Privacy policy

This Privacy Policy describes how (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

How you contact us

After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at or by mail using the details provided below:

Lotta Ludwigson GmbH, Käthe-Niederkirchner-Straße 28, 10407 Berlin, Germany

The personal information we collect

When you visit the Site, we collect certain information about your device and information necessary to process your purchases including information about the version of web browser, IP address, time zone as well as cookie information installed on your device. Additionally, we collect information on what sites or products you view, what websites or search terms referred you to the Site, and how you interact with the Site. This automatically collected information is referred to as “Device Information”. 
We collect Device Information while you are accessing the Site using cookies, log files, web beacons, tags, or pixels. Cookies are data files installed on your device or computer and often include an anonymous unique identifier. For more information about cookies, see our section “Cookies” below. Log files track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps. Web beacons, tags, and pixels are electronic files used to record information about how you browse the Site.

Additionally, when you attempt or make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information, email address, and phone number. This information is referred to as “Order Information”.

We may also collect additional information if you contact us for customer support (“Customer Support Information”).

In this Privacy Policy, we refer to any information about an identifiable individual as “Personal Information” which includes Device information, Order Information and Customer Support Information.

How we use your Personal Information

We use your Personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfilment of your order, and keeping you up to date on new products, services, and offers. We use Device Information that we collect to screen for potential risk or fraud, but also to load the Site accurately for you as well as optimize and improve our Site as well as our marketing campaigns by performing analytics of how our customers use and interact with the Site. Order Information is generally used to communicate with you and fulfill your order placed through the Site. 

Sharing your Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above.

We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: We may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.


To carry out the newsletter, we work together with the US company Klaviyo Inc.

In this context, your data may also be transferred to other countries in which the above-mentioned contractual partner is located or processes the data. These are primarily countries in the European Economic Area (EEA) and occasionally also countries outside the EEA. This may also include transfers to the United States. According to the European Court of Justice, there is currently no adequate level of protection for transfers of data to the US. This may pose risks to the lawfulness and security of data processing. As a basis for data processing with recipients in third countries or a data transfer there, these processors use so-called standard contractual clauses (Art. 46 (2) and (3) DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data is transferred to and stored in third countries in accordance with European data protection standards. Through these clauses, processors undertake to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission.

You can find the contractual text of the EU standard data protection clauses and the adequacy decisions on the websites of the European Commission, the EU standard data protection clauses here, the adequacy decisions here.

We use Klaviyo on our website as a service for our email marketing and newsletter delivery. The service provider is the American company Klaviyo, 125 Summer St, Boston, MA 02110, USA ("Klaviyo").

The use of Klaviyo on our website is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in the use of a promotional, secure and user-friendly newsletter system.

The sending of the notification/newsletter is done through a mask offered on our website, through which you provide us with your email address. After you have provided us with your e-mail address, you will receive an e-mail from us in which we ask you to confirm that you would like to receive our notification/newsletter by clicking on a link (double opt-in). We will therefore only send you the notification/newsletter if you have previously expressly confirmed that you would like to receive one. The legal basis is your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. The consent can be revoked at any time.

Klaviyo acts as an order processor. We have concluded a contract on commissioned data processing (ADV) with Klaviyo. This is a contract required by data protection law, which ensures that the latter only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

The data processing agreement, which corresponds to the standard clauses, can be found at

You can learn more about the data that is processed through the use of Klaviyo in the Privacy Policy at

Behavioral Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you.

We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: You can also opt-out of Google Analytics here:

Our site is protected by reCAPTCHA, the Google Privacy Policy and Terms of Service apply. 

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at

You can opt out of our targeted advertising by using the respective links below:



Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at:

Data Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

Automatic decision-making

If you are a resident of the European Economic Area (“EEA”), you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

  • Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.

  • Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.


A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the GDPR/CCPA + Cookie Management to manage our Cookie Banner. The provider is iSenseLabs iSense LLC, 855 Maude Ave, Mountain View, CA 94043-4021

We use iSenseLabs' services through the Shopify to manage Cookie Bars, Preferences popups, Compliance Pages, and general Cookie and Data management.

All the GDPR data we collect is stored in EU servers, located specifically in a datacenter in Amsterdam, Netherlands.

For more details, we refer to the Privacy Policy & Terms of Service of iSenseLabs.


Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Your rights

General Data Protection Regulation (“GDPR”)

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above.

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper:


We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.


As noted above, if you would like to make a complaint, please contact us by e-mail or by mail using the details provided under “Contact” above.

Last updated: 04.08.2023