbo is a tracking tool that helps us to design our website in the best possible way. By using Trbo, we can control and improve our online offerings by measuring the use of our online offers and the effectiveness of our online advertising. This helps us to understand which pages and products our customers are most interested in and which individual offers we should make to our website users. 

Technically, the tracking tool uses so-called "cookies" and "web beacons" in particular to collect the following information: which pages are searched for when, how often, and in what order, for which products, which links or offers are clicked and which orders are placed. The data collected and used by you in this context is only ever saved under a pseudonym (e.g. a random identification number) and is not combined with personal data about you (e.g. name, address etc.). If the external service providers have access to the data, this is done exclusively on our behalf and under our control. 

You can find more information on data protection at trbo here.


We use the service of sessionly, Renata Bognar, Prenzlauer Allee 186, 10405 Berlin ("sessionly") on our website. Sessionly is an evaluation tool that helps us to conduct a survey with our customers so that we can find out more about your satisfaction with our products. After your order process, sessionly sets a cookie to record your purchased products and your email address. We will then receive this information from sessionly, so that we can then send you an e-mail for product evaluation (see also the newsletter and advertising mailings section). In this email you  have the opportunity to share your experience with us about our products via sessionly.  

You can find more information about sessionly here.  

10.2.8 Use of Cookies

On this page we use the tracking technology of Linkster GmbH, Geschwister-Scholl-Straße 52, 20251 Hamburg, to measure and visualize insights into partnerships and advertising channels. This is a function for measuring the efficiency of the corresponding advertising measures. Furthermore, the information enables us to assign advertising successes for billing with corresponding advertising partners.If you click on an advertising integration, cookies are set in your browser, which are read out in the event of a transaction. At every touch point, your browser sends an HTTP request to the Linkster server with which certain information is transmitted. This information includes the URL of the website on which advertising material is placed (referrer URL), the browser identifier (user agent) of your end device (including information about the device type and the operating system), the IP address of the end device (This IP address is anonymized and hashed by us before storage), HTTP header (data packet automatically transmitted by your browser with various technical information), the time of the request and, if previously saved on the device, the cookie with its Content. The tracking technology stores cookies on your end device to document actions. A 24-digit, anonymous ID is stored in the cookie. Linked tothis ID, the data is encrypted in our database on the server. This contains information about the last touch points (i.e. when a particular advertising material was displayed or clicked on by a device). The stored touch points can, if necessary, be combined to form a sequence chain (user journey). With an action request, the order number and the shopping cart value of your order are usually also transmitted and saved by us.In addition, the following values can be transmitted and saved: your customer number, new customer characteristic, your age and gender as well as the information you provided in a customer survey. The cookies saved by Linkster GmbH are deleted after 30 days at the latest. The information transmitted to us and the cookies only serve the purpose of correctly assigning the success of an advertising medium and the corresponding billing and is in line with our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. If you do not want cookies to be stored, you can turn this off in our cookie banner and visit the "Cookie Settings" at any time.The collection and processing of tracking data can also be disabled by clicking on this tracking opt-out link:
Viewing your data:

10.2.9. TikTok

We use the TikTok Pixel, an advertiser-tool, provided by TikTok Ltd. (10 Earlsfort Terrace, Dublin, D02 T380, Ireland). The use of the TikTok Pixel is based on Art. 6 para. 1 lit. a DSGVO. The TikTok Pixel enables us to retarget you with products and services you have viewed on our Digital Property on TikTok and to measure when you have clicked through to our Digital Property after seeing one of our advertisements on TikTok. This is done on the basis of the IP address.

Information about how TikTok collects, uses and protects information collected using the TikTok Pixel is available in TikTok's user privacy policy.

Your data will be processed within the EU and the EEA. For this purpose, a data protection agreement has been concluded with TikTok. If personal data is transferred to countries outside the EU/EEA, this is done within the framework of the Commission's model contracts for the transfer of personal data to third countries (standard contractual clauses).

You can revoke your consent regarding the collection by the TikTok pixel and the use of your data at any time.


On our website we use the Consent Management Platform (CMP) of Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden ("Jaohawi"). Jaohawi's service supports us in playing out your choice of data processing, especially in connection with third party providers (see section 8.2 of this Privacy Policy). To ensure that your choices remain valid during future visits to our website, Jaohawi collects your IP address, time and duration of the visit, consent information, browser information, website visited and country. Jaohawi uses cookies for this purpose.

This data processing is in our legitimate interest to tailor the use of our website to your choice of cookies. The legal basis for this data processing is derived from Art. 6 para. 1 lit. f DSGVO.

You can find more information about Jaohawi here.  

11. Salesforce Marketing Cloud

For marketing purposes (e.g., to send our newsletters and informational emails) and for analysis purposes when you visit our website, we use the customer relationship management module "Salesforce Marketing Cloud" from Inc, The Landmark @ One Market Street, Suite 300, San Francisco, California, CA 94105, USA ("Salesforce").

Salesforce is used to tailor our offerings and services to your interests and to improve our advertising and communications to you. Salesforce uses cookies or other unique identifiers (e.g. cookie IDs) to learn more about your usage patterns on our websites. However, you can disable this at any time in the cookie settings. Your contact data (e.g. name, address, email address, IP address) will be transferred to the Salesforce Marketing Cloud for the purposes mentioned above. The Salesforce Marketing Cloud data is stored and processed on Salesforce servers in the USA. Salesforce undertakes by means of binding internal data protection rules pursuant to Art. 46 (2) b) and Art. 47 DSGVO (so-called Binding Corporate Rules) to maintain an adequate level of data protection even when processing data outside the European Union. Salesforce has also implemented standard contractual clauses (SCCs) in an order processing agreement.

The collection and evaluation of interactions is based on your consent pursuant to Art. 6 para. 1 lit. a DSGVO.

For more information about the Salesforce Marketing Cloud and Service and the processed data, please visit

12. Unbounce

We use the service of Unbounce Marketing Solutions Inc., 400-401 West Georgia Street, Vancouver BC, Canada, V6B 5A1, ("Unbounce"), which provides us with so-called "landing pages" that we create for certain promotions . On this promotion page of our website we offer prospective customers and customers coupon codes, discounts or other perks and enable them to be redirected to our website immediately.

The promotion page is hosted by Unbounce and records your IP address, the website you came from, the browser used, the user agent, the date and time of your visit, the device and cookie data when you visit. Unbounce uses cookies to measure the success of our campaign page.The legal basis for the aforementioned data processing is Art. 6 Para. 1 lit. a, f GDPR based on our legitimate interests. Our legitimate interest is based on advertising our products and our interest in measuring the success rate of our advertising measures.
You can find more information on data processing in Unbounce's data protection provisions.

13. Address Validation

To ensure that no incorrect address data is stored in our system, we use the "Global Address" service of GB Group PLC, The Foundation, Herons Way, Chester Business Park, Chester, CH4 9GB, United Kingdom ("Loqate") for appropriate data validation. We have entered into an order processing agreement with Loqate.

Your address (no other personal data will be processed) will only be checked for validity by Loqate when you enter it via the online interface and will not be stored beyond that. If an error is detected when entering your address, an alternative address or the correct spelling of your address will be suggested. Via the interface your data will be matched with Loqate's database, which is located in the United Kingdom. For the United Kingdom, the Commission has issued a corresponding adequacy decision pursuant to Article 45 (1) of the GDPR, which legitimizes the transfer to or the processing of your data in the United Kingdom.

The processing of your data itself is based on Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is to ensure that valid data is maintained and that a smooth processing of customer inquiries and orders can be guaranteed.

For more information about data protection at Loqate, please visit:

14. Typeform

On our website, we are using the services of Typeform S.L., Carrer Bac de Roda, 163, 08018 Barcelona (“Typeform”). Typeform is a tool for creating and realising user surveys and allows us to improve our services according to your feedback.

By using Typeform, we are able to integrate user surveys (for example cancellation surveys, how do you know LILLYDOO-questionnaire) into our website. Participating in those surveys is on entirely voluntary. When a survey is being filled out, Typeform processes and stores the provided personal data (for example the customer number) as well as the produced results. We entered a so-called “data-processing-agreement” with Typeform which not only obligates Typeform to protect our customers’ data, but which also prohibits the transmission of these data to third parties. Furthermore, the agreement commits Typeform to comply with the rules and standard contractual clauses of Article 46 GDPR when transferring personal data via subcontractors in the USA.

Our legitimate interest in a technically sound and optimised provision of our services in accordance with Article 6 (1) (f) GDPR forms the legal basis for the processing of the mentioned data. Further information regarding the data processing by Typeform can be found in Typeform’s privacy statement.


We work with zenloop GmbH, Erich-Weinert-Straße 145, 10409 Berlin. zenloop is a business-to-business software-as-a-service platform that allows us to collect and analyse feedback from our customers through various channels. This allows us to align and improve our offering to the needs of our customers. In addition, zenloop collects your survey responses.

The legal basis for the processing of data by zenloop is Art. 6 para. 1 lit. f GDPR.

We have entered into a data processing agreement with zenloop pursuant to Article 28 (3) of the GDPR and ascertained that zenloop has implemented appropriate technical and organisational measures in such a way that the processing complies with the requirements of the GDPR and ensures the protection of your rights.

You can find more detailed information in zenloop’s Privacy Policy at

For the purposes of customer and product evaluations by our customers and for our own quality management, we use the personal data provided by you in the course of the purchase, such as e-mail address, to request an evaluation of your order via the evaluation system used by us.

16. Application process

When you apply for a vacant position with us, we use your applicant data exclusively to manage the application procedure. The legal grounds for your data processing are set forth in Art. 6 paragraph 1 point b GDPR.

We store your personal data when we receive your application. Where we accept your application, we store your applicant data for three years at maximum after the end of the working relationship. Where we reject your application, we store your applicant data for six months after rejection of your application at maximum, except if you grant your consent for a longer period of storage by us.

We cooperate with recruitment service providers in the management of our application procedures. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 sentence 1 point b, f GDPR.

17. Inclusion of services and content from third parties

It is possible that content by third parties, for instance videos by YouTube, cartographic material by Google Maps, RSS feeds or graphics from other websites, are embedded in our website. This is only possible if the providers of these contents (“third-party providers”) are aware of your IP address, as without your IP address they would not be able to send content to your browser. The IP address is therefore necessary for the presentation of this content. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 point b, f GDPR.

We make efforts to include only content from providers that use the IP address exclusively to deliver content. Notwithstanding, we have no influence insofar as the third-party provider uses the IP addresses for statistical or other purposes.

17.1. Integration of YouTube videos

We have integrated YouTube videos in our website that are stored on YouTube and are directly playable from our website. YouTube is a multimedia service by by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“). For the event that personal data is transferred to the United Sates, Google and its subsidiary YouTube have agreed to the terms of the EU-US Privacy Shield. The legal grounds are as set out in Art. 6 paragraph 1 sentence 1 point f GDPR, and are defined by our legitimate interest in the integration of video and image content.

When you visit our website, YouTube receives the information that you have accessed the corresponding sub-page of our website. This occurs regardless of whether or not you are logged onto a Google or YouTube account. YouTube and Google use data for the purposes of advertising, market research and needs-based design of their websites. If you access YouTube on our website while logged into your YouTube or Google profile, YouTube and Google will be able to associate this event with your personal profile. If you do not want this association to take place, it is necessary that you log out of your Google account before visiting our website.

As described above, you can adjust your browser settings in such a way that it rejects cookies, or you can prevent the registration of data generated by the cookies about your use of this website, as well as the processing of this data by Google, by disabling the button “Personalized ads on the web” in the Google settings for advertising. In this case, Google will only show you non-personalised advertising.

For further information, refer to the Google privacy policies, which also apply to YouTube.

17.2. Additional information about the Trusted Shop Trustbadge

We are members of Trusted Shops and use the Trusted Shop stamp of quality and ratings. The Trusted Shops organisation has instructed us to provide the following information:

We have integrated the Trusted Shops Trustbadge on this website in order to display our Trusted Shops Trustmark and offer the Trusted Shops products to customers after placing an order. This serves the protection of our legitimate interests in the optimal marketing of our offer according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. The Trustbadge and the advertised trust badge services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.

With every use of the Trustbadge, the web server automatically saves a so-called server log file which contains e.g. your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. Those access data are not analysed and are automatically overwritten no later than seven days after the end of your website visit. Other personal data are transferred to Trusted Shops only if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract concluded between you and Trusted Shops applies.

18. Recipients of personal data

The data we collect will only be transferred where this is necessary for the performance of a contract, to ensure the technical functionality of the website or online shop, or where other legal grounds apply to the transfer of data (e.g., where we are required by law to disclose data (disclosure of information to criminal investigation agencies and courts; disclosure of information to public sector agencies that receive data based on statutory provisions, e.g. social insurance agencies, tax offices and suchlike), or when we are required, for the exercise of our claims, to commission the services of third parties who are professionally bound to duties of confidentiality).

Some of the data processing can be executed by service providers. In particular, they may include data centers that host our website and databases, IT service providers that maintain our system, logistics and transport service providers or marketing and customer service providers, as well as consulting companies. Where we transfer data to service providers, they shall be entitled to use the data exclusively for the performance of their tasks. We carefully selected and commissioned the third parties. They are contractually bound to adhere to our instructions, obliged to maintain confidentiality, have the appropriate technical and organizational measures in place to protect the rights of the individuals concerned, and are audited by us on a regular basis.

19. Duration of storage

As a rule, we only store your personal data for as long as is necessary for the satisfaction of our contractual or lawful obligations for which we collected the data, after which time we will erase the data without undue delay, except where we require the data until the end of the statutory period of limitations for the purposes of evidence in civil law claims or based on statutory retention periods.

For example, we are required for evidential purposes to store contractual data for a period of three years from the end of the year in which the contractual relationship with you is terminated, as any claims will only lapse after this period at the earliest based on the regular limitation periods.

In some cases we will be required to continue storing your data, even beyond the end of the regular limitation periods. We may be obliged to do so pursuant to statutory documentation obligations set forth in the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the German Anti-Money Laundering Act (GWG) and the German Securities Trading Act (WpHG). The retention periods stipulated therein for the storage of documents are between two and ten years.

20. Your rights

You have the right at any time to information about your personal data that is processed by us. In this context, we will explain to you the purpose of data processing and provide an overview of the personal data stored about you.

Where the data we have stored is incorrect or no longer up-to-date, you have the right to obtain rectification of this data.

You are also entitled to demand the erasure of your data. Where erasure is not possible in exceptional cases due to another legal provision, the data will be blocked to ensure that it is only available for its lawful purpose.

In addition, you have the right to restrict the processing of your data, for instance if you doubt the accuracy of the data.

You have the right to data portability, which means that we will, upon request by you to do so, send you a copy of the personal data provided by you.

Where data processing is based on the legal grounds set out in Art.6 paragraph 1 point f GDPR, you may also object where reasons apply that relate to your particular circumstances or where you are objecting to processing for reasons of direct marketing. In the latter case, your right to object shall always be valid and it will be implemented by us, even if you do not provide reasons. Moreover, you have the right at any time to withdraw consent previously granted to us. In this case, we will no longer process the data based on your consent, effective for the future. Withdrawal of consent does not affect the lawfulness of processing conducted until such time as consent is withdrawn.

You may use the contact data provided above to correspond with us and exercise your rights as described at any time.

You are also entitled to lodge a complaint with the competent supervisory authority for data protection. The competent supervisory authority in Frankfurt, our registered address, is: The Data Protection Commissioner in the State of Hesse, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany. Alternatively, you may lodge a complaint with the data protection authority at your place of residence, which will forward your concern to the competent authority.

21. Data security

We maintain state-of-the-art technical measures to guarantee data security, in particular the protection of your personal data against risks associated with data transfer or unauthorised access by third parties. These technical measures are adapted to remain state-of-the-art. For the protection of the personal data input by you on this website, we use the Secure Sockets Layer (SSL) standard, which encrypts the information you enter.

21.1 reCaptcha

Our website uses Google reCAPTCHA, a service by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. reCAPTCHA prevents automated software (so-called bots) from executing improper activities on the website, i.e. it checks whether entries are actually made by a human.

The following data is processed to conduct this check: referrer (URL of the page on which the Captcha is used), IP address, cookies placed by Google, the user’s input behaviour (e.g. answering the reCAPTCHA question, speed of entries in the form fields, sequence of selecting the input fields by the user), browser type, browser plugins, browser size and resolution, date, language settings, cascading style sheet specifications (CSS) and scripts (JavaScript).

In addition, Google imports the cookies by other services like Gmail, Search and Analytics. You must sign out from Google if you do not want these associations with your Google account.

This data is transferred to Google in an encrypted form. Google’s evaluation decides on how the Captcha is shown on the page. For the event that personal data is transferred to the United States, Google has agreed to the terms of the EU-US Privacy Shield.

For more information, refer to the Google privacy policies.

22. Amendment of the Privacy Policy

We amend this Privacy Policy from time to time, for instance if we revise our website or if the statutory requirements change.

© LILLYDOO GmbH – July 2022