EU Representative under Art. 27 GDPR
We have appointed an EU representative pursuant to Art. 27 GDPR.
EU Representative: IITR Cert GmbH, Dr. Sebastian Kraska
Address: Eschenrieder Str. 62 c, 82194 Gröbenzell, Germany
Contact: email@iitr.de · Phone +49 89 189 1736-0
The EU representative serves as a point of contact for supervisory authorities and data subjects on all matters related to GDPR compliance.
The following privacy notice informs you, in accordance with Art. 12 et seq. of the GDPR, about how we handle your personal data when you use our website. It explains in particular which data we collect and for what purpose we use it. In addition, it informs you about how and for what purpose this is done.
These privacy notices explicitly refer to the website-specific data processing activities when visiting our website at puppe-urbanclothing.com. Beyond the website‐specific data processing activities, the provider attaches great importance to the protection of personal data. Please therefore also consider — where applicable to you — our further “Privacy Notice – Information Sheet for Customers, Suppliers and Business Partners/Contacts of PUPPE urban clothing FZCO”, which you can access at any time in its currently valid version here.
General Information
PUPPE urban clothing FZCO, IFZA Business Park, 67071-001, Makani A1-3641379065, Dubai, UAE, represented by Ms. Raphaela Kruse (hereinafter the “Provider”) as operator of the website puppe-urbanclothing.com takes the protection of personal data very seriously. We treat personal data confidentially and in accordance with the statutory data protection regulations as well as on the basis of these privacy notices. The legal foundations can be found in particular in the General Data Protection Regulation (GDPR) and in the Federal Data Protection Act (BDSG).
When you use this website, depending on the type and extent of usage, various personal data will be processed. Personal data are information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is regarded as identifiable who can be identified, directly or indirectly (e.g. by assignment to an online identifier). These include information such as name, address, telephone number and date of birth.
Responsible Controller
The “controller” is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.). Controller in the sense of the GDPR and the applicable national data protection laws (in particular BDSG) as well as other data protection provisions is…
PUPPE urban clothing FZCO IFZA Business Park 67071-001 Makani A1-3641379065 Dubai, UAE represented by Ms. Raphaela Kruse
Data Protection Officer
We have appointed a company data protection officer for our enterprise. You can reach him at: care@puppe-urbanclothing.com
We have appointed an EU representative pursuant to Art. 27 GDPR.
EU Representative: IITR Cert GmbH, Dr. Sebastian Kraska
Address: Eschenrieder Str. 62 c, 82194 Gröbenzell, Germany
Contact: email@iitr.de · Phone: +49 89 189 1736-0
The EU representative serves as a point of contact for supervisory authorities and data subjects on all matters related to GDPR compliance.
Purposes and Legal Basis for the Processing of Data
Accessing and Visiting our Website — Server Log Files
For the purpose of technically providing the website, it is necessary that we process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is captured each time our website is accessed and automatically stored in so‐called server log files. These are:
Browser type and browser version
- Operating system used
Website from which access is made
Host name of the accessing computer
Date and time of access
IP address of the requesting computer
Storing the aforementioned access data is required for the provision of a functional website and to ensure system security for technical reasons. This also applies to the storage of your IP address, which necessarily occurs and can under further conditions allow at least theoretical attribution to your person. Beyond the above-mentioned purposes, we use server log files only for needs‐based design and optimization of our Internet offering purely statistically and without reference to your person. We do not merge these data with other data sources, nor do we evaluate the data for marketing purposes.
The access data collected during your use of our website are retained only for the period for which these data are needed to achieve the above purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.
If you visit our website to find out about our product and service offering or to use it, the basis for the temporary storage and processing of the access data is Art. 6(1) sentence 1 lit. b GDPR (legal basis), which allows processing of data for performance of a contract or for the implementation of pre‐contractual measures. In addition, Art. 6(1) sentence 1 lit. f GDPR serves as legal basis for the temporary storage of technical access data in this context. Our legitimate interest lies in being able to offer you a technically functioning and user-friendly website and ensuring the security of our systems.
Contact Form
If you send us inquiries via a contact form, your message/comment including the contact data you provide will be stored and further processed for the purpose of handling and responding to the inquiry and in case of any follow-up questions. We do not pass these data to third parties unless this is necessary in the context of handling and responding to your contact inquiry, or you have given us your corresponding consent.
If you contact us within the scope of an existing contractual relationship or in advance for information about our products, services or other services, the data and information you provide will be processed for the purpose of handling and responding to your contact request pursuant to Art. 6(1) sentence 1 lit. b GDPR (legal basis). Otherwise, to safeguard our legitimate interests under Art. 6(1) sentence 1 lit. f GDPR for the appropriate handling of customer/contact inquiries.
The data you enter in the contact form will remain with us until the purpose for data storage/processing has been fulfilled (e.g., after your inquiry has been fully addressed). Mandatory statutory provisions — in particular retention obligations — remain unaffected.
Use of Cookies and Associated Functions/Technologies
We use so-called cookies on our website. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offering more user-friendly, effective and secure and to enable the provision of certain functions. Cookies are small text files that are stored on your computer by your browser. A cookie contains a characteristic string that uniquely identifies your browser when you revisit the website.
Most of the cookies we use are so-called “session cookies”. They are deleted automatically at the end of your visit or when your browser session ends (so-called transient cookies). Other cookies remain on your device for a predefined period or until you delete them (so-called persistent cookies). These cookies allow us to recognize your browser on your next visit again. Upon written request we are happy to provide further information about the functional cookies we use. Please contact us at the above-mentioned contact details.
You can set your browser so that you are informed about the setting of cookies and allow cookies only on a case-by-case basis or generally block them, and activate the automatic deletion of cookies when the browser is closed. Instructions for disabling cookies are regularly provided via the “Help” function of your browser. If cookies are disabled, the functionality and/or full availability of this website may be restricted. For further cookie‐specific configuration and deactivation options please also refer to the detailed explanations of the cookie-based tools/plugins used on our website in the following.
Some of the cookies we use on our website originate from third parties who help us analyse the effect of our website content and the interests of our visitors, measure the performance of our website or deliver tailor-made advertising and other content on our or other websites. On our website we use both first‐party cookies (visible only from the domain being visited) and third‐party cookies (visible across domains and regularly set by third parties).
The cookie‐based data processing operations are carried out on the basis of your consent under Art. 6(1) sentence 1 lit. a GDPR (legal basis) or on the basis of Art. 6(1) sentence 1 lit. f GDPR (legal basis) for legitimate interests. Our legitimate interests lie in particular in making a technically optimised, user-friendly and needs‐based website available to you and in ensuring the security of our systems. The consent you have given us can be revoked at any time, e.g. by appropriate deactivation of the individually listed cookie-based tools/plugins below. You may also object to the processing based on our legitimate interests. In addition, via settings you can configure the cookie-based tools.
Specifically, the following cookie-based tools/plugins are used on this website on the basis of your consent (Art. 6(1) sentence 1 lit. a GDPR):
This website uses the functions of Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Your consent can be given to us when you access our website by clicking the corresponding button in the “cookie banner” (“Accept”) or you can refuse the use of Google Analytics (“Decline”). We store your choice in a separate cookie (Art. 6(1) sentence 1 lit. f GDPR) on the basis of our legitimate interest in respecting your decision and not showing the cookie banner again.
Regularly in connection with the processing described below data are also transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Limited and Google LLC are referred to jointly below as “Google”. Google Analytics uses cookies (first-party cookies) which allow an analysis of your use of the website by you. This does not mean that we thereby immediately become aware of your identity. Google uses the information generated by the cookies on our behalf to evaluate the use of the website, compile reports on website activities and to provide other services relating to website and Internet usage to us. In doing so we can improve the quality of our website and its contents. Based on statistical analyses we find out how the website is used and so we can constantly optimise our offering.
The information about your use of this website generated by Google Analytics cookies (for example time, place and frequency of your website visit including IP‐address) is transmitted to a server of Google in the USA and stored there. Google is certified under the Privacy Shield (https://www.privacyshield.gov/eu-us-framework). We have set the retention period for the data at user- and event‐level to 14 months (shortest possible setting).
IP Anonymisation
We have activated the IP anonymisation function on this website. Accordingly your IP‐address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA and thereby anonymised. Only in exceptional cases will the full IP-address be transmitted to a Google server in the USA and truncated there. According to Google’s own statements the IP-address transmitted by the browser to Google within the framework of Google Analytics is not associated with other Google data for your person.
Browser Plugin
You can prevent the storage of the Google Analytics cookies by installing an appropriate setting in your browser (see above). You can also prevent the transmission of data relating to your use of the website (including your IP-address) to Google and the processing of such data by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=en.
Objection to data collection
Alternatively you can disable tracking by Google Analytics, especially on mobile devices, by clicking on the following link:
Google Analytics disable
If you disable tracking, a cookie will be set that prevents the collection of your data during future visits to this website.
Concretely the following tracking cookies are used by Google Analytics: _utmz, __utma, __utmb, __utmc, __utmt.
Creation of a Customer Account and Order Processing (“WooCommerce”)
For the purpose of using our online shop, opening a customer account and processing orders we process personal data you provide during the order process or when registering for a customer account.
The data processed include in particular:
Salutation, first name, last name
Billing and shipping address
Email address
If applicable telephone number (for queries or the shipping company)
Payment information (e.g., chosen payment method, transaction ID, payment status)
Order data (ordered products, quantities, prices, shipping information).
The processing is carried out for the purpose of establishing, carrying out or terminating a contractual relationship with you pursuant to Art. 6(1) sentence 1 lit. b GDPR. Without providing these data, it is not possible to use our online shop or carry out a purchase contract.
For the technical provision and management of our online shop we use the shop system WooCommerce, a service of Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. WooCommerce is an extension of the WordPress platform and is operated locally on our web server. In the course of this WooCommerce processes the personal data required for the order process and customer account management on our behalf.
The personal data collected during the order process are stored by us for as long as this is required for contract processing (including any statutory warranty periods). Subsequently the data are retained within the framework of statutory retention obligations (in particular under commercial and tax law) and then deleted once these periods have expired, unless further legitimate interests in continuing storage exist (Art. 6(1) sentence 1 lit. c and f GDPR).
Payment Processing
Depending on the chosen payment method in the order process we share the data required for payment processing with the respective payment service provider. The transfer is carried out exclusively for the purpose of contract performance pursuant to Art. 6(1) sentence 1 lit. b GDPR.
In detail we cooperate with the following payment service providers:
PayPal
If you choose the payment method “PayPal” the payment processing is carried out by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
During payment processing the payment data you have entered are transmitted to PayPal. Processing is based on Art. 6(1) sentence 1 lit. b GDPR.
More information on data protection at PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Klarna
If you choose a payment method offered by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, the payment processing is done via Klarna. For the purpose of credit checks and payment processing Klarna may transmit personal data (in particular contact details and order information) to credit agencies.
Data processing is based on Art. 6(1) sentence 1 lit. b GDPR and — in the case of credit checks — on Art. 6(1) sentence 1 lit. f GDPR (legitimate interest in the avoidance of payment defaults).
More information can be found in Klarna’s privacy policy: https://www.klarna.com/de/datenschutz/
Stripe
If you select the payment method “Credit card” or “Instant payment via Stripe” payment processing is done via Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Stripe may transfer the data to the USA to Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. The transfer is carried out on the basis of the EU-US Data Privacy Framework.
More information on data protection at Stripe can be found at: https://stripe.com/de/privacy
Further Processing Purposes
Compliance with legal obligations: We also process your personal data in order to fulfil other statutory obligations that we may have in connection with our business activities. These include, in particular, commercial, trade or tax‐law retention obligations. We process your personal data in this regard pursuant to Art. 6(1) sentence 1 lit. c GDPR (legal basis) to which we are subject.
Legal enforcement: We also process your personal data in order to assert our rights and defend our legal claims. Finally we process your personal data to the extent necessary to avert or investigate criminal offences. In doing so we process your personal data in order to safeguard our legitimate interests pursuant to Art. 6(1) sentence 1 lit. f GDPR, provided we can demonstrate compelling legitimate interests for the processing.
Consent: Where you have given us your consent to the processing of personal data for specific purposes (e.g., sending information material and offers), the legitimacy of this processing is based on your consent. Consent already given can be revoked at any time. This also applies to consent given before the GDPR came into effect (before 25 May 2018). Please note that the revocation takes effect only for the future. Processing carried out before revocation is unaffected.
Recipients of Data
Within PUPPE urban clothing FZCO the departments receive access to your data that need them to fulfil our contractual and legal obligations. Also, service providers and agents (for example technical service providers, shipping companies, disposal companies) we engage may receive data for these purposes. We limit the disclosure of your personal data to the necessary minimum while observing data protection regulations. Some recipients receive your personal data as processors and are then bound by our instructions in dealing with your personal data. Some recipients act independently in their own data protection responsibility and are also required to observe the GDPR and other data protection provisions. In individual cases we also transmit personal data to our legal or tax advisers, who are bound to confidentiality by virtue of their professional status.
Data Transfers to Third Countries
In connection with the use of the above tools (e.g., Google) we may transfer your IP address to third countries (see above). With regard to the USA the data transfer is based on the EU-US Data Privacy Framework. Otherwise we do not transfer your personal data to countries outside the EU or EEA or to international organisations unless otherwise explicitly stated in these privacy notices.
Duration of Data Storage
We process and store your personal data initially for as long as the respective purpose requires (see above for the individual processing purposes). This also includes periods of contract initiation (pre-contractual relations) and contract execution with you. On this basis your personal data are regularly deleted after the expiry of the purpose of storage and/or statutory retention obligations (in particular under commercial and tax law). Subsequently the data are deleted once these periods have expired, unless there are further legitimate interests for continued storage (Art. 6(1) sentence 1 lit. c and f GDPR).
Data Security
We protect personal data by means of appropriate technical and organizational measures in order to ensure an adequate level of protection and to safeguard the rights of the data subjects. Among other things, this website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content such as your contact inquiries sent to us as the site operator. You’ll recognise an encrypted connection by the “https://” prefix and the lock icon in your browser’s address bar. Although encryption is enabled, we must point out that data transmission over the internet (e.g., via email) may still have security gaps. A flawless protection of data against access by third parties is not possible.
Your Rights as a Data Subject
You are at any time entitled under the statutory conditions to the following rights as a data subject:
Right of access: You may request confirmation from us at any time whether we are processing personal data about you; if so, you are entitled under Art. 15 GDPR to additional information (purposes of processing, categories of personal data, recipients, planned storage duration, origin of data, automated decision-making, third-country transfers) and to receive a copy of your personal data.
Right to rectification: You are entitled under Art. 16 GDPR to request that we correct your stored personal data about you if they are inaccurate or incomplete.
Right to erasure: You are entitled under Art. 17 GDPR to request the prompt deletion of personal data concerning you, provided the conditions are met (for instance, the data are no longer necessary for the purposes for which they were collected) – this right does not apply if processing is required for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
Right to restriction of processing: You are entitled under Art. 18 GDPR to request the restriction of processing of your personal data in certain circumstances.
Right to data portability: You are entitled under Art. 20 GDPR to receive the personal data you have provided to us in a structured, commonly used and machine‐readable format and to transmit those data to another controller.
Right to withdraw consent: Any consent you have given to us to process personal data may be withdrawn at any time. This applies also to consent given before the GDPR came into effect (before 25 May 2018). Please note that the withdrawal takes effect only for the future. Processing carried out before withdrawal is not affected.
Right to object: You are entitled under Art. 21 GDPR to object at any time to the processing of your personal data which is based on Art. 6(1) sentence 1 lit. f or Art. 6(1) sentence 1 lit. e GDPR, if there are grounds relating to your particular situation. If you object, we will no longer process your personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. The objection may be made without formality and should preferably be directed to the contact details provided above.
Right to lodge a complaint with a supervisory authority: Under Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority in the member state of your habitual residence or where the alleged infringement occurred. A list of data protection authorities in Germany including their contact details is available at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Other matters: For further questions or concerns about data protection you may contact our data protection officer. Requests and the exercise of your rights should preferably be addressed in writing to our above address or by email to email@iitr.de.
Obligation to Provide Data
You are not generally obliged to provide us with your personal data. If you do not do so, we may not be able to offer you full use of our website or answer your inquiries. Personal data we do not require for the purposes described above are marked as voluntary.
Automated Decision-Making/Profiling
We do not employ any automated decision-making or profiling (automated analysis of your personal circumstances).
Updates and Amendment of these Privacy Notices
These privacy notices are currently valid and as of 15.10.2025.
Due to the further development of our website and offerings or as a result of changed legal or regulatory requirements, it may become necessary to change these privacy notices.
Die vorliegenden Datenschutzhinweise informieren Sie gemäß Art. 12 ff. DSGVO über den Umgang mit Ihren personenbezogenen Daten bei der Nutzung unserer Website. Sie erläutert insbesondere, welche Daten wir erheben und wofür wir sie nutzen. Zudem informiert sie Sie darüber, wie und zu welchem Zweck das geschieht.
Diese Datenschutzhinweise beziehen sich ausdrücklich auf die websitespezifischen Datenverarbeitungsprozesse beim Besuch unserer Website unter www.[…]. Auch über die websitespezifischen Datenverarbeitungsprozesse hinaus misst der Anbieter dem Schutz personenbezogener Daten hohe Bedeutung zu. Bitte berücksichtigen Sie – soweit für Sie zutreffend – daher auch unsere weiteren „DatenschutzhinweisDatenschutzhinweise der PUPPE urban clothing FZCO
Home 
Shop 
Cart 
Profile