Privacy policy
1. Data Controller
Responsible for the processing of personal data on this website within the meaning of the Datenschutz-Grundverordnung (DSGVO) and the UK Data Protection Act is:
House of Harrold - Janina Kirkman
Am Bahnhof 6
38542, Leiferde
Germany
Email: support@houseofharrold.com
2. General Information on Data Processing
We process your data exclusively within the framework of legal regulations (DSGVO, German BDSG, and the UK GDPR). This policy informs you about the nature, scope, and purpose of data collection.
3. Hosting and Data Collection (Shopify)
Our website is operated via Shopify International Ltd. (Ireland). Shopify provides the technical platform.
-
Data: IP address, browser type, referrer URL, timestamp.
-
Purpose: To ensure the security and stability of the shop.
-
Legal Basis: Art. 6 Abs. 1 lit. f DSGVO.
-
Third-Country Transfer: Shopify may transfer data to Canada (Adequacy Decision) and the USA (EU-US Data Privacy Framework).
4. Payment Service Providers & Credit Checks
To offer various payment methods, we work with third-party providers. Data is shared pursuant to Art. 6 Abs. 1 lit. b DSGVO (Performance of Contract).
-
Stripe: Provided by Stripe Payments Europe Ltd., Ireland. Data may be transferred to Stripe Inc. (USA).
-
PayPal: Provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.
-
Klarna: Provided by Klarna Bank AB, Sweden. If a purchase on account is selected, Klarna performs an identity and credit check (Art. 6 Abs. 1 lit. f DSGVO).
-
Apple Pay / Google Pay: Payments are processed using the payment data stored on your device via Apple (Apple Distribution International Ltd.) or Google (Google Ireland Ltd.).
5. Cookies, Tracking & Marketing Technologies
We use cookies and similar technologies in accordance with the General Data Protection Regulation (GDPR), the UK GDPR, the ePrivacy Directive, the German TTDSG (where applicable), and the UK Privacy and Electronic Communications Regulations (PECR).
Cookies are small text files stored on your device that enable website functionality, improve user experience, analyse traffic and support marketing activities.
5.1 Strictly Necessary Cookies (No Consent Required)
These cookies are technically necessary for the operation and security of the website. They are processed on the basis of Article 6(1)(f) GDPR (legitimate interest) or because they are technically required under §25(2) TTDSG.
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| _shopify_essential | Shopify Inc. (Canada) | Ensures secure checkout, fraud prevention and core website functionality. | Up to 2 years |
| cart_currency | Shopify Inc. | Stores selected currency for checkout. | Approx. 14 days |
| localization | Shopify Inc. | Stores country and localisation preferences. | Approx. 1 year |
| i18next | House of Harrold | Stores language preference. | Approx. 1 year |
5.2 Analytics Cookies (Activated Only With Consent)
These cookies are only activated after you provide explicit consent (Art. 6(1)(a) GDPR / UK GDPR). They allow us to analyse website usage and improve our services.
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| _ga, _ga_* | Google LLC (USA) | Google Analytics 4. Measures website traffic, user behaviour and engagement. | Up to 2 years |
| _clck, _clsk | Microsoft Corporation (USA) | Microsoft Clarity behavioural analytics, session recordings and heatmaps. | Up to 1 year |
| _shopify_analytics | Shopify Inc. (Canada) | Shopify analytics for measuring store performance and visitor interactions. | Up to 2 years |
Data collected via analytics technologies may include IP address, device information, browser information and interaction data.
5.3 Marketing & Remarketing (Pixels & Tracking Technologies)
We use marketing technologies to show relevant advertisements and re-engage visitors across platforms. These services are only activated with your consent (Art. 6(1)(a) GDPR / UK GDPR).
Google Ads & Remarketing
We use Google Ads services provided by Google LLC (USA). This enables us to display personalised advertisements across the Google Network (e.g., Google Search and YouTube) based on your previous visit to our website.
Meta Pixel (Facebook & Instagram Custom Audiences)
We use the Meta Pixel provided by Meta Platforms Ireland Ltd. We are jointly responsible with Meta for the collection and transmission of data under Article 26 GDPR. The data collected enables us to measure conversions and create Custom Audiences for targeted advertising. Meta may also process this data for its own advertising purposes in accordance with its privacy policy.
TikTok Pixel
We use the TikTok Pixel provided by TikTok Technology Limited (Ireland) where enabled. This allows us to measure advertising effectiveness and create audience segments.
5.4 International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA) and the United Kingdom, particularly in the United States. Where data transfers occur, we rely on appropriate safeguards such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- The UK International Data Transfer Agreement (IDTA) or UK Addendum;
- Participation in recognised adequacy frameworks where applicable.
5.5 Withdrawal of Consent
You may withdraw or modify your consent at any time via the cookie settings link on our website. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Where applicable, certain providers participate in recognised adequacy frameworks such as the EU-US Data Privacy Framework.
6. Email & SMS Marketing (Klaviyo)
For marketing communications, we use Klaviyo Inc. (USA).
-
Purpose: Sending newsletters, abandoned cart reminders, and SMS marketing.
-
Double-Opt-In: You will only receive marketing messages after explicit confirmation.
-
Analysis: We measure open and click rates to optimize our services.
-
Legal Basis: Art. 6 Abs. 1 lit. a DSGVO. Klaviyo is certified under the EU-US Data Privacy Framework.
7. Shipping and Fulfillment
For the performance of the contract (Art. 6 Abs. 1 lit. b DSGVO), we share your data (name, address, and if applicable, email for tracking notifications) with shipping service providers (e.g., DHL, UPS, FedEx, DPD).
8. Data Retention
We store your data only as long as necessary to fulfill the purpose for which it was collected or as required by statutory retention periods (e.g., 10 years for tax-related data under German § 257 HGB).
9. Your Rights
You have the following rights regarding your personal data:
-
Access (Art. 15 DSGVO / UK GDPR)
-
Rectification (Art. 16 DSGVO)
-
Erasure (Art. 17 DSGVO)
-
Restriction of processing (Art. 18 DSGVO)
-
Data portability (Art. 20 DSGVO)
-
Objection to processing (Art. 21 DSGVO)
-
Withdrawal of consent (Art. 7 Abs. 3 DSGVO)
Supervisory Authority: You have the right to lodge a complaint with a data protection authority (Art. 77 DSGVO). In the United Kingdom: Information Commissioner’s Office (ICO).
10. Data Transfers to Third Countries
Where data is transferred to countries outside the EU/EEA or the UK (e.g., USA), we utilize the EU-US Data Privacy Framework or Standard Contractual Clauses of the EU Commission including the UK Addendum.
Stand: 12.02.2026