Privacy policy

1. Data Controller

Responsible for the processing of personal data on this website within the meaning of the Datenschutz-Grundverordnung (DSGVO) and the UK Data Protection Act is:

House of Harrold - Janina Kirkman
Am Bahnhof 6
38542, Leiferde
Germany
Email: support@houseofharrold.com

2. General Information on Data Processing

We process your data exclusively within the framework of legal regulations (DSGVO, German BDSG, and the UK GDPR). This policy informs you about the nature, scope, and purpose of data collection.

3. Hosting and Data Collection (Shopify)

Our website is operated via Shopify International Ltd. (Ireland). Shopify provides the technical platform.

  • Data: IP address, browser type, referrer URL, timestamp.

  • Purpose: To ensure the security and stability of the shop.

  • Legal Basis: Art. 6 Abs. 1 lit. f DSGVO.

  • Third-Country Transfer: Shopify may transfer data to Canada (Adequacy Decision) and the USA (EU-US Data Privacy Framework).

4. Payment Service Providers & Credit Checks

To offer various payment methods, we work with third-party providers. Data is shared pursuant to Art. 6 Abs. 1 lit. b DSGVO (Performance of Contract).

  • Stripe: Provided by Stripe Payments Europe Ltd., Ireland. Data may be transferred to Stripe Inc. (USA).

  • PayPal: Provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.

  • Klarna: Provided by Klarna Bank AB, Sweden. If a purchase on account is selected, Klarna performs an identity and credit check (Art. 6 Abs. 1 lit. f DSGVO).

  • Apple Pay / Google Pay: Payments are processed using the payment data stored on your device via Apple (Apple Distribution International Ltd.) or Google (Google Ireland Ltd.).

5. Cookies, Tracking & Marketing Technologies

We use cookies and similar technologies in accordance with the General Data Protection Regulation (GDPR), the UK GDPR, the ePrivacy Directive, the German TTDSG (where applicable), and the UK Privacy and Electronic Communications Regulations (PECR).

Cookies are small text files stored on your device that enable website functionality, improve user experience, analyse traffic and support marketing activities.

5.1 Strictly Necessary Cookies (No Consent Required)

These cookies are technically necessary for the operation and security of the website. They are processed on the basis of Article 6(1)(f) GDPR (legitimate interest) or because they are technically required under §25(2) TTDSG.

Name Provider Purpose Duration
_shopify_essential Shopify Inc. (Canada) Ensures secure checkout, fraud prevention and core website functionality. Up to 2 years
cart_currency Shopify Inc. Stores selected currency for checkout. Approx. 14 days
localization Shopify Inc. Stores country and localisation preferences. Approx. 1 year
i18next House of Harrold Stores language preference. Approx. 1 year



5.2 Analytics Cookies (Activated Only With Consent)

These cookies are only activated after you provide explicit consent (Art. 6(1)(a) GDPR / UK GDPR). They allow us to analyse website usage and improve our services.

Name Provider Purpose Duration
_ga, _ga_* Google LLC (USA) Google Analytics 4. Measures website traffic, user behaviour and engagement. Up to 2 years
_clck, _clsk Microsoft Corporation (USA) Microsoft Clarity behavioural analytics, session recordings and heatmaps. Up to 1 year
_shopify_analytics Shopify Inc. (Canada) Shopify analytics for measuring store performance and visitor interactions. Up to 2 years

Data collected via analytics technologies may include IP address, device information, browser information and interaction data.


5.3 Marketing & Remarketing (Pixels & Tracking Technologies)

We use marketing technologies to show relevant advertisements and re-engage visitors across platforms. These services are only activated with your consent (Art. 6(1)(a) GDPR / UK GDPR).


Google Ads & Remarketing

We use Google Ads services provided by Google LLC (USA). This enables us to display personalised advertisements across the Google Network (e.g., Google Search and YouTube) based on your previous visit to our website.


Meta Pixel (Facebook & Instagram Custom Audiences)

We use the Meta Pixel provided by Meta Platforms Ireland Ltd. We are jointly responsible with Meta for the collection and transmission of data under Article 26 GDPR. The data collected enables us to measure conversions and create Custom Audiences for targeted advertising. Meta may also process this data for its own advertising purposes in accordance with its privacy policy.


TikTok Pixel

We use the TikTok Pixel provided by TikTok Technology Limited (Ireland) where enabled. This allows us to measure advertising effectiveness and create audience segments.

 

5.4 International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA) and the United Kingdom, particularly in the United States. Where data transfers occur, we rely on appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • The UK International Data Transfer Agreement (IDTA) or UK Addendum;
  • Participation in recognised adequacy frameworks where applicable.

5.5 Withdrawal of Consent

You may withdraw or modify your consent at any time via the cookie settings link on our website. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Where applicable, certain providers participate in recognised adequacy frameworks such as the EU-US Data Privacy Framework.

 

6. Email & SMS Marketing (Klaviyo)

For marketing communications, we use Klaviyo Inc. (USA).

  • Purpose: Sending newsletters, abandoned cart reminders, and SMS marketing.

  • Double-Opt-In: You will only receive marketing messages after explicit confirmation.

  • Analysis: We measure open and click rates to optimize our services.

  • Legal Basis: Art. 6 Abs. 1 lit. a DSGVO. Klaviyo is certified under the EU-US Data Privacy Framework.

7. Shipping and Fulfillment

For the performance of the contract (Art. 6 Abs. 1 lit. b DSGVO), we share your data (name, address, and if applicable, email for tracking notifications) with shipping service providers (e.g., DHL, UPS, FedEx, DPD).

8. Data Retention

We store your data only as long as necessary to fulfill the purpose for which it was collected or as required by statutory retention periods (e.g., 10 years for tax-related data under German § 257 HGB).

9. Your Rights

You have the following rights regarding your personal data:

  • Access (Art. 15 DSGVO / UK GDPR)

  • Rectification (Art. 16 DSGVO)

  • Erasure (Art. 17 DSGVO)

  • Restriction of processing (Art. 18 DSGVO)

  • Data portability (Art. 20 DSGVO)

  • Objection to processing (Art. 21 DSGVO)

  • Withdrawal of consent (Art. 7 Abs. 3 DSGVO)

Supervisory Authority: You have the right to lodge a complaint with a data protection authority (Art. 77 DSGVO). In the United Kingdom: Information Commissioner’s Office (ICO).

10. Data Transfers to Third Countries

Where data is transferred to countries outside the EU/EEA or the UK (e.g., USA), we utilize the EU-US Data Privacy Framework or Standard Contractual Clauses of the EU Commission including the UK Addendum.

Stand: 12.02.2026