Privacy Policy

PRIVACY POLICY

1) COLLECTION OF PERSONAL DATA AND CONTACT INFORMATION OF THE CONTROLLER

1.1 Thank you for visiting our website. In this privacy policy, we inform you about how your personal data is processed when using our website. Personal data includes all information that can identify you as an individual.

1.2 The data controller for the data processing activities on this website is Hudson&Carter. A data controller is a natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data, this website uses SSL or TLS encryption. An encrypted connection can be recognized by the “https://” prefix in your browser’s address bar and the padlock icon.

2) DATA COLLECTION WHEN VISITING OUR WEBSITE

When you visit our website for informational purposes only—i.e., without registering or submitting any information—we only collect the data that your browser transmits to our server ("server log files"). This includes:

  • The webpage visited

  • Date and time of access

  • Amount of data transferred (in bytes)

  • Referring page or source from which you arrived

  • Browser used

  • Operating system used

  • IP address used (possibly in anonymized form)

The processing of this data is based on our legitimate interests in improving the stability and functionality of the website (Art. 6(1)(f) GDPR). This data is not used or shared for other purposes. However, we reserve the right to review server logs if unlawful use is suspected.

3) COOKIES

We use cookies to make your visit to our website more attractive and to enable certain features. Cookies are small text files stored on your device by your browser. Some cookies are automatically deleted when you close your browser (“session cookies”), while others remain stored and allow us to recognize your browser upon your next visit (“persistent cookies”).

If cookies contain personal data, the processing is either necessary for the performance of a contract (Art. 6(1)(b) GDPR) or based on our legitimate interest in ensuring optimal functionality and user-friendliness of the website (Art. 6(1)(f) GDPR).

You can configure your browser to accept or reject cookies. You may also choose to only allow certain types. However, disabling cookies may limit some functionalities of our website.

4) CONTACTING US

When you contact us (via form or email), we collect personal data. The specific data collected depends on the form. This data is stored and used solely for the purpose of responding to your inquiry and for technical administration. Processing is based on our legitimate interests (Art. 6(1)(f) GDPR).

If the contact aims to initiate or fulfill a contract, data may also be processed under Art. 6(1)(b) GDPR. Once your request has been fully handled and there are no legal obligations to retain the data, it will be deleted.

5) ACCOUNT CREATION AND DATA PROCESSING DURING CONTRACTUAL PROCESSES

In accordance with Art. 6(1)(b) GDPR, personal data is collected and processed when creating an account or entering into a contract with us. The specific data collected is shown in the relevant forms. You may delete your customer account at any time by sending a message to the contact provided on our website.

Your data will be used to fulfill the contract. After full completion of the contract or deletion of the account, your data will be locked during the statutory retention period and deleted once the period expires—unless you have consented to further use or legal grounds exist for continued use, in which case we will inform you.

6) USE OF YOUR DATA FOR DIRECT MARKETING PURPOSES

6.1 Newsletter Subscription

If you subscribe to our email newsletter, we will send you regular information about our offers. The only required information is your email address. Providing additional details is optional and allows for personalized communication.

We use a “double opt-in” system for newsletters. You will only receive emails after confirming your subscription via a link sent to your email.

By confirming, you consent to the processing of your personal data for newsletter purposes (Art. 6(1)(a) GDPR). Your IP address and subscription date will also be stored to prevent misuse.

You may unsubscribe at any time using the link in the newsletter or by contacting us. After unsubscribing, your email will be removed from our list, unless continued storage is legally permitted.

6.2 Newsletter to Existing Customers

If you provided your email during a purchase, we may use it to send information about similar products or services. No separate consent is required (Art. 6(1)(f) GDPR). You can opt out at any time using the unsubscribe link or by contacting us.

7) DATA PROCESSING FOR ORDER HANDLING

7.1 To fulfill your order, we may share your personal data with logistics partners for delivery purposes, and with financial institutions to process payments.

7.2 Use of Payment Service Providers

  • PayPal: If you choose to pay via PayPal, your data may be processed by PayPal (Europe) S.à r.l. et Cie, S.C.A. PayPal may also consult credit agencies to assess your payment capability.
    For more information, refer to the PayPal Privacy Policy.

  • SOFORT: If you pay using SOFORT, your personal data will be processed by Klarna Group, strictly for payment purposes.
    See the SOFORT Privacy Policy.

8) REVIEW REMINDERS

We may send you a one-time reminder to leave a review about your purchase—only if you explicitly consented to this during the order process (Art. 6(1)(a) GDPR). You may withdraw this consent at any time.

9) USE OF SOCIAL MEDIA PLUGINS

9.1 Facebook Plugins (Shariff Solution)
Our website may include social plugins from the social network Facebook, provided by Facebook Inc. (1 Hacker Way, Menlo Park, CA 94025, USA).

To protect your privacy, these plugins are not directly integrated into the website. Instead, they are implemented using an HTML link. This method prevents Facebook from immediately collecting data when you visit a page containing the plugin. To use the plugin, you must click on the link, which will open the Facebook page in a new window where you can interact with its content, provided you are logged in.

Facebook Inc. is certified under the EU-U.S. Privacy Shield Framework, ensuring compliance with European data protection standards.
For more information about Facebook's data use policies, visit: https://www.facebook.com/policy.php

9.2 Google+ Plugins (Shariff Solution)
Our website may include social plugins from the Google+ network, operated by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

For privacy protection, plugins are not integrated directly but via an HTML link. This prevents Google from collecting data immediately when you visit a plugin-containing page. You must click the link to use the plugin, which opens a Google+ page in a new window where you can interact if you're logged in.

Google LLC is certified under the EU-U.S. Privacy Shield Framework, ensuring compliance with EU data protection regulations.
For more information about Google’s privacy policies, visit: https://www.google.com/intl/en/policies/privacy/

9.3 Instagram Plugins (Shariff Solution)
Our website may include plugins from the Instagram network, operated by Instagram LLC (1601 Willow Rd, Menlo Park, CA 94025, USA).

Plugins are integrated via an HTML link to protect your privacy, which prevents Instagram from collecting data immediately. To use the plugin, click the link to open Instagram in a new window where you can interact with content if logged in.

Instagram LLC is certified under the EU-U.S. Privacy Shield Framework.
More information can be found here: https://help.instagram.com/155833707900388/

10) ONLINE MARKETING

10.1 Use of Google DoubleClick
This website uses DoubleClick by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), an online marketing tool.

DoubleClick uses cookies to display relevant ads, improve campaign performance, and prevent repeat impressions. Using a cookie ID, Google can track which ads were displayed in which browser to avoid duplicates.

DoubleClick cookies may also track conversions, such as when a user views a DoubleClick ad and later purchases from the advertiser's site. Google states that DoubleClick cookies do not contain personal data.

You can disable cookie tracking by adjusting your browser settings or managing preferences via: https://www.google.com/settings/ads
DoubleClick privacy info: https://www.google.com/policies/privacy/

10.2 Use of Google AdWords Conversion Tracking
This website uses Google AdWords Conversion Tracking, a service by Google LLC.

AdWords is used to display ads on Google Search and third-party sites. When you click on an ad, a cookie is set to track conversions. These cookies expire after 30 days and do not contain personal data.

You can disable conversion tracking by blocking cookies in your browser.
More info: https://www.google.com/policies/privacy/

11) WEB ANALYTICS SERVICES

Google (Universal) Analytics
This website uses Google Analytics, a service by Google LLC.

Google Analytics uses cookies to analyze your website usage. The information (including your truncated IP address) is sent to Google servers in the U.S. and stored there.

We use Google Analytics with the "_anonymizeIp()" extension, which shortens IP addresses within the EU/EEA and prevents direct personal identification. Only in rare cases is the full IP address sent to and shortened in the U.S.

Processing is based on our legitimate interests in analyzing user behavior (GDPR Art. 6(1)(f)).

You can prevent data collection via cookies by adjusting your browser settings or installing this plugin:
https://tools.google.com/dlpage/gaoptout?hl=en

You may also opt out on mobile by clicking this link: Disable Google Analytics (note: works only for this browser and domain). If you clear cookies, you will need to opt out again.

Google Analytics may also use a User ID to track visitor behavior across devices. This anonymous ID does not contain personal data and is not shared with Google.
More info: https://support.google.com/analytics/answer/2838718

12) RETARGETING / REMARKETING / BEHAVIORAL ADVERTISING

Facebook Custom Audiences (via Pixel)
With your consent, we use Facebook Pixel by Facebook Inc. to track user behavior after interacting with Facebook ads.

This allows us to measure ad performance and optimize future campaigns. Data collected is anonymized to us, but Facebook may associate it with your profile. Facebook uses this data under its Data Policy:
https://www.facebook.com/about/privacy/

This may involve setting a cookie on your device. These processes occur only with your explicit consent (GDPR Art. 6(1)(a)). Users under 13 must have parental consent.

You can disable Facebook tracking via browser settings or through the Digital Advertising Alliance:
https://www.aboutads.info/choices/

Google AdWords Remarketing
We use Google AdWords Remarketing to advertise our site across Google Search and third-party websites.

Google places a cookie in your browser that enables interest-based ads based on your previous visits. This is based on our legitimate interest in optimized marketing (GDPR Art. 6(1)(f)).

Additional data processing only occurs if you’ve consented to Google linking your browsing history to your Google account for personalized ads.

If logged into your Google account, data from Google Analytics may be combined with your profile to enable cross-device targeting.
To opt out of personalized ads:
🔗 https://www.google.com/settings/ads/onweb/
Or via the Digital Advertising Alliance:
🔗 https://www.aboutads.info

Note: disabling cookies may limit website functionality.

Google LLC is certified under the EU-U.S. Privacy Shield, ensuring EU data protection compliance.
More info: https://www.google.com/policies/technologies/ads/

13) DATA SUBJECT RIGHTS

13.1 Under applicable data protection laws, you have the following rights regarding the processing of your personal data. These rights include:

Right of Access (Article 15 GDPR)
You have the right to obtain the following information:

  • The personal data being processed

  • The purposes of processing

  • The categories of personal data involved

  • The recipients or categories of recipients to whom your data is or will be disclosed

  • The intended storage duration or the criteria used to determine that period

  • The existence of the right to request rectification or erasure or restriction of processing

  • The right to object to processing

  • The right to lodge a complaint with a supervisory authority

  • The source of your data, if not collected directly from you

  • The existence of automated decision-making (including profiling) and meaningful information about the logic involved and its significance

  • Where applicable, the safeguards in place for transfers of data to third countries in accordance with Article 46 GDPR

Right to Rectification (Article 16 GDPR)
You have the right to request the correction of inaccurate or incomplete personal data without undue delay.

Right to Erasure (Article 17 GDPR)
You may request the erasure of your personal data where:

  • The data is no longer necessary for the purposes for which it was collected

  • You object to processing and there is no overriding legitimate reason for processing

  • The data was unlawfully processed

  • Erasure is required to comply with a legal obligation

Note: This right does not apply where processing is necessary for freedom of expression, compliance with legal obligations, public interest, or the exercise or defense of legal claims.

Right to Restriction of Processing (Article 18 GDPR)
You have the right to request the restriction of processing if:

  • You contest the accuracy of your data, pending verification

  • Processing is unlawful and you oppose deletion

  • We no longer need the data, but you require it for legal claims

  • You have objected to processing and verification of overriding legitimate grounds is pending

Right to Notification (Article 19 GDPR)
If your personal data has been rectified, erased, or restricted, we will notify all recipients to whom the data was disclosed—unless doing so is impossible or involves disproportionate effort. You also have the right to be informed about those recipients.

Right to Data Portability (Article 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where technically feasible.

Right to Withdraw Consent (Article 7(3) GDPR)
You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. If no other legal basis for processing exists, your data will be deleted following withdrawal.

Right to Lodge a Complaint (Article 77 GDPR)
If you believe that your personal data is being processed in violation of the GDPR, you have the right to file a complaint with a supervisory authority, particularly in:

  • The member state of your residence

  • Your place of work

  • The place of the alleged infringement

You may contact us at any time to exercise your rights.

13.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE.

IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS BEING PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME.

IF YOU OBJECT TO PROCESSING FOR DIRECT MARKETING PURPOSES, WE WILL IMMEDIATELY CEASE TO PROCESS YOUR PERSONAL DATA FOR SUCH PURPOSES.

14) RETENTION PERIOD OF PERSONAL DATA

The retention of personal data is based on statutory retention periods (e.g., commercial and tax law).

After these periods expire, the data is routinely deleted, provided it is no longer necessary for contract performance, the initiation of a new contract, or we no longer have a legitimate interest in retaining it.