Lovehoney Privacy Policy
Our mission statement
We at Lovehoney Group understand that your Personal Data is exceptionally important to you, especially given the nature of our website and the products we sell, and when you trust us with it, we have a duty to keep it safe and secure. To that end you can be assured that our data handling policies and standards are fully in line with the current data protection legislation.
Overview
This Privacy Policy informs you about the types of Personal Data we collect, how we process it, the purposes for which we use it, and the rights you may have as a data subject.
Lovehoney Group is a global company with operations worldwide. Depending on your location and the website you use, specific conditions may apply to the processing of your data. Please refer to Section II. for more information.
You can always see which website and region the Privacy Policy applies to at the top of each website. To view the Privacy Policy for other websites or regions, simply change the selection there.
This Privacy Policy sets out our principles for the collection, use, and disclosure of personal data. Please also refer to the country-specific information at the bottom of this page.
I. Who this Policy applies to
II. Who is collecting your Personal Information
III. How we process your Personal Information
1. Temporary Storage of Usage Data
2. Storage of the IP Address for Security Purposes
3. Obligation to Provide Personal Data
4. Storage Duration
5. Webshop / User Account
5.1. Registration and Login
5.2. Order Processing
5.3. Track Your Order
5.4. Availability Notification
5.5. Customer Reviews
6. When contacting us
7. Chatbots
8. Newsletters & Marketing Communications
8.1. Direct Advertising
8.2. Newsletter Tracking
9. Campaigns
10. Suppliers and Business Partners
11. Job Applications
12. Processors and Service Providers
13. Sharing Personal Data within the Group of Companies and other International Data Transfers
14. Data Security
15. Cookies
15.1. Required Cookies
15.2. Visitor Measurement (Cookies for Analysis Purposes)
15.3. Tracking Technologies from Third-Party Providers for Advertising Purposes
15.4. Integration of Other Technical Third-Party Content and Functions
15.5. Embedded Videos and Players
15.6. Map Services
15.7. Affiliate Marketing
15.8. Captcha
16. Social Media
17. Product Testing Campaigns
IV. Your Rights
V. Supplementary Country-Specific Information
1. Germany
2. France
3. Italy
4. United Kingdom
VI. Contact us and Data Protection Officer
VII. Updates to the Privacy Policy
I. Who this Policy applies to
This Privacy Policy applies, inter alia, to:
• visitors to our websites;
• customers;
• users who create an account with us;
• campaign participants;
• job applicants, and
• suppliers and other business partners.
Depending on your relationship with us, we may collect and use your personal data in different ways. Please refer to the sections below to learn more about what data we collect about you and how we use it.
II. Who is collecting your Personal Information
As Lovehoney Group is a global company with operations worldwide, depending on which website you visit or which company within our group you interact with, the business responsible for processing your personal information may vary.
You can always see which website and region the Privacy Policy applies to at the top of each website. To view the Privacy Policy for other websites or regions, simply change the selection there.
Here is an overview of which company within the Lovehoney Group is data controller and business responsible for which website. All references in this Privacy Policy to “we”, “us” or “our” refer to this company.
Lovehoney
lovehoney.co.uk, lovehoney.eu, lovehoney.net, lhboutique.co.uk, lovehoneyforum.com: Lovehoney Limited, 100 Locksbrook Road, Bath BA1 3EN, UK
lovehoney.com: Lovehoney LLC, 5156 Southridge Parkway, Suite 110, College Park, Georgia, 30349, USA
lovehoney.com.au, lovehoney.co.nz: Lovehoney Australia Pty Limited, Grant Thornton, King George Central, Level 18 145 Ann Street, Brisbane QLD 4000, Australia
lovehoney.ca: Lovehoney Canada Inc., 1741 Lower Water Street, Suite 600, Halifax, Nova Scotia, B3J 0J2, Canada
Womanizer
womanizer.com/uk, womanizer.com/eu, womanizer.com/de, womanizer.com/fr, womanizer.com/ch, womanizer.com/au: WOW Tech Europe GmbH, Hermann-Blankenstein-Str. 5, 10249 Berlin, Germany
womanizer.com/us: WOW Tech USA Ltd., 103 Foulk Road, Suite 202, Wilmington Delaware, 19803-3741, USA
womanizer.com/ca-en: WOW Tech Canada Ltd., 1545 Carling Avenue, Suite 401, Ottawa, Ontario, K1Z 8P9, Canada
womanizer.com/jp: WOW Tech APAC Ltd., Unit A, 23/F, Gee Chang Hong Centre, 65 Wong Chuk Hang Road, Wong Chuk Hang, Hong Kong
We-Vibe
we-vibe.com/uk, we-vibe.com/eu, we-vibe.com/de, we-vibe.com/fr, we-vibe.com/ch: WOW Tech Europe GmbH, Hermann-Blankenstein-Str. 5, 10249 Berlin, Germany
we-vibe.com/us, we-vibe.com/au: WOW Tech USA Ltd., 103 Foulk Road, Suite 202, Wilmington Delaware, 19803-3741, USA
we-vibe.com/ca-en: WOW Tech Canada Ltd., 1545 Carling Avenue, Suite 401, Ottawa, Ontario, K1Z 8P9, Canada
Romp
romp.toys/uk, romp.toys/eu: WOW Tech Europe GmbH, Hermann-Blankenstein-Str. 5, 10249 Berlin, Germany
romp.toys/us: WOW Tech USA Ltd., 103 Foulk Road, Suite 202, Wilmington Delaware, 19803-3741, USA
romp.toys/ca-en: WOW Tech Canada Ltd., 1545 Carling Avenue, Suite 401, Ottawa, Ontario, K1Z 8P9, Canada
Arcwave
arcwave.com/uk, arcwave.com/eu, arcwave.com/de, arcwave.com/fr, arcwave.com/ch, arcwave.com/au, arcwave.com/jp: WOW Tech Europe GmbH, Hermann-Blankenstein-Str. 5, 10249 Berlin, Germany
arcwave.com/us: WOW Tech USA Ltd., 103 Foulk Road, Suite 202, Wilmington Delaware, 19803-3741, USA
arcwave.com/ca-en: WOW Tech Canada Ltd., 1545 Carling Avenue, Suite 401, Ottawa, Ontario, K1Z 8P9, Canada
III. How we process your Personal Information
1. Temporary Storage of Usage Data
When you visit our websites, so-called usage data is temporarily analyzed on our web server for statistical purposes as log data in order to improve the quality of our websites. This data record consists of
• the name and address of the requested content,
• the date and time of the request,
• the amount of data transferred,
• the access status (content transferred, content not found),
• the description of the web browser and operating system used,
• the referral link, which indicates the page used to connect to our site,
• the IP address of the requesting computer, shortened in such a way that a personal reference can no longer be established.
The aforementioned log data is only analyzed in anonymized form. The legal basis for the processing of usage data is Art. 6 para. 1 lit. f GDPR (General Data Protection Regulation), our legitimate interest in providing the content of the website and ensuring a device- and browser-optimized display.
2. Storage of the IP Address for Security Purposes
In addition, we store the full IP address transmitted by your web browser for seven days in the legitimate interest of recognizing, limiting and eliminating attacks on our websites. After this period has expired, we delete or anonymize the IP address. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.
3. Obligation to Provide Personal Data
Providing your personal data to us is not required by law and is voluntary. However, the provision of your data is necessary for the use of certain services. This applies, for example, to your usage data, without which we cannot technically offer our website content. Failure to provide required data will result in us being unable to provide the service or function in question. In the case of optional data, failure to provide it may mean that our services are unable to provide in the same form and extent as usual.
4. Storage Duration
Unless we specifically provide detailed information about the storage period elsewhere, we delete personal data when it is no longer required for the processing purposes and there are no legitimate interests or other (legal) reasons for storage that prevent deletion.
5. Webshop / User Account
5.1. Registration and Login
You have the option of registering in our webshop. Registration is not necessary to place an order. We only collect the data required for registration and provision of the service (e.g., name, e-mail address, date of birth, password). For the purpose of registration, we collect your e-mail address and your chosen password. You can also log in with your Google or Apple account. In this case, we receive the email address and your name from Google LLC or Apple, Inc. The processing is necessary for the performance of a contract or for pre-contractual activities, Art. 6 para. 1 lit. b GDPR.
In addition we may collect and use the following information about you:
• name
• postal address
• email address
• telephone number
• IP address
• age and/or date of birth
• your gender
• your anniversary
• your relationship status
• your credit/debit card details
• information provided when you correspond with us (such as where you report a problem with your order or account)
• any updates to information provided to us
• information you provide when you enter a competition, promotion or survey
• information about your account and associated services we provide to you
• information needed to provide our services to you (including information on account opening forms, order details, order history and payment details)
• customer services information
• customer relationship management and marketing information
We will collect, use and store the personal information listed above to provide you with our services, to facilitate deliveries of our products to you, for administrative purposes, for marketing and other purposes as described further below or to deal with any enquiries or issues you have about our website, products, services and your orders. The processing of data for these purposes is either necessary for the performance of existing contracts or pre-contractual activities (Art. 6 para. 1 lit. b GDPR), or based on our legitimate interest, e.g. in responding to your enquiry and optimizing our customer service or verifying your identity in order to protect your data and prevent misuse (Art. 6 para. 1 lit. f GDPR), or based on your express consent. You can revoke your consent at any time with effect for the future by contacting us.
5.2. Order Processing
When you place an order with us, we process your contact details (name, email address) as well as other data that we need to process your order and fulfil the contract. This includes a delivery address, billing address, if applicable, and payment information.
If you use a third-party provider for payment processing such as:
• Amazon Pay: https://pay.amazon.com
• PayPal: https://www.paypal.com
• Visa: https://www.visa.com
• Mastercard: https://www.mastercard.com
• Payone: https://www.payone.com
you will be redirected to the corresponding pages of the chosen provider. Each third-party provider is responsible for its own data protection. For more information on the processing of your data during the payment process, please contact your chosen payment service provider directly.
For the purpose of delivering your goods, your contact details are provided to shipping service providers.
This data processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfilment). In addition, we may process your data for the assertion, enforcement or defence of legal claims based on Art. 6 para. 1 lit. f GDPR, our legitimate interest, in particular if there are problems with payment processing. Our legitimate interest lies in the effective enforcement or defense of legal claims.
5.3. Track Your Order
To check the status of your order, you can track your order. To do this, we process your order number, your email address and your order details so that we can show you the shipping status. The legal basis is Art. 6 para. 1 lit. f GDPR, based on our interest in informing our customers about the status of their order. The recipient of your data is the shipping service provider from whom we request the order status.
5.4. Availability Notification
To receive a notification when a product becomes available again, you can provide your email address for this purpose. We will process your email address solely for this purpose and delete it after the notification has been sent. The processing is based on Art. 6 para. 1 lit. b GDPR, as it is necessary for pre-contractual activities at your request.
5.5. Customer Reviews
As part of the customer review process, you have the opportunity to voluntarily share information about your experiences with our products. When you submit a product review on our website, we process the data you provide in order to display your review and, where applicable, associate it with our product offerings. If the product you reviewed is also available in other webshops, your review may also appear on multiple websites of the Lovehoney Group.
The data we process includes information about the reviewed product (in particular its design and quality), your experience using the product, your chosen reviewer username, and your email address (which is not published and is used solely for authentication purposes and, if necessary, to contact you with questions about your review). We use service providers (such as “Yotpo”) to manage and display customer reviews. This helps ensure, in particular, that reviews are submitted by actual buyers.
The processing of your data is based on Art. 6 para 1 lit. f GDPR, whereby our legitimate interest lies in the transparent presentation of user experiences and the continuous improvement of our product offerings. Data processing agreements have been concluded with the service providers.
Your review can be published as long as the reviewed product is listed on our websites.
6. When you contact us
You have the option of contacting us by telephone, post, chatbot or via our contact form. To use our contact form, we first need the data marked in it as mandatory. In the case of a contact enquiry, we may need to verify your data by entering your email address or other data into our customer database. If you have not objected to receiving a survey, we may also send you a satisfaction survey about our customer service by email afterwards. We use this data based on Art. 6 para. 1 lit. f GDPR, our legitimate interest to answer your enquiry or to optimise our customer service. In the case of warranty processing, the legal basis may also be Art. 6 para. 1 lit. b GDPR (contract fulfilment). When you contact us in connection with a potential product defect or damage incident, we may process your data by communicating with you, assessing and handling your request and, where necessary, sharing relevant information with our insurance provider, legal advisors, authorities, or other parties involved in the resolution of the matter. In this case, we process your data to comply with our legal obligations relating to product safety and product liability (Art. 6 para. 1 lit. c GDPR) and based on our legitimate interests in managing and resolving related claims (Art. 6 para. 1 lit. f GDPR).
Your data will only be processed to answer your enquiry. We delete the data as soon as the enquiry has been resolved, and the deletion does not conflict with any statutory retention periods or legitimate interests.
7. Chatbots
Our website offers AI-based chat assistants (“Chatbots”) that provide automated support and advice. These Chatbots are not operated by human advisors but use artificial intelligence (AI) and algorithms to assist you with enquiries and provide personalized recommendations. During a chat session, you may voluntarily provide personal information such as your name, email address, order number, or other details necessary to handle your enquiry. Chat transcripts may also include interaction data, time stamps, and technical metadata. We process your personal information to provide automated customer support and to respond to your enquiries. Where your request relates to an existing contract or is made in preparation for entering into one, the processing is based on Art. 6 para. 1 lit. b GDPR (performance of a contract or pre-contractual measures). We also process data to ensure efficient and user-friendly communication and to continuously improve our chatbot and customer service experience. This processing is based on our legitimate interest under Art. 6 para. 1 lit. f GDPR. If the chatbot offers personalized shopping recommendations, this may involve limited profiling based on your previous interactions or user behaviour. Such processing is carried out on the basis of our legitimate interest under Art. 6 para. 1 lit. f GDPR. There is no fully automated decision-making with legal or similarly significant effects as defined in Art. 22 GDPR. We use Salesforce as a technical service provider to record and track conversations. Salesforce acts as a processor bound by instructions under a data processing agreement. We delete or anonymize your data once the enquiry has been completed and the data is no longer required for the stated purposes, unless legal retention obligations apply. Technically necessary cookies are used for the use and operation of the chat function. We use these cookies on the basis of our legitimate interest in recognizing your internet browser in order to be able to distinguish individual users of the chat function on our websites. We are supported in the provision and analysis of the chats by processors bound by instructions.
8. Newsletter & Marketing Communications
You can subscribe to a personalized newsletter and marketing communications with exclusive discounts and information about our products, self-love and pleasure on our website or through other channels, such as social media. To subscribe, we require your e-mail address, and optionally your telephone number or your postal address, depending on the preferred communication channel. Our newsletter and marketing communication may be sent by any of the companies of the Lovehoney Group. Therefore, your data may be shared within the company group.
You can revoke your given consent to receive the newsletter at any time with effect for the future. To unsubscribe please use the link provided at the bottom of every newsletter or follow the instructions relevant to the channel.
As part of the newsletter registration process, we store further data necessary to verify your subscription to our newsletter. This may include the storage of the full IP address at the time of the request or confirmation of the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is carried out in the legitimate interest of being able to fulfill the requirement to prove consent was obtained for the sending of the newsletter.
8.1 Direct Advertising
If we receive your postal or e-mail address in connection with the sale of a product or service or by other means, we may use it for direct advertising, e.g. for similar goods or services, provided you have not objected to the processing. We may also use your name to address you personally. Additionally, we may use your email address to send out our customer satisfaction surveys after you have purchased a product from us, asking you to rate us, for example on TrustPilot.
If you do not complete your purchase, we may send you a reminder e-mail to help you finalize your order. This message will be based on your previous activity and the e-mail address you provided. You can unsubscribe from receiving such emails at any time by using the unsubscribe link included in the e-mail.
This use is based on Art. 6 para. 1 lit. f GDPR, our legitimate interest of promoting the sale of our goods or services. If you object to such processing you may unsubscribe by using the link provided at the bottom of every newsletter or follow the instructions relevant to the channel.
If we have received your e-mail address from a third party with your consent, we may share certain information about your interactions with us, such as confirmation of a purchase, with that third party based on your consent. You can withdraw your consent at any time with future effect by contacting us or adjusting your preferences in the cookie settings.
8.2 Newsletter Tracking
We include individual tracking pixels in all our newsletters, which allow us to recognise when your newsletter has been accessed or opened and individualise the links in the newsletter in order to evaluate when you clicked on which link. The legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in analysing the newsletter click and opening behaviour of our subscribers in order to optimise our newsletter.
9. Campaigns
We may run contests, giveaways or other campaigns from time to time. Participation is voluntary. If you choose to participate, we will process your email address and, in some cases, your name, address or other personal data in order to verify your eligibility to participate, notify you of the result and, if you win, send you the price. If you have given your consent, you will also receive our newsletter, which you can unsubscribe from at any time. We will delete your data as soon as we no longer need it to determine and notify the winner unless legal retention obligations do not conflict with deletion.
The legal basis for this data processing is Art. 6 para. 1 lit. a and lit. f GDPR (based on your consent and our legitimate interest in conducting the campaign, determining the winner, notifying them and sending you our newsletter). Please note, that, should you revoke your consent during an ongoing campaign, your participation can then no longer be considered, and you will no longer have the chance to win a price.
10. Suppliers and Business Partners
The business relationships with our contractual partners requires the processing of data. Insofar as this data allows conclusions to be drawn about a natural person (e.g. contact person of a company, supplier, vendor), this is considered personal data. We only process personal data that we receive from you as part of our business relationship. This includes name, address, company affiliation and your contact details (telephone number, e-mail address).
The processing of your personal data may arise due to the implementation of pre-contractual measures that precede a contractually regulated business relationship or in the fulfilment of obligations arising from a contract concluded with you or the company you work for. This may include, for example, the processing of purchase orders, deliveries or payments or the preparation and response to requests for quotations from individuals to determine the establishment or terms of a contractual relationship. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR.
We are also subject to legal obligations that may make it necessary to process your personal data. These legal obligations may arise, for example, from tax law, commercial and foreign trade law or sanction law regulations. When processing data for these purposes, the legal basis is Art. 6 para. 1 lit. c GDPR.
It may also be necessary to process your personal data to pursue our legitimate interests (Art. 6 para. 1 lit. f GDPR). These legitimate interests are, in particular, the conclusion or performance of contracts and other business relationships with our business partners, suppliers or interested parties for whom you may act as a representative or employee. Further legitimate interests are internal administrative purposes (e.g. accounting) or to ensure IT security and IT operations as well as to carry out compliance investigations, to ensure building and plant security or to assert, exercise or defend legal claims.
As part of our business relationship, you must provide the personal data that is necessary for the establishment, execution and termination of a business relationship and for the fulfilment of the associated obligations, which we are legally obliged to collect or which we are entitled to collect on the basis of legitimate interests. Without this data, we will generally not be able to contact you and/or enter into a business relationship with you. If you provide us with data voluntarily, we will indicate this accordingly when collecting the data.
11. Job Applications
If you send us a job application, you determine which data you wish to provide us with. However, to be able to consider your application, usually the following information is required: name, address, email address, cover letter or desired position, CV, references and qualifications.
We process this information exclusively for the purpose of applicant selection in accordance with Art. 6 para. 1 lit. b GDPR (pre-contractual steps), as this is necessary for the decision regarding the establishment of an employment relationship. Data processing for other purposes does not take place.
In addition, you can decide for yourself whether you would like to provide us with further information, e.g. your hobbies, date of birth, telephone number or a photo. The provision of this data is voluntary and is not mandatory for the application. If you include voluntary data in your application, we will process it on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. Please contact the Lovehoney Group company to which you have applied.
We receive your application data mainly from you. In some cases, we may enter your name in a search engine and process information from the Internet.
Your data will be treated confidentially. If necessary, we use service providers who are strictly bound by our instructions, e.g. in the areas of IT and with whom separate contracts for order processing have been concluded. Your data will not be passed on beyond this. If an employment contract is concluded after the application process, we will store the data from your application that is required for the fulfilment of your employment relationship (i.e. performance of the employment contract). The legal basis for this processing is Art. 6 para. 1 lit. b GDPR. If your application is unsuccessful, your documents will be deleted as soon as they are no longer required for us to defend ourselves against potential legal claims brought by you. Therefore, the processing until the deletion takes place in our legitimate interest to be able to defend ourselves against any complaints concerning the application. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. The specific retention period depends on the location of the company (and the legal requirements applicable there) to which you have submitted your application.
12. Processors and Service Providers
We occasionally pass on your data to service providers, who support us in the operation of our websites and the associated processes, as part of commissioned data processing in accordance with Art. 28 GDPR. Our service providers are strictly bound by our instructions and contractually obliged accordingly.
Such service providers include without limitation:
• website services providers who help us host and administer our website;
• email services providers;
• delivery services providers for the purposes of delivering your orders and sending you tracking notifications about your delivery and returns services providers;
• service providers who we work with closely to help provide our independent reviews database;
• our other service providers and sub-contractors, including suppliers of technical and support services, insurers, logistic providers, and cloud service providers; and
• analytics and search engine providers that assist us in the improvement and optimization of our website.
13. Sharing Personal Data within the Group of Companies and other International Data Transfers
The Lovehoney Group is an internationally operating group of companies. Due to partially existing matrix structure, your personal data may be shared with other companies within the Lovehoney Group for internal administrative purposes (for example, for corporate strategy, compliance, auditing and monitoring, research and development and quality assurance), based on other legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR or in the context of commissioned data processing (Art. 28 GDPR). Your personal data may be transferred internationally.
Some of these companies are located in countries outside the EU, EEA, or UK (so-called third countries). In addition to the EU, the United Kingdom, and Switzerland, the Lovehoney Group also has entities in the USA, Canada, Australia, and China.
In some cases, your data may also be processed by service providers engaged by us (processors within the meaning of Art. 28 GDPR) outside the EU/EEA/UK.
However, data transfers to countries that do not provide an adequate level of data protection within the meaning of Art. 45 para. 3 GDPR will only occur if appropriate safeguards within the meaning of Art. 46 para. 2 GDPR (e.g., in the form of standard data protection clauses) are in place.
14. Data Security
We have comprehensive security measures, such as technical and organisational measures in place to protect your data from unauthorised access. We use an encryption process on our websites. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognise this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.
15. Cookies
We use a consent management platform (consent- or cookie-banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the settings you have made is carried out in accordance with Art. 6 para. 1 lit. f GDPR, in our legitimate interest to display our content according to your preferences and to be able to prove the consent(s) you have given. The settings you have made, the consent you have given and parts of your usage data are stored in a cookie. This means that it is retained for subsequent page requests and your consent can still be tracked. You can find more information on this under the heading "Required cookies".
15.1. Required Cookies
We use cookies on our websites that are necessary for the use of our websites.
Cookies are small text files that can be stored and read on your end device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.
We do not use these necessary cookies for analysis, tracking or advertising purposes.
Some of these cookies only contain certain setting information and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site. We use these cookies based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
You can set your browser to inform you about the placement of cookies. You can also delete them at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that if cookies are entirely prevented our web pages may then not be displayed in full and some functions may no longer be technically available. You can find more information on the individual cookies and the providers in our cookie banner.
15.2. Visitor Measurement (Cookies for Analysis Purposes)
We use web analysis tools to customise the design of our websites, improve and maintain our websites. These create user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. It is also possible for us to retrieve recognition features for your browser or device (e.g. a so-called browser fingerprint or your unabridged IP address). In this way, we are able to recognise returning visitors and count them as such.
We also use the following functions as part of visitor measurement:
• We enrich the pseudonymised data with additional data provided to us by third-party providers. In this way, we are able to record demographic characteristics of our visitors, e.g. statements on age, gender and place of residence.
• We use a recognition method that allows us to record and subsequently analyze URL clickstreams, products viewed or searched for, page response times, download errors, lengths of visits to certain pages, page interaction information such as scrolling, clicks, mouse-overs or keyboard inputs of our visitors, and methods used to browse away from the page.
Data processing is based on your consent, given via our cookie banner, in accordance with Art. 6 para. 1 lit. a GDPR.
If the data is processed outside the EU/EEA/UK in this context, please note that there is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to take legal action.
You can find more information about the individual cookies and the providers, as well as the option to adjust your settings, in our cookie banner.
15.3. Tracking Technologies from Third-Party Providers for Advertising Purposes
We use cross-device tracking technologies so that you can be shown targeted advertising on other websites based on your visit to our websites and we can recognise how effective our advertising measures were.
Data processing is based on your consent, given via our cookie banner, in accordance with Art. 6 para. 1 lit. a GDPR. Your consent is voluntary and can be revoked at any time by adjusting your preferences in the cookie settings.
How does tracking work?
When you visit our websites, it is possible that the third-party service providers mentioned in our cookie-banner may retrieve unique identifiers from your browser or your end device (e.g. a so-called browser fingerprint), analyse your IP address, store or read recognition features on your end device (e.g. cookies) or gain access to individual tracking pixels.
The individual features can be used by third-party service providers to recognise your device on other websites. We can commission the relevant third-party service providers to place advertisements based on the pages you visit on our website.
What does cross-device tracking mean?
If you log in to the third-party service provider with your own user data, the respective unique identifiers of different browsers and end devices can be linked to each other. For example, if the third-party provider has created a separate feature for the laptop, desktop PC or smartphone or tablet you are using, these individual features can be assigned to each other as soon as you use a service of the third-party provider with your login data. In this way, the third-party service provider can also target our advertising campaigns across different end devices.
If the data is processed outside the EU/EEA/UK in this context, please note that there is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to take legal action.
You can find more information about the individual cookies and the providers, as well as the option to adjust settings, in our cookie banner.
15.4. Integration of other Technical Third-Party Content and Functions
We use the technical functions and content of third-party service providers to display our websites.
When you access our pages, the content of the third-party service provider that provides these functions and content is loaded. As a result, the third-party service provider receives the information that you have accessed our site and the usage data technically required to do so. We have no influence on further data processing by these third-party service providers. The data processing takes place on the basis of your consent, provided that you have previously given your consent via our cookie banner.
You can find more information about the individual cookies and the providers, as well as the option to adjust your settings, in our cookie banner.
15.5. Embedded Videos and Players
We embed videos and players on our websites that are not stored on our servers. When you access our pages with embedded videos and players, the content of the third-party service provider that makes the videos available is loaded. As a result, the third-party service provider receives the information that you have accessed our site and the usage data technically required to do so. We have no influence on further data processing by these third-party service provider. The data processing takes place on the basis of your consent, provided that you have previously given your consent via our cookie banner.
You can find more information about the individual cookies and the providers, as well as the option to adjust your settings, in our cookie banner.
15.6. Map Services
We embed map services on our websites that are not hosted on our servers. For data protection reasons, no content from the third-party provider is loaded and no information is transmitted to the third party when you access our websites.
Only once you have given your consent via our banner content from the third-party provider will be loaded. This means the third party will receive the information that you accessed our website, along with the technically required usage data in this context. We have no influence over the further processing of data by the third-party provider. Your consent includes the loading of content from the third-party provider.
The embedding is carried out based on your consent, provided you have given this consent via our banner.
Please note that embedding certain map services may result in your data being processed outside the EU/EEA or UK, in particular in the USA.
You can find more information about the individual cookies and the providers, as well as the option to adjust your settings, in our cookie banner.
15.7. Affiliate Marketing
We sometimes advertise and link to services offered by third parties on our website. As the operator of the website, we receive a commission if you follow the affiliate link and subsequently take advantage of the third-party's offers. In order to operate affiliate programs and ensure the economic viability of our online offer, we use tracking cookies to store information on the end devices of our website visitors and collect this information from these devices. For this purpose, the affiliate links and our offers are supplemented by certain values that form part of the link or are stored in a cookie. The values include, in particular, the source website (referrer), time of access, our online identifier as the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of you as a website visitor, as well as specific values such as advertising material ID, partner ID and categorizations.
These pseudonymous online identifiers are then used to track whether website visitors became aware of the offers of our partner companies due to our online presence, so that we receive the corresponding remuneration.
Data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given your consent via our cookie banner. You can revoke your consent at any time. To do so, please adjust the settings in our cookie banner.
In addition, our partners set our affiliate links on the websites they operate. In this case, the data is processed in the same way as described above, except that you access our websites from the website of a third party via the affiliate link.
For some processing operations, we are jointly responsible with the respective operator of the partner programs.
15.8. Captcha
To protect our web forms from automated enquiries, we use a so-called captcha from a third-party service provider. As part of the captcha function, you may be asked to complete tasks or tick checkboxes. The user entries made in this context and, if applicable, the mouse movements are used to assess whether the entries originate from a human or an automated programme.
As the function is provided by a third-party service provider, the display of the captcha leads to the third-party service provider's content being reloaded. As a result, the third-party service provider receives the information that you have accessed our site and the usage data technically required in this context. We have no influence on further data processing by the third-party service provider.
The embedding takes place in accordance with our legitimate interest of protection against spam and misuse (Art. 6 para. 1 lit. f GDPR). If you wish to object to the associated data processing, please do not use our web forms, instead contact us in another way.
16. Social Media
On our website you will find links to the social media services Facebook, Instagram, TikTok, X and YouTube. If you follow these links, you will reach our company presence or be given the opportunity to share a page, provided you have an account with the respective social media service. When you click on the link to a social media service, a connection is established to the servers of the social media service. This informs the servers of the social media service that you have visited our website. In addition, further data is transmitted to the provider of the social media service. For example:
• Address of the website on which the activated link is located
• Date and time of website access or link activation
• Information about the browser and operating system used
• IP address
If you are already logged in to the relevant social media service when you activate the link, the provider of the social media service may be able to determine your username and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand.
The servers of the social media services are located in the USA and other countries outside the European Union. The data may therefore also be processed by the provider of the social media service in countries outside the EU/EEA. Please note that companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as in the member states of the European Union.
For more information on the use of your data by the social media services integrated on our website, please refer to the privacy policy of the respective social media service.
17. Product Testing Campaigns
In connection with your participation in a product testing campaign, including surveys, we may collect and use the following information of you: name, postal address, email address, telephone number, bank account details, age and/or date of birth, your profession, your opinion to our products or other topics and other information as specified in the rules of the campaign, as the case may be.
The main purpose of the data processing is to verify your eligibility to participate in the campaign and, in case you receive a remuneration or a gift, to transfer or send it to you. The respective rules could provide for further purposes.
We process your data for those purposes based on your meaningful and express consent, Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. b GDPR. You can revoke your consent at any time with effect for the future under the provided contact information. Please note, that, should you revoke your consent during an ongoing campaign, your participation can then no longer be considered and you will no longer have the chance to win a price.
Based on your consent we will also use your data to send you information about products, services, events and other information worth knowing about the sponsor(s) and/or us. If you do not wish to receive any further marketing promotions, you can revoke your consent at any time with effect for the future. To unsubscribe please use the link provided at the bottom of every email or contact us directly.
IV. Your Rights
You have the right to receive information about the personal data stored about you free of charge upon request (Art. 15 para. 1 GDPR). In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data and to data portability (Art. 20 GDPR). Please send the request to: privacy@lovehoneygroup.com.
You can also submit requests for access to or deletion of your personal data using the form in our Privacy Center.
You have the right to revoke your consent at any time with effect for the future if the data is processed on the basis of Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR. Please send your cancellation to: privacy@lovehoneygroup.com.
You have the right to object to data processing in accordance with Art. 21 GDPR if the data is processed on the basis of Art. 6 para. 1 lit. e or f GDPR. Please send your objection to: privacy@lovehoneygroup.com.
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection requirements.
V. Supplementary Country-Specific Protection Information
1. Germany: Legal basis for data processing under German law
If personal data is processed in accordance with German law, the legal bases mentioned in the individual paragraphs sometimes apply in conjunction with the following national laws:
When processing applicant data:
• If you give your consent in accordance with Art. 6 para. 1 lit. a GDPR, this applies in conjunction with § 26 para. 2 Federal Data Protection Act.
• If the data processing is necessary for the implementation of the application procedure and is based on Art. 6 para. 1 lit. b GDPR, this applies in conjunction with § 26 para. 1 sentence 1 Federal Data Protection Act.
When processing data in the context of cookies:
• If you give your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, this applies in conjunction with § 25 para. 1 TDDDG.
• If the cookies are technically necessary and the data processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR, in conjunction with § 25 para. 2 no. 2 TDDDG.
2. France: Particularities in the scope of application of national French data protection legislation
French Data Protection Law (including French Data Protection Act "Loi Informatique et Libertés") provides you the right to draw-up instructions on the storage, erasure and communication of your personal data after your death, under the conditions laid down in Article 85 of the French Data Protection Act. You may change or revoke your instructions at any time.
You can present an access request in line with Art. 15 GDPR either in person, electronically, or in writing; you can also submit a rectification or deletion request electronically or by post. For deletion of data requests, you should specify what data you wish to erase.
You have the right to lodge a complaint (Art. 77 GDPR) with the national data protection authority, CNIL:
Commission nationale de l'informatique et des libertés, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE, Phone: +33 (0)1.53.73.22.22, Web: https://www.cnil.fr/en/contact-us
3. Italy: Particularities in the scope of application of national Italian data protection legislation
You have the right to lodge a complaint (Art. 77 GDPR) with the national data protection authority, Garante:
Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome, ITALY, Phone: +39 06 69677 1, Web: www.garanteprivacy.it, email: urp@gpdp.it, protocollo@gpdp.it
4. United Kingdom: Particularities in the scope of application of the UK GDPR and other national data protection legislation of the UK
If we process your data in the context of activities of our establishments in the UK or if you are in the United Kingdom, the UK General Data Protection Regulation (UK GDPR) applies. This means that all references in the above text to the GDPR (EU GDPR) are also to be understood as references to the UK GDPR.
If you consider that the processing of your personal data infringes the UK GDPR you have the right to lodge a complaint with the ICO (Information Commissioner's Office) in accordance with Art. 77 UK GDPR. The contact details can be found under https://ico.org.uk/global/contact-us/
Within the scope of application of the UK GDPR, the adequate level of data protection is ensured in accordance with the ‘UK Extension to the EU-U.S. Data Privacy Framework’ in the event of a data transfer from the UK to certified companies in the USA.
The use of cookies and similar tracking technologies is carried out in compliance with the Privacy and Electronic Communications Regulations (PECR) and the UK GDPR. PECR requires us to obtain your consent before placing non-essential cookies on your device. These include cookies for analytics, functionality, and advertising. Essential cookies, necessary to provide the services you request, do not require consent (Regulations 6, 7 and 8 of the PECR).
VI. Contact us
If you have further questions or a complaint about how we use your personal information, we will always prefer you to contact us first at privacy@lovehoneygroup.com.
To get more information or exercise your data subject rights described above, please submit a verifiable request to us either:
• by emailing at privacy@lovehoneygroup.com; or
• by post. The addresses of the respective companies can be found above; or
• by submitting a request via the Privacy Center.
We will respond to your requests and appeal in accordance with applicable law.
Alternatively, you can contact our Data Protection Officer (DPO).
The DPO for Lovehoney Group companies based in Germany is:
datenschutz nord GmbH, Konsul-Smidt-Str. 88, 28217 Bremen, Germany, office@datenschutz-nord.de
The DPO for Lovehoney Group companies based in other countries is:
FIRST PRIVACY GmbH, Konsul-Smidt-Str. 88, 28217 Bremen, Germany, office@first-privacy.com
VII. Updates to the Privacy Policy
As both legal requirements and our internal processes and the associated processing of your data can change constantly, we update this Privacy Policy from time to time. We therefore recommend reviewing the Privacy Policy regularly to stay up to date.
Last updated: October 2025