Privacy policy

Status: 04 May 2026

Data Controller

Lilienthal Lifestyle GmbH
Boxhagener Straße 78, 10245 Berlin, Germany
E-mail: office@lilienthal.berlin (Subject: “Data Protection”)

Data Protection Officer (external)

Konzept 17 GmbH
Westring 3, 24850 Schuby, Germany
E-mail: mail@konzept17.de

1. Scope

This privacy policy applies to the Lilienthal Berlin online shop and the associated online services in Europe.

2. Categories of data we process

  • Basic/contact data (name, address, email address, phone number)
  • Order/payment data (purchased products, prices, payment status; payment data is usually stored by the payment service provider)
  • Usage/device data (page views, interactions, truncated IP address, browser/device, timestamp, UTM parameters)
  • Communication content (support requests)

Sources

Information provided by the customer, the device/browser, and service providers (shop/hosting, payment, shipping, support).

3. Purposes and legal bases (Art. 6 GDPR)

  • Contract performance & delivery (orders, shipping, returns): Art. 6(1)(b)
  • Customer account, support, IT security: Art. 6(1)(b)/(f)
  • Payment processing & fraud prevention: Art. 6(1)(b)/(f)
  • Newsletter & marketing communication:
    • With consent: Art. 6(1)(a) (withdrawable at any time)
    • Marketing to existing customers for similar own products, where legally permitted: Art. 6(1)(f) in conjunction with §7(3) UWG (objection possible at any time)
  • Legal obligations (e.g. retention requirements): Art. 6(1)(c)

4. Recipients

  • Shop/hosting (platform and infrastructure providers within the EU/EEA)
  • Payment service providers (e.g. PayPal, Stripe/Shopify Payments, Mollie, Klarna, depending on checkout option)
  • Shipping/logistics & shipment tracking (parcel carriers; possible tracking/notification services)
  • Communication/CRM/newsletter services (email service providers)

5. Transfers to third countries

If personal data is transferred to countries outside the EEA (e.g. the USA), we apply the legally required safeguards (e.g. European Commission adequacy decision or Standard Contractual Clauses (SCCs) with additional safeguards). The specific services involved are listed on our cookie page (see below) or can be provided upon request.

6. Cookies, analytics & preferences

Optional technologies (e.g. statistics, attribution, marketing) are only used with your consent. You may manage your preferences at any time. 

There you will find a clear overview of the services we use (purpose, provider, retention period, and any third-country transfers) and can adjust your consent. We do not maintain a separate cookie policy.

7. Newsletter & direct marketing

Newsletter (opt-in): We send newsletters based on your consent (Art. 6(1)(a)). Where legally required, double opt-in is used; otherwise single opt-in may apply. You can unsubscribe at any time via the link in every email.

Email marketing to existing customers: Where legally permitted (in particular §7(3) UWG), we may contact existing customers by email regarding similar own products. We inform you of your right to object when collecting your email address and in every message. Objection is possible at any time and free of charge.

8. Retention periods

We store data in a purpose-limited manner and only for as long as necessary or legally required:

  • Order/accounting data: up to 10 years
  • Support communications: up to 24 months after completion
  • Consent-based data (e.g. newsletter/analytics): until consent is withdrawn or a maximum of 24 months, unless a shorter period is required

9. Your rights

You have the right of access, rectification, erasure, restriction of processing, and data portability (Articles 15–20 GDPR), as well as the right to object to processing based on legitimate interests (Article 21 GDPR). You may withdraw any consent at any time.

You also have the right to lodge a complaint with a data protection supervisory authority.

10. Children

Our services are not directed at children.

11. External links

For external content (e.g. social media or payment providers), the privacy policies of the respective providers apply.

12. Changes

We update this privacy policy when services or legal requirements change. The current version applies.

13. Disclosure of data to processors

Data disclosure in the context of repair orders

For the provision of repair services, we work with the following external service provider:

Backes-Uhrenservice
Am Waldhof 25
54669 Simmern

As part of order processing, we transmit the following personal data to this service provider:

  • Name and contact details of the customer (as required for return shipping)
  • Order number and repair description
  • Device or product data (e.g. serial number, model)

Legal basis: Data processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract) and Art. 28 GDPR (data processing agreement). A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with the service provider to ensure GDPR-compliant processing.

Retention period: The transmitted data is stored by the service provider only for the duration required to process the order and is deleted after completion of the repair, unless statutory retention obligations apply.

Your rights: You have the right of access, rectification, erasure, restriction of processing, data portability, and objection. Please contact us using the details provided in this privacy policy.

Contact for data protection matters: office@lilienthal.berlin
Cookie settings & overview: https://de.lilienthal.berlin/pages/cookie-settings